You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
When a sink point is a function that doesn't provide any return information, it's not feasible to derive the path leading to the vulnerability.
Expected behavior
I expected that both Java code snippets would be able to find a path from source to sink, but in reality, only the one where the sink function has a return value can successfully identify such a path.
Screenshots
The path found by the code for the sink function with a return value.
Desktop (please complete the following information):
Joern Version : v2.0.311
Java version : 17
The text was updated successfully, but these errors were encountered:
In dataflow queries, calls stand for the value returned by these calls. If you are interested in something other than that return value, you must adjust the sink of query. E.g. use def sink = cpg.method.name("sink").parameter
Describe the bug
When a sink point is a function that doesn't provide any return information, it's not feasible to derive the path leading to the vulnerability.
To Reproduce
When the sink has a return value
When the sink doesn't have a return value
My code
Expected behavior
I expected that both Java code snippets would be able to find a path from source to sink, but in reality, only the one where the sink function has a return value can successfully identify such a path.
Screenshots
The path found by the code for the sink function with a return value.
Desktop (please complete the following information):
The text was updated successfully, but these errors were encountered: