Interactive Shell
Joern provides an interactive shell for code analysis, much like an operating system shell. We base this shell on the popular Scala shell Ammonite. In summary, the shell offers the following major features:
- Tab-completion
- GNU readline support for line editing
- JSON output
- Pipe operators
- Inline code browsing with a pager
- Dynamic library import
Launching the Interactive Shell#
The shell can be started by issuing the following command:
Basic Keyboard Commands#
The Joern underlying shell is essentially an interactive Scala shell that supports the following keyboard commands:
| Command | Description |
|---|---|
| CTRL-c | Cancels current operation/clears shell. Does not quit Joern |
| CTRL-d | Quits Joern (shell must be clear) |
| TAB | Autocomplete |
| UP | Moves through command history |
| CTRL-LEFT/RIGHT | Step through commands word-by-word (instead of character-by-character) |
| CTRL-r | Searches command history. Use CTRL-r (or UP/DOWN) to cycle through your matches |
Exporting Results with Pipe Operators and toJson#
The execution directive (see Traversal
Basics) toJson can be used at the end of
queries in order to convert results into the JSON format. This feature can
be combined with the shell's pipe operators to write results out to
the file system. For example,
writes all methods nodes into the file /tmp/foo.json.
Inline Code Browsing#
For an increasing number of languages, the Joern shell allows you to
read code associated with query results directly on the shell. For
example, to review all calls to memcpy, you can issue:
You can also pipe the result list into a pager as follows:
To study the context in which a result occurs, you can use the .dump method, which will dump the enclosing function’s code for each finding, and point you to the finding via an arrow:
You can use this feature together with browse to read code in the pager. Finally, if you want to read the code in your editor of choice, just dump it to a file:
We use dumpRaw here to skip syntax highlighting, as your editor will
most likely do that for you.
note
Please make sure
source-highlight is
installed for the .dump feature to work.
Dynamically Importing Additional Scripts#
You can dynamically load additional scripts at any time.
As an example, let's assume there's a file called MyScript.sc that contains only val elite = 31337. You can import the script as follows:
If the file is in a subfolder (e.g. scripts), use dot syntax: import $file.scripts.MyScript.
To go up one directory, use ^.
Adding Dependencies to the JVM classpath Dynamically#
If the dependencies are not on Maven Central, you can add a resolver: