Question about reachables-slices.json result #152
Description
Hi!
I try to understand how exactly reachables slices are created.
So, I use following dummy sample code.
import fs from 'fs';
import path from 'path';
import http from 'http';
let server;
function pipeFileToMyResponse(res, file, type) {
fs.createReadStream(path.join(path.resolve(), 'sandbo', file)).pipe(res);
}
server = http.createServer(function (req, res) {
//url.parse(req.url,
pipeFileToMyResponse(res, './client.html');
});Next, I generate bom.json in deep mode within cdxgen and get reachables.
Result for my sample code:
{
"reachables": [
{
"flows": [
{
"id": 93,
"label": "IDENTIFIER",
"name": "http",
"fullName": "",
"signature": "",
"isExternal": false,
"code": "http.createServer(function (req, res) { \n //url.parse(req.url,\n pipeFileToMyResponse(res, './client.html'); \n})",
"typeFullName": "",
"parentMethodName": ":program",
"parentMethodSignature": "",
"parentFileName": "main.mjs",
"parentPackageName": "<global>",
"parentClassName": "main.mjs::program",
"lineNumber": 11,
"columnNumber": 9,
"tags": "pkg:npm/http@0.0.1-security"
},
{
"id": 54,
"label": "METHOD_PARAMETER_IN",
"name": "res",
"fullName": "",
"signature": "",
"isExternal": false,
"code": "res",
"typeFullName": "ANY",
"parentMethodName": "anonymous",
"parentMethodSignature": "",
"parentFileName": "main.mjs",
"parentPackageName": "<global>",
"parentClassName": "main.mjs::program",
"lineNumber": 11,
"columnNumber": 42,
"tags": ""
},
{
"id": 59,
"label": "IDENTIFIER",
"name": "res",
"fullName": "",
"signature": "",
"isExternal": false,
"code": "pipeFileToMyResponse(res, './client.html')",
"typeFullName": "",
"parentMethodName": "anonymous",
"parentMethodSignature": "",
"parentFileName": "main.mjs",
"parentPackageName": "<global>",
"parentClassName": "main.mjs::program",
"lineNumber": 13,
"columnNumber": 23,
"tags": ""
},
{
"id": 17,
"label": "METHOD_PARAMETER_IN",
"name": "res",
"fullName": "",
"signature": "",
"isExternal": false,
"code": "res",
"typeFullName": "ANY",
"parentMethodName": "pipeFileToMyResponse",
"parentMethodSignature": "",
"parentFileName": "main.mjs",
"parentPackageName": "<global>",
"parentClassName": "main.mjs::program",
"lineNumber": 7,
"columnNumber": 30,
"tags": ""
},
{
"id": 44,
"label": "IDENTIFIER",
"name": "res",
"fullName": "",
"signature": "",
"isExternal": false,
"code": "fs.createReadStream(path.join(path.resolve(), 'sandbo', file)).pipe(res)",
"typeFullName": "",
"parentMethodName": "pipeFileToMyResponse",
"parentMethodSignature": "",
"parentFileName": "main.mjs",
"parentPackageName": "<global>",
"parentClassName": "main.mjs::program",
"lineNumber": 8,
"columnNumber": 70,
"tags": "pkg:npm/fs@0.0.1-security, pkg:npm/path@0.12.7"
}
],
"purls": [
"pkg:npm/path@0.12.7",
"pkg:npm/http@0.0.1-security",
"pkg:npm/fs@0.0.1-security"
]
},
{
"flows": [
{
"id": 93,
"label": "IDENTIFIER",
"name": "http",
"fullName": "",
"signature": "",
"isExternal": false,
"code": "http.createServer(function (req, res) { \n //url.parse(req.url,\n pipeFileToMyResponse(res, './client.html'); \n})",
"typeFullName": "",
"parentMethodName": ":program",
"parentMethodSignature": "",
"parentFileName": "main.mjs",
"parentPackageName": "<global>",
"parentClassName": "main.mjs::program",
"lineNumber": 11,
"columnNumber": 9,
"tags": "pkg:npm/http@0.0.1-security"
},
{
"id": 54,
"label": "METHOD_PARAMETER_IN",
"name": "res",
"fullName": "",
"signature": "",
"isExternal": false,
"code": "res",
"typeFullName": "ANY",
"parentMethodName": "anonymous",
"parentMethodSignature": "",
"parentFileName": "main.mjs",
"parentPackageName": "<global>",
"parentClassName": "main.mjs::program",
"lineNumber": 11,
"columnNumber": 42,
"tags": ""
},
{
"id": 59,
"label": "IDENTIFIER",
"name": "res",
"fullName": "",
"signature": "",
"isExternal": false,
"code": "pipeFileToMyResponse(res, './client.html')",
"typeFullName": "",
"parentMethodName": "anonymous",
"parentMethodSignature": "",
"parentFileName": "main.mjs",
"parentPackageName": "<global>",
"parentClassName": "main.mjs::program",
"lineNumber": 13,
"columnNumber": 23,
"tags": ""
},
{
"id": 17,
"label": "METHOD_PARAMETER_IN",
"name": "res",
"fullName": "",
"signature": "",
"isExternal": false,
"code": "res",
"typeFullName": "ANY",
"parentMethodName": "pipeFileToMyResponse",
"parentMethodSignature": "",
"parentFileName": "main.mjs",
"parentPackageName": "<global>",
"parentClassName": "main.mjs::program",
"lineNumber": 7,
"columnNumber": 30,
"tags": ""
},
{
"id": 44,
"label": "IDENTIFIER",
"name": "res",
"fullName": "",
"signature": "",
"isExternal": false,
"code": "fs.createReadStream(path.join(path.resolve(), 'sandbo', file)).pipe(res)",
"typeFullName": "",
"parentMethodName": "pipeFileToMyResponse",
"parentMethodSignature": "",
"parentFileName": "main.mjs",
"parentPackageName": "<global>",
"parentClassName": "main.mjs::program",
"lineNumber": 8,
"columnNumber": 70,
"tags": "pkg:npm/fs@0.0.1-security, pkg:npm/path@0.12.7"
}
],
"purls": [
"pkg:npm/path@0.12.7",
"pkg:npm/http@0.0.1-security",
"pkg:npm/fs@0.0.1-security"
]
}
]
}
However, when I change code to this one:
import fs from 'fs';
import path from 'path';
import http from 'http';
let server;
function pipeFileToMyResponse(res, file, type) {
fs.createReadStream(path.join(path.resolve(), 'sandbo', file)).pipe(res);
}
server = http.createServer(function (req, res) {
pipeFileToMyResponse(res, './client.html');
});
I have empty results. It's strange behaviour as for me. And I can't understands reasons of it. Could u explain, please?