Forked from https://github.com/ShiftLeftSecurity/llvm2cpg (2023-10-16)
llvm2cpg is a tool that converts LLVM Bitcode into Code Property Graph (CPG).
The CPG can be further analyzed via Joern or Ocular.
To get started, make sure to look into an introductory tutorial【WebArchive】.
After that, follow along and learn how to extract LLVM Bitcode from real-world projects【WebArchive】.
If you get questions - feel free to open an issue or come over to the Joern chat.
-
install ansible
-
run ansible playbook
ansible-playbook ci/ubuntu-playbook.yaml
# or skip the failed task
ansible-playbook -v ci/ubuntu-playbook.yaml --skip-tags "failed"
# the package will be store in /tmp/packages
# eg. /tmp/packages/llvm2cpg-0.8.0-LLVM-9.0-ubuntu-20.04.zipcp -r /path/to/llvm2cpg /opt/
mkdir /opt/build.llvm2cpg.debug.dir
cd /opt/build.llvm2cpg.debug.dir
cmake -DPATH_TO_LLVM=/opt/llvm-9.0.0 -DPATH_TO_JOERN=/opt/joern-cli -DCMAKE_BUILD_TYPE=Debug -DCMAKE_CXX_FLAGS= /opt/llvm2cpg
make all
# or build parallel
# make all -j30
- Generate cpg
cd /opt/build.llvm2cpg.debug.dir
./tools/llvm2cpg/llvm2cpg /path/to/demo.ll # generate cpg.bin.zip
- Load to neo4j
# load cpg.bin.zip into joern
../joern-cli/joern
loadCpg("cpg.bin.zip")
save
# export to neo4jcsv
../joern-cli/joern-export ./workspace/cpg.bin.zip/cpg.bin --repr all --format neo4jcsv
# the neo4jcsv will be store in out/
# load neo4jcsv to neo4j
mkdir neo4j_data
docker run -it --rm --name neo4j-bsca -p 7474:7474 -p 7687:7687 -v ${PWD}/neo4j_data:/data -v ${PWD}/out:/var/lib/neo4j/import neo4j:4.4
# in another terminal
docker exec -it neo4j-bsca /bin/bash
cd /var/lib/neo4j
bin/cypher-shell -u neo4j -p neo4j
# change password to <password> then exit cyber-shell
find /var/lib/neo4j/import -name 'nodes_*_cypher.csv' -exec bin/cypher-shell -u neo4j -p "<password>" --file {} \;
find /var/lib/neo4j/import -name 'edges_*_cypher.csv' -exec bin/cypher-shell -u neo4j -p "<password>" --file {} \;