enferas
Question Regarding queries.sc and PHP Support in Testability Tarpits
Thank you for sharing such an impressive paper and providing access to the accompanying code. I am currently attempting to reproduce the detection of testability tarpits in PHP code as described in your paper, but I have encountered several difficulties during the practical setup.
Specifically, I have tried two different approaches. First, I used the latest version of Joern and attempted to generate a CPG from the TestabilityTarpits/PHP/TestabilityPatterns/*.php files using php2cpg. After generating the CPG, I executed the queries.sc script to identify the presence of trapits. However, this approach yielded no results — none of the expected tarpit patterns were detected.
Second, I attempted a more faithful reproduction of your paper’s environment by using the opcode-based examples located under TestabilityTarpits/PHP/Opcode/*.php files. I imported those into Joern version 1.1.108 using importCpg() and then ran the same queries.sc file. Unfortunately, this also produced empty results, despite the fact that the examples should contain known trapit patterns.
Given these difficulties, I would like to ask for clarification on a few points. First, are there specific preprocessing steps required to transform the .php or opcode-based files into a format compatible with Joern's CPG, such that the queries.sc script can correctly identify tarpit patterns? Second, the paper mentions that the PHP extension used for Joern at the time was not yet publicly released. Has this changed since the paper was published, and is there any way to access the same tooling you used? Finally, if possible, could you share any scripts or documentation that describe how to properly generate CPGs from PHP or opcode files to replicate your trapit detection pipeline?
Thank you!!
