💻
Secure Code Review Fundamentals
  • Start Here
  • Java
    • Common Sinks
    • Gadget Hunting
    • JRMP
    • Spring [todo]
    • JPA [todo]
    • JDBC [todo]
    • RMI [todo]
    • JNDI [todo]
    • Servlets [todo]
    • Tomcat [todo]
    • JavaServer Faces [todo]
    • JBoss [todo]
    • JavaBean
    • Remote Debugging Tomcat Web Applications
    • Expression Language
      • CVE-2020-9297
      • Exploitation
  • PHP
    • Classic Deserialization (POP) [todo]
    • Common Sinks [todo]
    • PHAR Deserialization [todo]
  • Ruby
    • Common Sinks
    • YAML deserialization [todo]
    • Rails Active Record SQL Injection
  • Python
    • Common Sinks
    • YAML deserialization [todo]
  • Tools
    • CodeQL [todo]
  • Code Review Fundamentals
    • Techniques
  • Untitled
  • CodeQL
    • Common Classes [Java]
    • Useful Classes [Java]
    • Compiling Databases
  • Semgrep
    • About
    • Real World Examples
      • Java == String Equality
Powered by GitBook
On this page
  • Creating Database for Compiled Languages
  • Creating Database for Interpreted Languages

Was this helpful?

  1. CodeQL

Compiling Databases

https://codeql.github.com/docs/codeql-cli/creating-codeql-databases/

In order to analyze a codebase using CodeQL, the project's codebase will need to be built into a database.

Creating Database for Compiled Languages

For compiled languages such as Java and C#, this will require compiling the codebase.

An example of compiling a Java project:

Note: The following commands assume the current directory is the source root; if not use the --source-root argument to specify the root of the project.

codeql database create <output-folder>/java-database --language=java --command="javac RMIExploitationDemo/*.java"

If the Java project is built with a build tool such as Gradle and Maven, CodeQL has autobuilders that can support this:

codeql database create --language=java <output-folder>/java-database

Creating Database for Interpreted Languages

For interpreted (non-compiled) languages such as Javascript and Python:

codeql database create --language=javascript <output-folder>/javascript-database
codeql database create --language=python <output-folder>/python-database

When creating a database for Python; ensure that the following is available:

  • All the required versions of Python are installed.

  • pip is installed and can install any packages that the codebase depends on.

  • The virtualenv module is installed.

PreviousUseful Classes [Java]NextAbout

Last updated 3 years ago

Was this helpful?