Compiling Databases

In order to analyze a codebase using CodeQL, the project's codebase will need to be built into a database.

Creating Database for Compiled Languages

For compiled languages such as Java and C#, this will require compiling the codebase.

An example of compiling a Java project:

Note: The following commands assume the current directory is the source root; if not use the --source-root argument to specify the root of the project.

codeql database create <output-folder>/java-database --language=java --command="javac RMIExploitationDemo/*.java" 

If the Java project is built with a build tool such as Gradle and Maven, CodeQL has autobuilders that can support this:

codeql database create --language=java <output-folder>/java-database

Creating Database for Interpreted Languages

For interpreted (non-compiled) languages such as Javascript and Python:

codeql database create --language=javascript <output-folder>/javascript-database

codeql database create --language=python <output-folder>/python-database

When creating a database for Python; ensure that the following is available:

• All the required versions of Python are installed.

• pip is installed and can install any packages that the codebase depends on.

• The virtualenv module is installed.