search

github / codeql

CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
https://codeql.github.com
MIT License
7.67k stars 1.54k forks source link

Unable to create a database from local Java sourcecode folder #11759

Closed ivancerosi closed 1 year ago

ivancerosi commented 1 year ago

I am unable to analyse Java source code locally on my Windows 10 machine. I've tried running the CodeQL create database command on several different projects, including the simple Java Spring Boot starter project, but all attempts result in error. I did successfully create a database for a JavaScript project so it seems the bug is contained to Java code.

When running database create command

codeql database create --language=java --source-root=[sourcecode root] [database folder]

Following error is returned:

Initializing database at D:\dipl\codeql\databases\test.
Running build command: [D:\dipl\codeql\codeql\java\tools\autobuild.cmd]
[2022-12-20 13:44:43] [ERROR] Spawned process exited abnormally (code -1073741790; tried to run: [D:\dipl\codeql\codeql\tools\win64\tracer.exe, D:\dipl\codeql\codeql\tools\win64\runner.exe, cmd.exe, /C, type, NUL, &&, D:\dipl\codeql\codeql\java\tools\autobuild.cmd])
A fatal error occurred: Exit status -1073741790 from command: [D:\dipl\codeql\codeql\tools\win64\runner.exe, cmd.exe, /C, type, NUL, &&, D:\dipl\codeql\codeql\java\tools\autobuild.cmd]

Additionally, the tracer.exe gets deleted and I have to unpack the ZIP file again to restore it.

Log file in the database folder:

[2022-12-20 13:44:16] This is codeql database create --language=java --source-root=D:\dipl\sourcecode\spring-boot D:\dipl\codeql\databases\test
[2022-12-20 13:44:16] Log file was started late.
[2022-12-20 13:44:16] [PROGRESS] database create> Initializing database at D:\dipl\codeql\databases\test.
[2022-12-20 13:44:16] Running plumbing command: codeql database init --language=java --source-root=D:\dipl\sourcecode\spring-boot --allow-missing-source-root=false --allow-already-existing -- D:\dipl\codeql\databases\test
[2022-12-20 13:44:16] Calling plumbing command: codeql resolve languages --format=json
[2022-12-20 13:44:16] [DETAILS] resolve languages> Scanning for [codeql-extractor.yml] from D:\dipl\codeql\codeql\.codeqlmanifest.json
[2022-12-20 13:44:16] [DETAILS] resolve languages> Parsing D:\dipl\codeql\codeql\cpp\codeql-extractor.yml.
[2022-12-20 13:44:16] [DETAILS] resolve languages> Parsing D:\dipl\codeql\codeql\csharp\codeql-extractor.yml.
[2022-12-20 13:44:16] [DETAILS] resolve languages> Parsing D:\dipl\codeql\codeql\csv\codeql-extractor.yml.
[2022-12-20 13:44:16] [DETAILS] resolve languages> Parsing D:\dipl\codeql\codeql\go\codeql-extractor.yml.
[2022-12-20 13:44:16] [DETAILS] resolve languages> Parsing D:\dipl\codeql\codeql\html\codeql-extractor.yml.
[2022-12-20 13:44:16] [DETAILS] resolve languages> Parsing D:\dipl\codeql\codeql\java\codeql-extractor.yml.
[2022-12-20 13:44:16] [DETAILS] resolve languages> Parsing D:\dipl\codeql\codeql\javascript\codeql-extractor.yml.
[2022-12-20 13:44:16] [DETAILS] resolve languages> Parsing D:\dipl\codeql\codeql\properties\codeql-extractor.yml.
[2022-12-20 13:44:16] [DETAILS] resolve languages> Parsing D:\dipl\codeql\codeql\python\codeql-extractor.yml.
[2022-12-20 13:44:16] [DETAILS] resolve languages> Parsing D:\dipl\codeql\codeql\ruby\codeql-extractor.yml.
[2022-12-20 13:44:16] [DETAILS] resolve languages> Parsing D:\dipl\codeql\codeql\xml\codeql-extractor.yml.
[2022-12-20 13:44:16] Plumbing command codeql resolve languages completed:
                      {
                        "extractors" : {
                          "cpp" : [
                            {
                              "extractor_root" : "D:\\dipl\\codeql\\codeql\\cpp"
                            }
                          ],
                          "csharp" : [
                            {
                              "extractor_root" : "D:\\dipl\\codeql\\codeql\\csharp",
                              "extractor_options" : {
                                "trap" : {
                                  "title" : "Options pertaining to TRAP.",
                                  "description" : "Options pertaining to TRAP.",
                                  "type" : "object",
                                  "properties" : {
                                    "compression" : {
                                      "title" : "Controls compression for the TRAP files written by the extractor.",
                                      "description" : "This option is only intended for use in debugging the extractor. Accepted values are 'brotli' (the default, to write brotli-compressed TRAP), 'gzip', and 'none' (to write uncompressed TRAP).\n",
                                      "type" : "string",
                                      "pattern" : "^(none|gzip|brotli)$"
                                    }
                                  }
                                },
                                "buildless" : {
                                  "title" : "Whether to use buildless (standalone) extraction.",
                                  "description" : "A value indicating, which type of extraction the autobuilder should perform. If 'true', then the standalone extractor will be used, otherwise tracing extraction will be performed. The default is 'false'. Note that buildless extraction will generally yield less accurate analysis results, and should only be used in cases where it is not possible to build the code (for example if it uses inaccessible dependencies).\n",
                                  "type" : "string",
                                  "pattern" : "^(false|true)$"
                                },
                                "cil" : {
                                  "title" : "Whether to enable CIL extraction.",
                                  "description" : "A value indicating, whether CIL extraction should be enabled. The default is 'true'.\n",
                                  "type" : "string",
                                  "pattern" : "^(false|true)$"
                                }
                              }
                            }
                          ],
                          "csv" : [
                            {
                              "extractor_root" : "D:\\dipl\\codeql\\codeql\\csv"
                            }
                          ],
                          "go" : [
                            {
                              "extractor_root" : "D:\\dipl\\codeql\\codeql\\go"
                            }
                          ],
                          "html" : [
                            {
                              "extractor_root" : "D:\\dipl\\codeql\\codeql\\html"
                            }
                          ],
                          "java" : [
                            {
                              "extractor_root" : "D:\\dipl\\codeql\\codeql\\java",
                              "extractor_options" : {
                                "exclude" : {
                                  "title" : "A glob excluding files from analysis.",
                                  "description" : "A glob indicating what files to exclude from the analysis.\n",
                                  "type" : "string"
                                }
                              }
                            }
                          ],
                          "javascript" : [
                            {
                              "extractor_root" : "D:\\dipl\\codeql\\codeql\\javascript",
                              "extractor_options" : { }
                            }
                          ],
                          "properties" : [
                            {
                              "extractor_root" : "D:\\dipl\\codeql\\codeql\\properties"
                            }
                          ],
                          "python" : [
                            {
                              "extractor_root" : "D:\\dipl\\codeql\\codeql\\python"
                            }
                          ],
                          "ruby" : [
                            {
                              "extractor_root" : "D:\\dipl\\codeql\\codeql\\ruby"
                            }
                          ],
                          "xml" : [
                            {
                              "extractor_root" : "D:\\dipl\\codeql\\codeql\\xml"
                            }
                          ]
                        }
                      }
[2022-12-20 13:44:16] [PROGRESS] database init> Calculating baseline information in D:\dipl\sourcecode\spring-boot
[2022-12-20 13:44:17] [PROGRESS] database init> Resolving extractor java.
[2022-12-20 13:44:17] [DETAILS] database init> Found candidate extractor root for java: D:\dipl\codeql\codeql\java.
[2022-12-20 13:44:17] [PROGRESS] database init> Successfully loaded extractor Java (java) from D:\dipl\codeql\codeql\java.
[2022-12-20 13:44:17] [PROGRESS] database init> Created skeleton CodeQL database at D:\dipl\codeql\databases\test. This in-progress database is ready to be populated by an extractor.
[2022-12-20 13:44:17] Plumbing command codeql database init completed.
[2022-12-20 13:44:17] Using autobuild script D:\dipl\codeql\codeql\java\tools\autobuild.cmd.
[2022-12-20 13:44:17] [DETAILS] database create> Detected autobuild command for Java: D:\dipl\codeql\codeql\java\tools\autobuild.cmd.
[2022-12-20 13:44:17] [PROGRESS] database create> Running build command: [D:\dipl\codeql\codeql\java\tools\autobuild.cmd]
[2022-12-20 13:44:17] Running plumbing command: codeql database trace-command --working-dir=D:\dipl\sourcecode\spring-boot --index-traceless-dbs --no-db-cluster -- D:\dipl\codeql\databases\test D:\dipl\codeql\codeql\java\tools\autobuild.cmd
[2022-12-20 13:44:17] [PROGRESS] database trace-command> Running command in D:\dipl\sourcecode\spring-boot: [D:\dipl\codeql\codeql\java\tools\autobuild.cmd]
[2022-12-20 13:44:43] [ERROR] Spawned process exited abnormally (code -1073741790; tried to run: [D:\dipl\codeql\codeql\tools\win64\tracer.exe, D:\dipl\codeql\codeql\tools\win64\runner.exe, cmd.exe, /C, type, NUL, &&, D:\dipl\codeql\codeql\java\tools\autobuild.cmd])
[2022-12-20 13:44:43] Exception caught at top level: Exit status -1073741790 from command: [D:\dipl\codeql\codeql\tools\win64\runner.exe, cmd.exe, /C, type, NUL, &&, D:\dipl\codeql\codeql\java\tools\autobuild.cmd]
                      com.semmle.cli2.database.DatabaseProcessCommandCommon.executeSubcommand(DatabaseProcessCommandCommon.java:215)
                      com.semmle.cli2.database.TraceCommandCommand.executeSubcommand(TraceCommandCommand.java:85)
                      com.semmle.cli2.picocli.SubcommandCommon.lambda$executeSubcommandWithMessages$2(SubcommandCommon.java:625)
                      com.semmle.cli2.picocli.SubcommandCommon.withCompilationMessages(SubcommandCommon.java:405)
                      com.semmle.cli2.picocli.SubcommandCommon.executeSubcommandWithMessages(SubcommandCommon.java:624)
                      com.semmle.cli2.picocli.PlumbingRunner.run(PlumbingRunner.java:110)
                      com.semmle.cli2.picocli.SubcommandCommon.runPlumbingInProcess(SubcommandCommon.java:188)
                      com.semmle.cli2.database.CreateCommand.executeSubcommand(CreateCommand.java:151)
                      com.semmle.cli2.picocli.SubcommandCommon.lambda$executeSubcommandWithMessages$2(SubcommandCommon.java:625)
                      com.semmle.cli2.picocli.SubcommandCommon.withCompilationMessages(SubcommandCommon.java:405)
                      com.semmle.cli2.picocli.SubcommandCommon.executeSubcommandWithMessages(SubcommandCommon.java:624)
                      com.semmle.cli2.picocli.SubcommandCommon.call(SubcommandCommon.java:561)
                      com.semmle.cli2.picocli.SubcommandMaker.runMain(SubcommandMaker.java:225)
                      com.semmle.cli2.picocli.SubcommandMaker.runMain(SubcommandMaker.java:234)
                      com.semmle.cli2.CodeQL.main(CodeQL.java:100)
jketema commented 1 year ago

Hi @ivancerosi,

Thanks for your question.

the tracer.exe gets deleted and I have to unpack the ZIP file again to restore it.

Where is your codeql located? Is it in D:\dipl\sourcecode\spring-boot or somewhere else.

ivancerosi commented 1 year ago

Hi @ivancerosi,

Thanks for your question.

the tracer.exe gets deleted and I have to unpack the ZIP file again to restore it.

Where is your codeql located? Is it in D:\dipl\sourcecode\spring-boot or somewhere else.

It is located in D:\dipl\codeql folder and I've added the folder to the PATH variable.

jketema commented 1 year ago

Thanks for your reply. We won't delete tracer.exe ourselves. Might it be that you're running a virus scanner that's placing the file in quarantine?

ivancerosi commented 1 year ago

You are right. Antivirus has flagged tools\win64\tracer.exe and tools\win64\runner.exe as malicious and quarantined them which caused the database creation to fail. Now that I've added exceptions, database creation works for Java sourcecode.

Thank you.

jketema commented 1 year ago

Good to hear! Thanks for reporting back.