search

github / codeql

CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
https://codeql.github.com
MIT License
7.38k stars 1.47k forks source link

The compilation process of "gradlew.bat" cannot be detected. #15431

Open feiweiliang opened 6 months ago

feiweiliang commented 6 months ago

I'm using CodeQL to create a database for project groovy. codeql database create groovy-db --language=java --command='gradlew.bat clean -x test --no-daemon --no-build-cache' --source-root=groovy-3.0.8 --overwrite

image

As shown in the figure, the compilation is successful, but I cannot create the database successfully even though I used the parameter --no-daemon --no-build-cache as suggested in the official documentation. May I ask what should be done in this situatio

The complete information: Initializing database at E:\SafeTools\codeql\databases\groovy-db. Running build command: [gradlew.bat, clean, -x, test, --no-daemon, --no-build-cache] [2024-01-25 16:47:23] [build-stdout] To honour the JVM settings for this build a single-use Daemon process will be forked. See https://docs.gradle.org/6.8.1/userguide/gradle_daemon.html#sec:disabling_the_daemon. [2024-01-25 16:47:28] [build-stdout] Daemon will be stopped at the end of the build [2024-01-25 16:47:31] [build-stdout] > Task :buildSrc:compileJava NO-SOURCE [2024-01-25 16:47:31] [build-stdout] > Task :buildSrc:compileGroovy UP-TO-DATE [2024-01-25 16:47:31] [build-stdout] > Task :buildSrc:processResources NO-SOURCE [2024-01-25 16:47:31] [build-stdout] > Task :buildSrc:classes UP-TO-DATE [2024-01-25 16:47:31] [build-stdout] > Task :buildSrc:jar UP-TO-DATE [2024-01-25 16:47:31] [build-stdout] > Task :buildSrc:assemble UP-TO-DATE [2024-01-25 16:47:31] [build-stdout] > Task :buildSrc:compileTestJava NO-SOURCE [2024-01-25 16:47:31] [build-stdout] > Task :buildSrc:compileTestGroovy NO-SOURCE [2024-01-25 16:47:31] [build-stdout] > Task :buildSrc:processTestResources NO-SOURCE [2024-01-25 16:47:31] [build-stdout] > Task :buildSrc:testClasses UP-TO-DATE [2024-01-25 16:47:31] [build-stdout] > Task :buildSrc:test NO-SOURCE [2024-01-25 16:47:31] [build-stdout] > Task :buildSrc:check UP-TO-DATE [2024-01-25 16:47:31] [build-stdout] > Task :buildSrc:build UP-TO-DATE [2024-01-25 16:47:34] [build-stdout] > Configure project : [2024-01-25 16:47:34] [build-stdout] No artifactory.properties file found [2024-01-25 16:47:34] [build-stdout] ArtifactoryUser user: null [2024-01-25 16:47:34] [build-stdout] Using Java from E:\Enviroment\jdk9 (version 9.0.1) [2024-01-25 16:47:35] [build-stdout] Detected development environment [2024-01-25 16:47:38] [build-stdout] [buildinfo] Properties file path was not found! (Relevant only for builds running on a CI Server) [2024-01-25 16:47:38] [build-stdout] > Task :groovy-cli-picocli:clean UP-TO-DATE [2024-01-25 16:47:38] [build-stdout] > Task :groovy-console:clean UP-TO-DATE [2024-01-25 16:47:38] [build-stdout] > Task :groovy-json:clean UP-TO-DATE [2024-01-25 16:47:38] [build-stdout] > Task :binary-compatibility:clean UP-TO-DATE [2024-01-25 16:47:38] [build-stdout] > Task :groovy-dateutil:clean UP-TO-DATE [2024-01-25 16:47:38] [build-stdout] > Task :groovy-jaxb:clean UP-TO-DATE [2024-01-25 16:47:38] [build-stdout] > Task :groovy-groovysh:clean UP-TO-DATE [2024-01-25 16:47:38] [build-stdout] > Task :groovy-ant:clean UP-TO-DATE [2024-01-25 16:47:38] [build-stdout] > Task :groovy-docgenerator:clean UP-TO-DATE [2024-01-25 16:47:38] [build-stdout] > Task :groovy-jmx:clean UP-TO-DATE [2024-01-25 16:47:38] [build-stdout] > Task :clean UP-TO-DATE [2024-01-25 16:47:38] [build-stdout] > Task :groovy-groovydoc:clean UP-TO-DATE [2024-01-25 16:47:38] [build-stdout] > Task :groovy-datetime:clean UP-TO-DATE [2024-01-25 16:47:38] [build-stdout] > Task :groovy-bsf:clean UP-TO-DATE [2024-01-25 16:47:38] [build-stdout] > Task :groovy-cli-commons:clean UP-TO-DATE [2024-01-25 16:47:38] [build-stdout] > Task :groovy-astbuilder:clean UP-TO-DATE [2024-01-25 16:47:38] [build-stdout] > Task :groovy-nio:clean UP-TO-DATE [2024-01-25 16:47:38] [build-stdout] > Task :groovy-servlet:clean UP-TO-DATE [2024-01-25 16:47:38] [build-stdout] > Task :groovy-macro:clean UP-TO-DATE [2024-01-25 16:47:38] [build-stdout] > Task :groovy-sql:clean UP-TO-DATE [2024-01-25 16:47:38] [build-stdout] > Task :groovy-swing:clean UP-TO-DATE [2024-01-25 16:47:38] [build-stdout] > Task :groovy-xml:clean UP-TO-DATE [2024-01-25 16:47:38] [build-stdout] > Task :groovy-templates:clean UP-TO-DATE [2024-01-25 16:47:38] [build-stdout] > Task :groovy-test:clean UP-TO-DATE [2024-01-25 16:47:38] [build-stdout] > Task :groovy-jsr223:clean UP-TO-DATE [2024-01-25 16:47:38] [build-stdout] > Task :groovy-test-junit5:clean UP-TO-DATE [2024-01-25 16:47:38] [build-stdout] > Task :groovy-testng:clean UP-TO-DATE [2024-01-25 16:47:38] [build-stdout] > Task :groovy-yaml:clean UP-TO-DATE [2024-01-25 16:47:38] [build-stdout] > Task :performance:clean UP-TO-DATE [2024-01-25 16:47:38] [build-stdout] This build uses Gradle Build Scans to gather statistics, share information about [2024-01-25 16:47:38] [build-stdout] failures, environmental issues, dependencies resolved during the build and more. [2024-01-25 16:47:38] [build-stdout] Build scans will be published after each build, if you accept the terms of [2024-01-25 16:47:38] [build-stdout] service, and in particular the privacy policy. [2024-01-25 16:47:38] [build-stdout] Please read [2024-01-25 16:47:38] [build-stdout] [2024-01-25 16:47:38] [build-stdout] https://gradle.com/terms-of-service [2024-01-25 16:47:38] [build-stdout] https://gradle.com/legal/privacy [2024-01-25 16:47:38] [build-stdout] and then: [2024-01-25 16:47:38] [build-stdout] - set the GRADLE_SCANS_ACCEPT to yes/no if you agree with/refuse the TOS [2024-01-25 16:47:38] [build-stdout] - or create the C:\Users\璐圭倻浜甛.gradle\gradle-scans-license-agree.txt file with yes/no in it if you agree with/refuse [2024-01-25 16:47:38] [build-stdout] And we'll not bother you again. Note that build scans are only made public if [2024-01-25 16:47:38] [build-stdout] you share the URL at the end of the build. [2024-01-25 16:47:38] [build-stdout] Deprecated Gradle features were used in this build, making it incompatible with Gradle 7.0. [2024-01-25 16:47:38] [build-stdout] Use '--warning-mode all' to show the individual deprecation warnings. [2024-01-25 16:47:38] [build-stdout] See https://docs.gradle.org/6.8.1/userguide/command_line_interface.html#sec:command_line_warnings [2024-01-25 16:47:38] [build-stdout] BUILD SUCCESSFUL in 17s [2024-01-25 16:47:38] [build-stdout] 29 actionable tasks: 29 up-to-date Finalizing database at E:\SafeTools\codeql\databases\groovy-db. CodeQL detected code written in Java/Kotlin but could not process any of it. This can occur if the specified build commands failed to compile or process any code.

smowton commented 6 months ago

The problem is that your command gradle clean -x test means clean and exclude test, which is equal to just a clean, with no build. Notice that all tasks referred to from Configure project: onwards are :clean tasks, with no build actually being performed. Try clean dist (no -x) instead to build everything and create the desired CodeQL database.

smowton commented 6 months ago

(Note also that CodeQL doesn't support the Groovy language, so only those elements of the Groovy ecosystem implemented in Java will be analysed)

feiweiliang commented 6 months ago

Thank you for your response. This has been helpful for me.