codeql icon indicating copy to clipboard operation
codeql copied to clipboard

Published 20 hours ago verified publisher icon github

CodeQL 2.19.1 does not work with Java 23 projects

Open danishnawab opened this issue 4 months ago • 12 comments

After upgrading to CodeQL 2.19.1 to get Java 23 support (see issue #17564), the Java 23 project is still not analyzed successfully by CodeQL.

Example project here: https://github.com/danishnawab/codeql-java23/tree/master

Java 23

The master branch is set up with Java 23 -> CodeQL analysis fails

codeql --version

Output:

CodeQL command-line toolchain release 2.19.1. Copyright (C) 2019-2024 GitHub, Inc. Unpacked in: ~/codeql Analysis results depend critically on separately distributed query and extractor modules. To list modules that are visible to the toolchain, use 'codeql resolve qlpacks' and 'codeql resolve languages'.

codeql database create java-testing-repo --language=java --source-root=. --command="./gradlew clean assemble --no-build-cache" --overwrite

Output:

Initializing database at ~/codeql-java23/java-testing-repo. Running build command: [./gradlew, clean, assemble, --no-build-cache] Running command in ~/codeql-java23: [./gradlew, clean, assemble, --no-build-cache] [2024-10-08 10:20:08] [build-stdout] > Task :clean UP-TO-DATE [2024-10-08 10:20:08] [build-stdout] > Task :compileJava [2024-10-08 10:20:08] [build-stdout] > Task :processResources [2024-10-08 10:20:08] [build-stdout] > Task :classes [2024-10-08 10:20:08] [build-stdout] > Task :resolveMainClassName [2024-10-08 10:20:09] [build-stdout] > Task :bootJar [2024-10-08 10:20:09] [build-stdout] > Task :jar [2024-10-08 10:20:09] [build-stdout] > Task :assemble [2024-10-08 10:20:09] [build-stdout] BUILD SUCCESSFUL in 983ms [2024-10-08 10:20:09] [build-stdout] 6 actionable tasks: 5 executed, 1 up-to-date Finalizing database at ~/codeql-java23/java-testing-repo. CodeQL detected code written in Java/Kotlin but could not process any of it. For more information, review our troubleshooting guide at https://gh.io/troubleshooting-code-scanning/no-source-code-seen-during-build.

Exit status: 32

Java 22

The java22 branch is set up with Java 22 -> CodeQL analysis succeeds

codeql --version

Output:

CodeQL command-line toolchain release 2.19.1. Copyright (C) 2019-2024 GitHub, Inc. Unpacked in:~/codeql Analysis results depend critically on separately distributed query and extractor modules. To list modules that are visible to the toolchain, use 'codeql resolve qlpacks' and 'codeql resolve languages'.

codeql database create java-testing-repo --language=java --source-root=. --command="./gradlew clean assemble --no-build-cache" --overwrite

Initializing database at ~/codeql-java23/java-testing-repo. Running build command: [./gradlew, clean, assemble, --no-build-cache] Running command in ~/codeql-java23: [./gradlew, clean, assemble, --no-build-cache] [2024-10-08 10:26:08] [build-stdout] > Task :clean [2024-10-08 10:26:13] [build-stdout] > Task :compileJava [2024-10-08 10:26:13] [build-stdout] > Task :processResources [2024-10-08 10:26:13] [build-stdout] > Task :classes [2024-10-08 10:26:13] [build-stdout] > Task :resolveMainClassName [2024-10-08 10:26:13] [build-stdout] > Task :bootJar [2024-10-08 10:26:13] [build-stdout] > Task :jar [2024-10-08 10:26:13] [build-stdout] > Task :assemble [2024-10-08 10:26:13] [build-stdout] BUILD SUCCESSFUL in 5s [2024-10-08 10:26:13] [build-stdout] 6 actionable tasks: 6 executed Finalizing database at ~/codeql-java23/java-testing-repo. Running pre-finalize script ~/codeql/java/tools/pre-finalize.sh in ~/codeql-java23. Running command in ~/codeql-java23: [~/codeql/java/tools/pre-finalize.sh] [2024-10-08 10:26:14] [build-stderr] Scanning for files in ~/codeql-java23... [2024-10-08 10:26:14] [build-stderr] ~/codeql-java23/java-testing-repo: Indexing files in in ~/codeql-java23... [2024-10-08 10:26:14] [build-stderr] Running command in ~/codeql-java23: [~/codeql/xml/tools/index-files.sh, ~/codeql-java23/java-testing-repo/working/files-to-index11292473239882580179.list] [2024-10-08 10:26:15] [build-stderr] Scanning for files in ~/codeql-java23... [2024-10-08 10:26:15] [build-stderr] ~/codeql-java23/java-testing-repo: Indexing files in in ~/codeql-java23... [2024-10-08 10:26:15] [build-stderr] Running command in ~/codeql-java23: [~/codeql/properties/tools/index-files.sh, ~/codeql-java23/java-testing-repo/working/files-to-index1093484879480739341.list] Running TRAP import for CodeQL database at ~/codeql-java23/java-testing-repo... Importing TRAP files Merging relations Finished writing database (relations: 2.41 MiB; string pool: 2.78 MiB). TRAP import complete (1.2s). Finished zipping source archive (5.37 KiB). Successfully created database at ~/codeql-java23/java-testing-repo.

Exit status: 0

The Java version is the only difference between the 2 branches: https://github.com/danishnawab/codeql-java23/compare/master...java22

danishnawab avatar Oct 08 '24 08:10 danishnawab