-
Notifications
You must be signed in to change notification settings - Fork 1.9k
Java: No Java/Kotlin code extracted from webgoat/webgoat #17063
-
Error message:
[ERROR] database finalize> CodeQL detected code written in Java/Kotlin but could not automatically build any of it. Provide an explicit build command with --command or check the logs. For more information, review our troubleshooting guide at https://gh.io/troubleshooting-code-scanning/no-source-code-seen-during-build.
[2024年07月24日 23:19:43] Plumbing command codeql database finalize completed with status 32.
[2024年07月24日 23:19:43] Exiting with code 32
I am using the Macbook OS 11.7 to test the codeql. Before I could build the database and did the analyze successful, but now it is failed.
My environment:
Code: Webgoat https://github.com/WebGoat/WebGoat.git
JDK: JDK 21, https://www.azul.com/downloads/
Codeql version:
CodeQL command-line toolchain release 2.18.0.
Copyright (C) 2019-2024 GitHub, Inc.
Unpacked in: /Users/mendickxiao/tool/codeql
Analysis results depend critically on separately distributed query and
extractor modules. To list modules that are visible to the toolchain,
use 'codeql resolve qlpacks' and 'codeql resolve languages'.
My build is successful.
[2024年07月24日 23:19:43] [build-stdout] [INFO] /Users/mendickxiao/code/security/WebGoat-main/src/main/java/org/owasp/webgoat/lessons/passwordreset/ResetLinkAssignmentForgotPassword.java: 有关详细信息, 请使用 -Xlint:unchecked 重新编译。
[2024年07月24日 23:19:43] [build-stdout] [INFO] ------------------------------------------------------------------------
[2024年07月24日 23:19:43] [build-stdout] [INFO] BUILD SUCCESS
[2024年07月24日 23:19:43] [build-stdout] [INFO] ------------------------------------------------------------------------
[2024年07月24日 23:19:43] [build-stdout] [INFO] Total time: 14.969 s
[2024年07月24日 23:19:43] [build-stdout] [INFO] Finished at: 2024年07月24日T23:19:43+08:00
[2024年07月24日 23:19:43] [build-stdout] [INFO] ------------------------------------------------------------------------
The log file:
MacBook:WebGoat-main mendickxiao$ cat /Users/mendickxiao/code/security/WebGoat-main/webgoat-db-test/log/database-create-20240724.231922.178.log
[2024年07月24日 23:19:22] This is codeql database create webgoat-db-test --language=java --build-mode=autobuild --command=mvn clean compile --source-root=. --verbose --overwrite
[2024年07月24日 23:19:22] Log file was started late.
[2024年07月24日 23:19:22] [PROGRESS] database create> Initializing database at /Users/mendickxiao/code/security/WebGoat-main/webgoat-db-test.
[2024年07月24日 23:19:22] Running plumbing command: codeql database init --overwrite --language=java --extractor-options-verbosity=1 --qlconfig-file=/Users/mendickxiao/code/security/WebGoat-main/qlconfig.yml --build-mode=autobuild --source-root=/Users/mendickxiao/code/security/WebGoat-main --allow-missing-source-root=false --allow-already-existing -- /Users/mendickxiao/code/security/WebGoat-main/webgoat-db-test
[2024年07月24日 23:19:22] Calling plumbing command: codeql resolve languages --extractor-options-verbosity=1 --format=betterjson
[2024年07月24日 23:19:22] [DETAILS] resolve languages> Scanning for [codeql-extractor.yml] from /Users/mendickxiao/tool/codeql/.codeqlmanifest.json
[2024年07月24日 23:19:22] [DETAILS] resolve languages> Parsing /Users/mendickxiao/tool/codeql/go/codeql-extractor.yml.
[2024年07月24日 23:19:22] [DETAILS] resolve languages> Parsing /Users/mendickxiao/tool/codeql/python/codeql-extractor.yml.
[2024年07月24日 23:19:22] [DETAILS] resolve languages> Parsing /Users/mendickxiao/tool/codeql/java/codeql-extractor.yml.
[2024年07月24日 23:19:22] [DETAILS] resolve languages> Parsing /Users/mendickxiao/tool/codeql/html/codeql-extractor.yml.
[2024年07月24日 23:19:22] [DETAILS] resolve languages> Parsing /Users/mendickxiao/tool/codeql/xml/codeql-extractor.yml.
[2024年07月24日 23:19:22] [DETAILS] resolve languages> Parsing /Users/mendickxiao/tool/codeql/properties/codeql-extractor.yml.
[2024年07月24日 23:19:22] [DETAILS] resolve languages> Parsing /Users/mendickxiao/tool/codeql/cpp/codeql-extractor.yml.
[2024年07月24日 23:19:22] [DETAILS] resolve languages> Parsing /Users/mendickxiao/tool/codeql/swift/codeql-extractor.yml.
[2024年07月24日 23:19:22] [DETAILS] resolve languages> Parsing /Users/mendickxiao/tool/codeql/csv/codeql-extractor.yml.
[2024年07月24日 23:19:22] [DETAILS] resolve languages> Parsing /Users/mendickxiao/tool/codeql/yaml/codeql-extractor.yml.
[2024年07月24日 23:19:22] [DETAILS] resolve languages> Parsing /Users/mendickxiao/tool/codeql/csharp/codeql-extractor.yml.
[2024年07月24日 23:19:22] [DETAILS] resolve languages> Parsing /Users/mendickxiao/tool/codeql/javascript/codeql-extractor.yml.
[2024年07月24日 23:19:22] [DETAILS] resolve languages> Parsing /Users/mendickxiao/tool/codeql/ruby/codeql-extractor.yml.
[2024年07月24日 23:19:23] Plumbing command codeql resolve languages completed:
{
"aliases" : {
"c" : "cpp",
"c++" : "cpp",
"c-c++" : "cpp",
"c-cpp" : "cpp",
"c#" : "csharp",
"java-kotlin" : "java",
"kotlin" : "java",
"javascript-typescript" : "javascript",
"typescript" : "javascript"
},
"extractors" : {
"go" : [
{
"extractor_root" : "/Users/mendickxiao/tool/codeql/go"
}
],
"python" : [
{
"extractor_root" : "/Users/mendickxiao/tool/codeql/python",
"extractor_options" : {
"logging" : {
"title" : "Options pertaining to logging.",
"description" : "Options pertaining to logging.",
"type" : "object",
"properties" : {
"verbosity" : {
"title" : "Python extractor logging verbosity level.",
"description" : "Controls the level of verbosity of the CodeQL Python extractor.\nThe supported levels are (in order of increasing verbosity):\n\n - off\n - errors\n - warnings\n - info or progress\n - debug or progress+\n - trace or progress++\n - progress+++\n",
"type" : "string",
"pattern" : "^(off|errors|warnings|(info|progress)|(debug|progress\\+)|(trace|progress\\+\\+)|progress\\+\\+\\+)$"
}
}
},
"python_executable_name" : {
"title" : "Controls the name of the Python executable used by the Python extractor.",
"description" : "The Python extractor uses platform-dependent heuristics to determine the name of the Python executable to use. Specifying a value for this option overrides the name of the Python executable used by the extractor. Accepted values are py, python and python3. Use this setting with caution, the Python extractor requires Python 3 to run.\n",
"type" : "string",
"pattern" : "^(py|python|python3)$"
}
}
}
],
"java" : [
{
"extractor_root" : "/Users/mendickxiao/tool/codeql/java",
"extractor_options" : {
"exclude" : {
"title" : "A glob excluding files from analysis.",
"description" : "A glob indicating what files to exclude from the analysis.\n",
"type" : "string"
},
"add_prefer_source" : {
"title" : "Whether to always prefer source files over class files.",
"description" : "A value indicating whether source files should be preferred over class files. If set to 'true', the extraction adds '-Xprefer:source' to the javac command line. If set to 'false', the extraction uses the default javac behavior ('-Xprefer:newer'). The default is 'true'.\n",
"type" : "string",
"pattern" : "^(false|true)$"
},
"buildless" : {
"title" : "Whether to use buildless (standalone) extraction (experimental).",
"description" : "A value indicating, which type of extraction the autobuilder should perform. If 'true', then the standalone extractor will be used, otherwise tracing extraction will be performed. The default is 'false'. Note that buildless extraction will generally yield less accurate analysis results, and should only be used in cases where it is not possible to build the code (for example if it uses inaccessible dependencies).\n",
"type" : "string",
"pattern" : "^(false|true)$"
}
}
}
],
"html" : [
{
"extractor_root" : "/Users/mendickxiao/tool/codeql/html"
}
],
"xml" : [
{
"extractor_root" : "/Users/mendickxiao/tool/codeql/xml"
}
],
"properties" : [
{
"extractor_root" : "/Users/mendickxiao/tool/codeql/properties"
}
],
"cpp" : [
{
"extractor_root" : "/Users/mendickxiao/tool/codeql/cpp",
"extractor_options" : { }
}
],
"swift" : [
{
"extractor_root" : "/Users/mendickxiao/tool/codeql/swift"
}
],
"csv" : [
{
"extractor_root" : "/Users/mendickxiao/tool/codeql/csv"
}
],
"yaml" : [
{
"extractor_root" : "/Users/mendickxiao/tool/codeql/yaml"
}
],
"csharp" : [
{
"extractor_root" : "/Users/mendickxiao/tool/codeql/csharp",
"extractor_options" : {
"trap" : {
"title" : "Options pertaining to TRAP.",
"description" : "Options pertaining to TRAP.",
"type" : "object",
"properties" : {
"compression" : {
"title" : "Controls compression for the TRAP files written by the extractor.",
"description" : "This option is only intended for use in debugging the extractor. Accepted values are 'brotli' (the default, to write brotli-compressed TRAP), 'gzip', and 'none' (to write uncompressed TRAP).\n",
"type" : "string",
"pattern" : "^(none|gzip|brotli)$"
}
}
},
"buildless" : {
"title" : "DEPRECATED - Whether to use buildless (standalone) extraction.",
"description" : "DEPRECATED: Use `--build-mode none` instead.\nA value indicating, which type of extraction the autobuilder should perform. If 'true', then the standalone extractor will be used, otherwise tracing extraction will be performed. The default is 'false'. Note that buildless extraction will generally yield less accurate analysis results, and should only be used in cases where it is not possible to build the code (for example if it uses inaccessible dependencies).\n",
"type" : "string",
"pattern" : "^(false|true)$"
},
"logging" : {
"title" : "Options pertaining to logging.",
"description" : "Options pertaining to logging.",
"type" : "object",
"properties" : {
"verbosity" : {
"title" : "Extractor logging verbosity level.",
"description" : "Controls the level of verbosity of the extractor. The supported levels are (in order of increasing verbosity):\n - off\n - errors\n - warnings\n - info or progress\n - debug or progress+\n - trace or progress++\n - progress+++\n",
"type" : "string",
"pattern" : "^(off|errors|warnings|(info|progress)|(debug|progress\\+)|(trace|progress\\+\\+)|progress\\+\\+\\+)$"
}
}
},
"binlog" : {
"title" : "Binlog",
"description" : "[EXPERIMENTAL] The value is a path to the MsBuild binary log file that should be extracted. This option only works when `--build-mode none` is also specified.\n",
"type" : "string"
}
}
}
],
"javascript" : [
{
"extractor_root" : "/Users/mendickxiao/tool/codeql/javascript",
"extractor_options" : {
"skip_types" : {
"title" : "Skip type extraction for TypeScript",
"description" : "Whether to skip the extraction of types in a TypeScript application",
"type" : "string",
"pattern" : "^(false|true)$"
}
}
}
],
"ruby" : [
{
"extractor_root" : "/Users/mendickxiao/tool/codeql/ruby",
"extractor_options" : {
"trap" : {
"title" : "Options pertaining to TRAP.",
"description" : "Options pertaining to TRAP.",
"type" : "object",
"properties" : {
"compression" : {
"title" : "Controls compression for the TRAP files written by the extractor.",
"description" : "This option is only intended for use in debugging the extractor. Accepted values are 'gzip' (the default, to write gzip-compressed TRAP) and 'none' (to write uncompressed TRAP).\n",
"type" : "string",
"pattern" : "^(none|gzip)$"
}
}
}
}
}
]
}
}
[2024年07月24日 23:19:23] [PROGRESS] database init> Calculating baseline information in /Users/mendickxiao/code/security/WebGoat-main
[2024年07月24日 23:19:23] [SPAMMY] database init> Ignoring the following directories when processing baseline information: .git, .hg, .svn.
[2024年07月24日 23:19:23] [DETAILS] database init> Running command in /Users/mendickxiao/code/security/WebGoat-main: /Users/mendickxiao/tool/codeql/tools/osx64/scc --by-file --exclude-dir .git,.hg,.svn --format json --no-large --no-min .
[2024年07月24日 23:19:23] Using configure-baseline script /Users/mendickxiao/tool/codeql/javascript/tools/configure-baseline.sh.
[2024年07月24日 23:19:23] [PROGRESS] database init> Running command in /Users/mendickxiao/code/security/WebGoat-main: [/Users/mendickxiao/tool/codeql/javascript/tools/configure-baseline.sh]
[2024年07月24日 23:19:23] [SPAMMY] database init> Ignored an additional 2 files when processing baseline information for JavaScript due to paths and paths-ignore configuration.
[2024年07月24日 23:19:23] [SPAMMY] database init> Found 355 baseline files for java.
[2024年07月24日 23:19:23] [SPAMMY] database init> Found 80 baseline files for javascript.
[2024年07月24日 23:19:23] [PROGRESS] database init> Calculated baseline information for languages: java, javascript (571ms).
[2024年07月24日 23:19:23] [PROGRESS] database init> Resolving extractor java.
[2024年07月24日 23:19:23] [DETAILS] database init> Found candidate extractor root for java: /Users/mendickxiao/tool/codeql/java.
[2024年07月24日 23:19:23] [PROGRESS] database init> Successfully loaded extractor Java/Kotlin (java) from /Users/mendickxiao/tool/codeql/java.
[2024年07月24日 23:19:23] [SPAMMY] database init> Determining macOS System Integrity Protection status...
[2024年07月24日 23:19:23] [SPAMMY] database init> Running command [/usr/bin/csrutil, status].
[2024年07月24日 23:19:23] [SPAMMY] database init> SIP is enabled.
[2024年07月24日 23:19:23] [PROGRESS] database init> Created skeleton CodeQL database at /Users/mendickxiao/code/security/WebGoat-main/webgoat-db-test. This in-progress database is ready to be populated by an extractor.
[2024年07月24日 23:19:23] Plumbing command codeql database init completed.
[2024年07月24日 23:19:23] [PROGRESS] database create> Running build command: [mvn, clean, compile]
[2024年07月24日 23:19:23] Running plumbing command: codeql database trace-command --working-dir=/Users/mendickxiao/code/security/WebGoat-main --index-traceless-dbs --no-db-cluster -- /Users/mendickxiao/code/security/WebGoat-main/webgoat-db-test mvn clean compile
[2024年07月24日 23:19:24] [PROGRESS] database trace-command> Running command in /Users/mendickxiao/code/security/WebGoat-main: [mvn, clean, compile]
[2024年07月24日 23:19:28] [build-stdout] [INFO] Scanning for projects...
[2024年07月24日 23:19:29] [build-stdout] [INFO]
[2024年07月24日 23:19:29] [build-stdout] [INFO] ---------------------< org.owasp.webgoat:webgoat >----------------------
[2024年07月24日 23:19:29] [build-stdout] [INFO] Building WebGoat 2024.2-SNAPSHOT
[2024年07月24日 23:19:29] [build-stdout] [INFO] --------------------------------[ jar ]---------------------------------
[2024年07月24日 23:19:30] [build-stdout] [INFO]
[2024年07月24日 23:19:30] [build-stdout] [INFO] --- maven-clean-plugin:3.3.2:clean (default-clean) @ webgoat ---
[2024年07月24日 23:19:30] [build-stdout] [INFO] Deleting /Users/mendickxiao/code/security/WebGoat-main/target
[2024年07月24日 23:19:31] [build-stdout] [INFO]
[2024年07月24日 23:19:31] [build-stdout] [INFO] --- maven-enforcer-plugin:3.5.0:enforce (restrict-log4j-versions) @ webgoat ---
[2024年07月24日 23:19:31] [build-stdout] [INFO] Rule 0: org.apache.maven.enforcer.rules.dependency.BannedDependencies passed
[2024年07月24日 23:19:31] [build-stdout] [INFO]
[2024年07月24日 23:19:31] [build-stdout] [INFO] --- maven-resources-plugin:3.3.1:resources (default-resources) @ webgoat ---
[2024年07月24日 23:19:31] [build-stdout] [INFO] Copying 2 resources from src/main/resources to target/classes
[2024年07月24日 23:19:32] [build-stdout] [INFO] Copying 647 resources from src/main/resources to target/classes
[2024年07月24日 23:19:32] [build-stdout] [INFO]
[2024年07月24日 23:19:32] [build-stdout] [INFO] --- build-helper-maven-plugin:3.4.0:reserve-network-port (reserve-container-port) @ webgoat ---
[2024年07月24日 23:19:32] [build-stdout] [INFO] Reserved port 63360 for webgoat.port
[2024年07月24日 23:19:32] [build-stdout] [INFO] Reserved port 63361 for webwolf.port
[2024年07月24日 23:19:32] [build-stdout] [INFO]
[2024年07月24日 23:19:32] [build-stdout] [INFO] --- maven-compiler-plugin:3.8.0:compile (default-compile) @ webgoat ---
[2024年07月24日 23:19:33] [build-stdout] [INFO] Changes detected - recompiling the module!
[2024年07月24日 23:19:33] [build-stdout] [INFO] Compiling 258 source files to /Users/mendickxiao/code/security/WebGoat-main/target/classes
[2024年07月24日 23:19:43] [build-stdout] [INFO] /Users/mendickxiao/code/security/WebGoat-main/src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadBase.java: 某些输入文件使用或覆盖了已过时的 API。
[2024年07月24日 23:19:43] [build-stdout] [INFO] /Users/mendickxiao/code/security/WebGoat-main/src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadBase.java: 有关详细信息, 请使用 -Xlint:deprecation 重新编译。
[2024年07月24日 23:19:43] [build-stdout] [INFO] /Users/mendickxiao/code/security/WebGoat-main/src/main/java/org/owasp/webgoat/lessons/passwordreset/ResetLinkAssignmentForgotPassword.java: 某些输入文件使用了未经检查或不安全的操作。
[2024年07月24日 23:19:43] [build-stdout] [INFO] /Users/mendickxiao/code/security/WebGoat-main/src/main/java/org/owasp/webgoat/lessons/passwordreset/ResetLinkAssignmentForgotPassword.java: 有关详细信息, 请使用 -Xlint:unchecked 重新编译。
[2024年07月24日 23:19:43] [build-stdout] [INFO] ------------------------------------------------------------------------
[2024年07月24日 23:19:43] [build-stdout] [INFO] BUILD SUCCESS
[2024年07月24日 23:19:43] [build-stdout] [INFO] ------------------------------------------------------------------------
[2024年07月24日 23:19:43] [build-stdout] [INFO] Total time: 14.969 s
[2024年07月24日 23:19:43] [build-stdout] [INFO] Finished at: 2024年07月24日T23:19:43+08:00
[2024年07月24日 23:19:43] [build-stdout] [INFO] ------------------------------------------------------------------------
[2024年07月24日 23:19:43] Plumbing command codeql database trace-command completed.
[2024年07月24日 23:19:43] [PROGRESS] database create> Finalizing database at /Users/mendickxiao/code/security/WebGoat-main/webgoat-db-test.
[2024年07月24日 23:19:43] Running plumbing command: codeql database finalize --no-db-cluster -- /Users/mendickxiao/code/security/WebGoat-main/webgoat-db-test
[2024年07月24日 23:19:43] Calling plumbing command: codeql resolve languages --format=json
[2024年07月24日 23:19:43] [DETAILS] resolve languages> Scanning for [codeql-extractor.yml] from /Users/mendickxiao/tool/codeql/.codeqlmanifest.json
[2024年07月24日 23:19:43] [DETAILS] resolve languages> Parsing /Users/mendickxiao/tool/codeql/go/codeql-extractor.yml.
[2024年07月24日 23:19:43] [DETAILS] resolve languages> Parsing /Users/mendickxiao/tool/codeql/python/codeql-extractor.yml.
[2024年07月24日 23:19:43] [DETAILS] resolve languages> Parsing /Users/mendickxiao/tool/codeql/java/codeql-extractor.yml.
[2024年07月24日 23:19:43] [DETAILS] resolve languages> Parsing /Users/mendickxiao/tool/codeql/html/codeql-extractor.yml.
[2024年07月24日 23:19:43] [DETAILS] resolve languages> Parsing /Users/mendickxiao/tool/codeql/xml/codeql-extractor.yml.
[2024年07月24日 23:19:43] [DETAILS] resolve languages> Parsing /Users/mendickxiao/tool/codeql/properties/codeql-extractor.yml.
[2024年07月24日 23:19:43] [DETAILS] resolve languages> Parsing /Users/mendickxiao/tool/codeql/cpp/codeql-extractor.yml.
[2024年07月24日 23:19:43] [DETAILS] resolve languages> Parsing /Users/mendickxiao/tool/codeql/swift/codeql-extractor.yml.
[2024年07月24日 23:19:43] [DETAILS] resolve languages> Parsing /Users/mendickxiao/tool/codeql/csv/codeql-extractor.yml.
[2024年07月24日 23:19:43] [DETAILS] resolve languages> Parsing /Users/mendickxiao/tool/codeql/yaml/codeql-extractor.yml.
[2024年07月24日 23:19:43] [DETAILS] resolve languages> Parsing /Users/mendickxiao/tool/codeql/csharp/codeql-extractor.yml.
[2024年07月24日 23:19:43] [DETAILS] resolve languages> Parsing /Users/mendickxiao/tool/codeql/javascript/codeql-extractor.yml.
[2024年07月24日 23:19:43] [DETAILS] resolve languages> Parsing /Users/mendickxiao/tool/codeql/ruby/codeql-extractor.yml.
[2024年07月24日 23:19:43] Plumbing command codeql resolve languages completed:
{
"aliases" : {
"c" : "cpp",
"c++" : "cpp",
"c-c++" : "cpp",
"c-cpp" : "cpp",
"c#" : "csharp",
"java-kotlin" : "java",
"kotlin" : "java",
"javascript-typescript" : "javascript",
"typescript" : "javascript"
},
"extractors" : {
"go" : [
{
"extractor_root" : "/Users/mendickxiao/tool/codeql/go"
}
],
"python" : [
{
"extractor_root" : "/Users/mendickxiao/tool/codeql/python",
"extractor_options" : {
"logging" : {
"title" : "Options pertaining to logging.",
"description" : "Options pertaining to logging.",
"type" : "object",
"properties" : {
"verbosity" : {
"title" : "Python extractor logging verbosity level.",
"description" : "Controls the level of verbosity of the CodeQL Python extractor.\nThe supported levels are (in order of increasing verbosity):\n\n - off\n - errors\n - warnings\n - info or progress\n - debug or progress+\n - trace or progress++\n - progress+++\n",
"type" : "string",
"pattern" : "^(off|errors|warnings|(info|progress)|(debug|progress\\+)|(trace|progress\\+\\+)|progress\\+\\+\\+)$"
}
}
},
"python_executable_name" : {
"title" : "Controls the name of the Python executable used by the Python extractor.",
"description" : "The Python extractor uses platform-dependent heuristics to determine the name of the Python executable to use. Specifying a value for this option overrides the name of the Python executable used by the extractor. Accepted values are py, python and python3. Use this setting with caution, the Python extractor requires Python 3 to run.\n",
"type" : "string",
"pattern" : "^(py|python|python3)$"
}
}
}
],
"java" : [
{
"extractor_root" : "/Users/mendickxiao/tool/codeql/java",
"extractor_options" : {
"exclude" : {
"title" : "A glob excluding files from analysis.",
"description" : "A glob indicating what files to exclude from the analysis.\n",
"type" : "string"
},
"add_prefer_source" : {
"title" : "Whether to always prefer source files over class files.",
"description" : "A value indicating whether source files should be preferred over class files. If set to 'true', the extraction adds '-Xprefer:source' to the javac command line. If set to 'false', the extraction uses the default javac behavior ('-Xprefer:newer'). The default is 'true'.\n",
"type" : "string",
"pattern" : "^(false|true)$"
},
"buildless" : {
"title" : "Whether to use buildless (standalone) extraction (experimental).",
"description" : "A value indicating, which type of extraction the autobuilder should perform. If 'true', then the standalone extractor will be used, otherwise tracing extraction will be performed. The default is 'false'. Note that buildless extraction will generally yield less accurate analysis results, and should only be used in cases where it is not possible to build the code (for example if it uses inaccessible dependencies).\n",
"type" : "string",
"pattern" : "^(false|true)$"
}
}
}
],
"html" : [
{
"extractor_root" : "/Users/mendickxiao/tool/codeql/html"
}
],
"xml" : [
{
"extractor_root" : "/Users/mendickxiao/tool/codeql/xml"
}
],
"properties" : [
{
"extractor_root" : "/Users/mendickxiao/tool/codeql/properties"
}
],
"cpp" : [
{
"extractor_root" : "/Users/mendickxiao/tool/codeql/cpp",
"extractor_options" : { }
}
],
"swift" : [
{
"extractor_root" : "/Users/mendickxiao/tool/codeql/swift"
}
],
"csv" : [
{
"extractor_root" : "/Users/mendickxiao/tool/codeql/csv"
}
],
"yaml" : [
{
"extractor_root" : "/Users/mendickxiao/tool/codeql/yaml"
}
],
"csharp" : [
{
"extractor_root" : "/Users/mendickxiao/tool/codeql/csharp",
"extractor_options" : {
"trap" : {
"title" : "Options pertaining to TRAP.",
"description" : "Options pertaining to TRAP.",
"type" : "object",
"properties" : {
"compression" : {
"title" : "Controls compression for the TRAP files written by the extractor.",
"description" : "This option is only intended for use in debugging the extractor. Accepted values are 'brotli' (the default, to write brotli-compressed TRAP), 'gzip', and 'none' (to write uncompressed TRAP).\n",
"type" : "string",
"pattern" : "^(none|gzip|brotli)$"
}
}
},
"buildless" : {
"title" : "DEPRECATED - Whether to use buildless (standalone) extraction.",
"description" : "DEPRECATED: Use `--build-mode none` instead.\nA value indicating, which type of extraction the autobuilder should perform. If 'true', then the standalone extractor will be used, otherwise tracing extraction will be performed. The default is 'false'. Note that buildless extraction will generally yield less accurate analysis results, and should only be used in cases where it is not possible to build the code (for example if it uses inaccessible dependencies).\n",
"type" : "string",
"pattern" : "^(false|true)$"
},
"logging" : {
"title" : "Options pertaining to logging.",
"description" : "Options pertaining to logging.",
"type" : "object",
"properties" : {
"verbosity" : {
"title" : "Extractor logging verbosity level.",
"description" : "Controls the level of verbosity of the extractor. The supported levels are (in order of increasing verbosity):\n - off\n - errors\n - warnings\n - info or progress\n - debug or progress+\n - trace or progress++\n - progress+++\n",
"type" : "string",
"pattern" : "^(off|errors|warnings|(info|progress)|(debug|progress\\+)|(trace|progress\\+\\+)|progress\\+\\+\\+)$"
}
}
},
"binlog" : {
"title" : "Binlog",
"description" : "[EXPERIMENTAL] The value is a path to the MsBuild binary log file that should be extracted. This option only works when `--build-mode none` is also specified.\n",
"type" : "string"
}
}
}
],
"javascript" : [
{
"extractor_root" : "/Users/mendickxiao/tool/codeql/javascript",
"extractor_options" : {
"skip_types" : {
"title" : "Skip type extraction for TypeScript",
"description" : "Whether to skip the extraction of types in a TypeScript application",
"type" : "string",
"pattern" : "^(false|true)$"
}
}
}
],
"ruby" : [
{
"extractor_root" : "/Users/mendickxiao/tool/codeql/ruby",
"extractor_options" : {
"trap" : {
"title" : "Options pertaining to TRAP.",
"description" : "Options pertaining to TRAP.",
"type" : "object",
"properties" : {
"compression" : {
"title" : "Controls compression for the TRAP files written by the extractor.",
"description" : "This option is only intended for use in debugging the extractor. Accepted values are 'gzip' (the default, to write gzip-compressed TRAP) and 'none' (to write uncompressed TRAP).\n",
"type" : "string",
"pattern" : "^(none|gzip)$"
}
}
}
}
}
]
}
}
[2024年07月24日 23:19:43] [SPAMMIER] database finalize> Loaded the following extractors: Go, Python, Java/Kotlin, HTML, XML, Java Properties Files, C/C++, Swift, CSV, YAML, C#, JavaScript/TypeScript, Ruby
[2024年07月24日 23:19:43] [ERROR] database finalize> CodeQL detected code written in Java/Kotlin but could not automatically build any of it. Provide an explicit build command with --command or check the logs. For more information, review our troubleshooting guide at https://gh.io/troubleshooting-code-scanning/no-source-code-seen-during-build.
[2024年07月24日 23:19:43] Plumbing command codeql database finalize completed with status 32.
[2024年07月24日 23:19:43] Exiting with code 32
MacBook:WebGoat-main mendickxiao$ codeql version
CodeQL command-line toolchain release 2.18.0.
Copyright (C) 2019-2024 GitHub, Inc.
Unpacked in: /Users/mendickxiao/tool/codeql
Analysis results depend critically on separately distributed query and
extractor modules. To list modules that are visible to the toolchain,
use 'codeql resolve qlpacks' and 'codeql resolve languages'.
MacBook:WebGoat-main mendickxiao$
Beta Was this translation helpful? Give feedback.
All reactions
Replies: 1 comment 8 replies
-
Just tested extraction of the WebGoat repository, with that JDK installed, in a Mac environment, and it worked as expected for me. Could you share the contents of webgoat-db-test/log?
Beta Was this translation helpful? Give feedback.
All reactions
-
Here is the log:
[T 16:00:42 29055] CodeQL CLI version 2.18.0
[T 16:00:42 29055] Initializing tracer.
[T 16:00:42 29055] Initializing tags.
[T 16:00:42 29055] ID set to 000000000000717F_0000000000000001 (parent root)
[T 16:00:42 29055] Initializing tracer.
[T 16:00:42 29055] Initializing tags.
[T 16:00:42 29055] ID set to 000000000000717F_0000000000000002 (parent root)
[T 16:00:42 29055] Warning: SEMMLE_EXEC and SEMMLE_EXECP not set. Falling back to path lookup on argv[0].
[T 16:00:42 29055] ==== Candidate to intercept: /Users/mendickxiao/tool/codeql/tools/osx64/runner-osx (canonical: /Users/mendickxiao/tool/codeql/tools/osx64/runner-osx) ====
[T 16:00:42 29055] Lua: === Intercepted call to /users/mendickxiao/tool/codeql/tools/osx64/runner-osx ===
[T 16:00:42 29055] Executing the following tracer actions:
[T 16:00:42 29055] Tracer actions:
[T 16:00:42 29055] pre_invocations(0)
[T 16:00:42 29055] post_invocations(0)
[T 16:00:42 29055] trace_languages(1): [java]
[T 16:00:42 29056] Attempting to switch stdout/stderr to 3...
/Users/mendickxiao/code/security/WebGoat-main/webgoat-db-test-1/working/copy-root/000001F5/bin/bash.semmle.0000717F.16FCEB10.slice.x86_64: replacing existing signature
xcrun: error: active developer path ("/Applications/Xcode.app/Contents/Developer") does not exist
Use sudo xcode-select --switch path/to/Xcode.app to specify the Xcode that you wish to use for command line developer tools, or use xcode-select --install to install the standalone command line developer tools.
See man xcode-select for more details.
/Users/mendickxiao/code/security/WebGoat-main/webgoat-db-test-1/working/copy-root/000001F5/bin/bash.semmle.0000717F.16FCEB10.slice.x86_64: the codesign_allocate helper tool cannot be found or used
relocator: cannot re-sign the slice: /Users/mendickxiao/code/security/WebGoat-main/webgoat-db-test-1/working/copy-root/000001F5/bin/bash.semmle.0000717F.16FCEB10.slice.x86_64
another log:
[2024年07月25日 00:00:40] This is codeql database create webgoat-db-test-1 --language=java --build-mode=autobuild --command=mvn clean compile --source-root=. --verbose --overwrite
[2024年07月25日 00:00:40] Log file was started late.
[2024年07月25日 00:00:40] [PROGRESS] database create> Initializing database at /Users/mendickxiao/code/security/WebGoat-main/webgoat-db-test-1.
[2024年07月25日 00:00:40] Running plumbing command: codeql database init --overwrite --language=java --extractor-options-verbosity=1 --qlconfig-file=/Users/mendickxiao/code/security/WebGoat-main/qlconfig.yml --build-mode=autobuild --source-root=/Users/mendickxiao/code/security/WebGoat-main --allow-missing-source-root=false --allow-already-existing -- /Users/mendickxiao/code/security/WebGoat-main/webgoat-db-test-1
[2024年07月25日 00:00:40] Calling plumbing command: codeql resolve languages --extractor-options-verbosity=1 --format=betterjson
[2024年07月25日 00:00:40] [DETAILS] resolve languages> Scanning for [codeql-extractor.yml] from /Users/mendickxiao/tool/codeql/.codeqlmanifest.json
[2024年07月25日 00:00:40] [DETAILS] resolve languages> Parsing /Users/mendickxiao/tool/codeql/go/codeql-extractor.yml.
[2024年07月25日 00:00:41] [DETAILS] resolve languages> Parsing /Users/mendickxiao/tool/codeql/python/codeql-extractor.yml.
[2024年07月25日 00:00:41] [DETAILS] resolve languages> Parsing /Users/mendickxiao/tool/codeql/java/codeql-extractor.yml.
[2024年07月25日 00:00:41] [DETAILS] resolve languages> Parsing /Users/mendickxiao/tool/codeql/html/codeql-extractor.yml.
[2024年07月25日 00:00:41] [DETAILS] resolve languages> Parsing /Users/mendickxiao/tool/codeql/xml/codeql-extractor.yml.
[2024年07月25日 00:00:41] [DETAILS] resolve languages> Parsing /Users/mendickxiao/tool/codeql/properties/codeql-extractor.yml.
[2024年07月25日 00:00:41] [DETAILS] resolve languages> Parsing /Users/mendickxiao/tool/codeql/cpp/codeql-extractor.yml.
[2024年07月25日 00:00:41] [DETAILS] resolve languages> Parsing /Users/mendickxiao/tool/codeql/swift/codeql-extractor.yml.
[2024年07月25日 00:00:41] [DETAILS] resolve languages> Parsing /Users/mendickxiao/tool/codeql/csv/codeql-extractor.yml.
[2024年07月25日 00:00:41] [DETAILS] resolve languages> Parsing /Users/mendickxiao/tool/codeql/yaml/codeql-extractor.yml.
[2024年07月25日 00:00:41] [DETAILS] resolve languages> Parsing /Users/mendickxiao/tool/codeql/csharp/codeql-extractor.yml.
[2024年07月25日 00:00:41] [DETAILS] resolve languages> Parsing /Users/mendickxiao/tool/codeql/javascript/codeql-extractor.yml.
[2024年07月25日 00:00:41] [DETAILS] resolve languages> Parsing /Users/mendickxiao/tool/codeql/ruby/codeql-extractor.yml.
[2024年07月25日 00:00:41] Plumbing command codeql resolve languages completed:
{
"aliases" : {
"c" : "cpp",
"c++" : "cpp",
"c-c++" : "cpp",
"c-cpp" : "cpp",
"c#" : "csharp",
"java-kotlin" : "java",
"kotlin" : "java",
"javascript-typescript" : "javascript",
"typescript" : "javascript"
},
"extractors" : {
"go" : [
{
"extractor_root" : "/Users/mendickxiao/tool/codeql/go"
}
],
"python" : [
{
"extractor_root" : "/Users/mendickxiao/tool/codeql/python",
"extractor_options" : {
"logging" : {
"title" : "Options pertaining to logging.",
"description" : "Options pertaining to logging.",
"type" : "object",
"properties" : {
"verbosity" : {
"title" : "Python extractor logging verbosity level.",
"description" : "Controls the level of verbosity of the CodeQL Python extractor.\nThe supported levels are (in order of increasing verbosity):\n\n - off\n - errors\n - warnings\n - info or progress\n - debug or progress+\n - trace or progress++\n - progress+++\n",
"type" : "string",
"pattern" : "^(off|errors|warnings|(info|progress)|(debug|progress\+)|(trace|progress\+\+)|progress\+\+\+)$"
}
}
},
"python_executable_name" : {
"title" : "Controls the name of the Python executable used by the Python extractor.",
"description" : "The Python extractor uses platform-dependent heuristics to determine the name of the Python executable to use. Specifying a value for this option overrides the name of the Python executable used by the extractor. Accepted values are py, python and python3. Use this setting with caution, the Python extractor requires Python 3 to run.\n",
"type" : "string",
"pattern" : "^(py|python|python3)$"
}
}
}
],
"java" : [
{
"extractor_root" : "/Users/mendickxiao/tool/codeql/java",
"extractor_options" : {
"exclude" : {
"title" : "A glob excluding files from analysis.",
"description" : "A glob indicating what files to exclude from the analysis.\n",
"type" : "string"
},
"add_prefer_source" : {
"title" : "Whether to always prefer source files over class files.",
"description" : "A value indicating whether source files should be preferred over class files. If set to 'true', the extraction adds '-Xprefer:source' to the javac command line. If set to 'false', the extraction uses the default javac behavior ('-Xprefer:newer'). The default is 'true'.\n",
"type" : "string",
"pattern" : "^(false|true)$"
},
"buildless" : {
"title" : "Whether to use buildless (standalone) extraction (experimental).",
"description" : "A value indicating, which type of extraction the autobuilder should perform. If 'true', then the standalone extractor will be used, otherwise tracing extraction will be performed. The default is 'false'. Note that buildless extraction will generally yield less accurate analysis results, and should only be used in cases where it is not possible to build the code (for example if it uses inaccessible dependencies).\n",
"type" : "string",
"pattern" : "^(false|true)$"
}
}
}
],
"html" : [
{
"extractor_root" : "/Users/mendickxiao/tool/codeql/html"
}
],
"xml" : [
{
"extractor_root" : "/Users/mendickxiao/tool/codeql/xml"
}
],
"properties" : [
{
"extractor_root" : "/Users/mendickxiao/tool/codeql/properties"
}
],
"cpp" : [
{
"extractor_root" : "/Users/mendickxiao/tool/codeql/cpp",
"extractor_options" : { }
}
],
"swift" : [
{
"extractor_root" : "/Users/mendickxiao/tool/codeql/swift"
}
],
"csv" : [
{
"extractor_root" : "/Users/mendickxiao/tool/codeql/csv"
}
],
"yaml" : [
{
"extractor_root" : "/Users/mendickxiao/tool/codeql/yaml"
}
],
"csharp" : [
{
"extractor_root" : "/Users/mendickxiao/tool/codeql/csharp",
"extractor_options" : {
"trap" : {
"title" : "Options pertaining to TRAP.",
"description" : "Options pertaining to TRAP.",
"type" : "object",
"properties" : {
"compression" : {
"title" : "Controls compression for the TRAP files written by the extractor.",
"description" : "This option is only intended for use in debugging the extractor. Accepted values are 'brotli' (the default, to write brotli-compressed TRAP), 'gzip', and 'none' (to write uncompressed TRAP).\n",
"type" : "string",
"pattern" : "^(none|gzip|brotli)$"
}
}
},
"buildless" : {
"title" : "DEPRECATED - Whether to use buildless (standalone) extraction.",
"description" : "DEPRECATED: Use --build-mode none instead.\nA value indicating, which type of extraction the autobuilder should perform. If 'true', then the standalone extractor will be used, otherwise tracing extraction will be performed. The default is 'false'. Note that buildless extraction will generally yield less accurate analysis results, and should only be used in cases where it is not possible to build the code (for example if it uses inaccessible dependencies).\n",
"type" : "string",
"pattern" : "^(false|true)$"
},
"logging" : {
"title" : "Options pertaining to logging.",
"description" : "Options pertaining to logging.",
"type" : "object",
"properties" : {
"verbosity" : {
"title" : "Extractor logging verbosity level.",
"description" : "Controls the level of verbosity of the extractor. The supported levels are (in order of increasing verbosity):\n - off\n - errors\n - warnings\n - info or progress\n - debug or progress+\n - trace or progress++\n - progress+++\n",
"type" : "string",
"pattern" : "^(off|errors|warnings|(info|progress)|(debug|progress\+)|(trace|progress\+\+)|progress\+\+\+)$"
}
}
},
"binlog" : {
"title" : "Binlog",
"description" : "[EXPERIMENTAL] The value is a path to the MsBuild binary log file that should be extracted. This option only works when --build-mode none is also specified.\n",
"type" : "string"
}
}
}
],
"javascript" : [
{
"extractor_root" : "/Users/mendickxiao/tool/codeql/javascript",
"extractor_options" : {
"skip_types" : {
"title" : "Skip type extraction for TypeScript",
"description" : "Whether to skip the extraction of types in a TypeScript application",
"type" : "string",
"pattern" : "^(false|true)$"
}
}
}
],
"ruby" : [
{
"extractor_root" : "/Users/mendickxiao/tool/codeql/ruby",
"extractor_options" : {
"trap" : {
"title" : "Options pertaining to TRAP.",
"description" : "Options pertaining to TRAP.",
"type" : "object",
"properties" : {
"compression" : {
"title" : "Controls compression for the TRAP files written by the extractor.",
"description" : "This option is only intended for use in debugging the extractor. Accepted values are 'gzip' (the default, to write gzip-compressed TRAP) and 'none' (to write uncompressed TRAP).\n",
"type" : "string",
"pattern" : "^(none|gzip)$"
}
}
}
}
}
]
}
}
[2024年07月25日 00:00:41] [PROGRESS] database init> Calculating baseline information in /Users/mendickxiao/code/security/WebGoat-main
[2024年07月25日 00:00:41] [SPAMMY] database init> Ignoring the following directories when processing baseline information: .git, .hg, .svn.
[2024年07月25日 00:00:41] [DETAILS] database init> Running command in /Users/mendickxiao/code/security/WebGoat-main: /Users/mendickxiao/tool/codeql/tools/osx64/scc --by-file --exclude-dir .git,.hg,.svn --format json --no-large --no-min .
[2024年07月25日 00:00:42] Using configure-baseline script /Users/mendickxiao/tool/codeql/javascript/tools/configure-baseline.sh.
[2024年07月25日 00:00:42] [PROGRESS] database init> Running command in /Users/mendickxiao/code/security/WebGoat-main: [/Users/mendickxiao/tool/codeql/javascript/tools/configure-baseline.sh]
[2024年07月25日 00:00:42] [SPAMMY] database init> Ignored an additional 2 files when processing baseline information for JavaScript due to paths and paths-ignore configuration.
[2024年07月25日 00:00:42] [SPAMMY] database init> Found 355 baseline files for java.
[2024年07月25日 00:00:42] [SPAMMY] database init> Found 80 baseline files for javascript.
[2024年07月25日 00:00:42] [PROGRESS] database init> Calculated baseline information for languages: java, javascript (643ms).
[2024年07月25日 00:00:42] [PROGRESS] database init> Resolving extractor java.
[2024年07月25日 00:00:42] [DETAILS] database init> Found candidate extractor root for java: /Users/mendickxiao/tool/codeql/java.
[2024年07月25日 00:00:42] [PROGRESS] database init> Successfully loaded extractor Java/Kotlin (java) from /Users/mendickxiao/tool/codeql/java.
[2024年07月25日 00:00:42] [SPAMMY] database init> Determining macOS System Integrity Protection status...
[2024年07月25日 00:00:42] [SPAMMY] database init> Running command [/usr/bin/csrutil, status].
[2024年07月25日 00:00:42] [SPAMMY] database init> SIP is enabled.
[2024年07月25日 00:00:42] [PROGRESS] database init> Created skeleton CodeQL database at /Users/mendickxiao/code/security/WebGoat-main/webgoat-db-test-1. This in-progress database is ready to be populated by an extractor.
[2024年07月25日 00:00:42] Plumbing command codeql database init completed.
[2024年07月25日 00:00:42] [PROGRESS] database create> Running build command: [mvn, clean, compile]
[2024年07月25日 00:00:42] Running plumbing command: codeql database trace-command --working-dir=/Users/mendickxiao/code/security/WebGoat-main --index-traceless-dbs --no-db-cluster -- /Users/mendickxiao/code/security/WebGoat-main/webgoat-db-test-1 mvn clean compile
[2024年07月25日 00:00:42] [PROGRESS] database trace-command> Running command in /Users/mendickxiao/code/security/WebGoat-main: [mvn, clean, compile]
[2024年07月25日 00:00:45] [build-stdout] [INFO] Scanning for projects...
[2024年07月25日 00:00:45] [build-stdout] [INFO]
[2024年07月25日 00:00:45] [build-stdout] [INFO] ---------------------< org.owasp.webgoat:webgoat >----------------------
[2024年07月25日 00:00:45] [build-stdout] [INFO] Building WebGoat 2024.2-SNAPSHOT
[2024年07月25日 00:00:45] [build-stdout] [INFO] --------------------------------[ jar ]---------------------------------
[2024年07月25日 00:00:47] [build-stdout] [INFO]
[2024年07月25日 00:00:47] [build-stdout] [INFO] --- maven-clean-plugin:3.3.2:clean (default-clean) @ webgoat ---
[2024年07月25日 00:00:47] [build-stdout] [INFO] Deleting /Users/mendickxiao/code/security/WebGoat-main/target
[2024年07月25日 00:00:48] [build-stdout] [INFO]
[2024年07月25日 00:00:48] [build-stdout] [INFO] --- maven-enforcer-plugin:3.5.0:enforce (restrict-log4j-versions) @ webgoat ---
[2024年07月25日 00:00:48] [build-stdout] [INFO] Rule 0: org.apache.maven.enforcer.rules.dependency.BannedDependencies passed
[2024年07月25日 00:00:48] [build-stdout] [INFO]
[2024年07月25日 00:00:48] [build-stdout] [INFO] --- maven-resources-plugin:3.3.1:resources (default-resources) @ webgoat ---
[2024年07月25日 00:00:48] [build-stdout] [INFO] Copying 2 resources from src/main/resources to target/classes
[2024年07月25日 00:00:48] [build-stdout] [INFO] Copying 647 resources from src/main/resources to target/classes
[2024年07月25日 00:00:49] [build-stdout] [INFO]
[2024年07月25日 00:00:49] [build-stdout] [INFO] --- build-helper-maven-plugin:3.4.0:reserve-network-port (reserve-container-port) @ webgoat ---
[2024年07月25日 00:00:49] [build-stdout] [INFO] Reserved port 65000 for webgoat.port
[2024年07月25日 00:00:49] [build-stdout] [INFO] Reserved port 65001 for webwolf.port
[2024年07月25日 00:00:49] [build-stdout] [INFO]
[2024年07月25日 00:00:49] [build-stdout] [INFO] --- maven-compiler-plugin:3.8.0:compile (default-compile) @ webgoat ---
[2024年07月25日 00:00:50] [build-stdout] [INFO] Changes detected - recompiling the module!
[2024年07月25日 00:00:50] [build-stdout] [INFO] Compiling 258 source files to /Users/mendickxiao/code/security/WebGoat-main/target/classes
[2024年07月25日 00:00:59] [build-stdout] [INFO] /Users/mendickxiao/code/security/WebGoat-main/src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadBase.java: 某些输入文件使用或覆盖了已过时的 API。
[2024年07月25日 00:00:59] [build-stdout] [INFO] /Users/mendickxiao/code/security/WebGoat-main/src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadBase.java: 有关详细信息, 请使用 -Xlint:deprecation 重新编译。
[2024年07月25日 00:00:59] [build-stdout] [INFO] /Users/mendickxiao/code/security/WebGoat-main/src/main/java/org/owasp/webgoat/lessons/passwordreset/ResetLinkAssignmentForgotPassword.java: 某些输入文件使用了未经检查或不安全的操作。
[2024年07月25日 00:00:59] [build-stdout] [INFO] /Users/mendickxiao/code/security/WebGoat-main/src/main/java/org/owasp/webgoat/lessons/passwordreset/ResetLinkAssignmentForgotPassword.java: 有关详细信息, 请使用 -Xlint:unchecked 重新编译。
[2024年07月25日 00:00:59] [build-stdout] [INFO] ------------------------------------------------------------------------
[2024年07月25日 00:00:59] [build-stdout] [INFO] BUILD SUCCESS
[2024年07月25日 00:00:59] [build-stdout] [INFO] ------------------------------------------------------------------------
[2024年07月25日 00:00:59] [build-stdout] [INFO] Total time: 14.304 s
[2024年07月25日 00:00:59] [build-stdout] [INFO] Finished at: 2024年07月25日T00:00:59+08:00
[2024年07月25日 00:00:59] [build-stdout] [INFO] ------------------------------------------------------------------------
[2024年07月25日 00:00:59] Plumbing command codeql database trace-command completed.
[2024年07月25日 00:00:59] [PROGRESS] database create> Finalizing database at /Users/mendickxiao/code/security/WebGoat-main/webgoat-db-test-1.
[2024年07月25日 00:00:59] Running plumbing command: codeql database finalize --no-db-cluster -- /Users/mendickxiao/code/security/WebGoat-main/webgoat-db-test-1
[2024年07月25日 00:00:59] Calling plumbing command: codeql resolve languages --format=json
[2024年07月25日 00:00:59] [DETAILS] resolve languages> Scanning for [codeql-extractor.yml] from /Users/mendickxiao/tool/codeql/.codeqlmanifest.json
[2024年07月25日 00:01:00] [DETAILS] resolve languages> Parsing /Users/mendickxiao/tool/codeql/go/codeql-extractor.yml.
[2024年07月25日 00:01:00] [DETAILS] resolve languages> Parsing /Users/mendickxiao/tool/codeql/python/codeql-extractor.yml.
[2024年07月25日 00:01:00] [DETAILS] resolve languages> Parsing /Users/mendickxiao/tool/codeql/java/codeql-extractor.yml.
[2024年07月25日 00:01:00] [DETAILS] resolve languages> Parsing /Users/mendickxiao/tool/codeql/html/codeql-extractor.yml.
[2024年07月25日 00:01:00] [DETAILS] resolve languages> Parsing /Users/mendickxiao/tool/codeql/xml/codeql-extractor.yml.
[2024年07月25日 00:01:00] [DETAILS] resolve languages> Parsing /Users/mendickxiao/tool/codeql/properties/codeql-extractor.yml.
[2024年07月25日 00:01:00] [DETAILS] resolve languages> Parsing /Users/mendickxiao/tool/codeql/cpp/codeql-extractor.yml.
[2024年07月25日 00:01:00] [DETAILS] resolve languages> Parsing /Users/mendickxiao/tool/codeql/swift/codeql-extractor.yml.
[2024年07月25日 00:01:00] [DETAILS] resolve languages> Parsing /Users/mendickxiao/tool/codeql/csv/codeql-extractor.yml.
[2024年07月25日 00:01:00] [DETAILS] resolve languages> Parsing /Users/mendickxiao/tool/codeql/yaml/codeql-extractor.yml.
[2024年07月25日 00:01:00] [DETAILS] resolve languages> Parsing /Users/mendickxiao/tool/codeql/csharp/codeql-extractor.yml.
[2024年07月25日 00:01:00] [DETAILS] resolve languages> Parsing /Users/mendickxiao/tool/codeql/javascript/codeql-extractor.yml.
[2024年07月25日 00:01:00] [DETAILS] resolve languages> Parsing /Users/mendickxiao/tool/codeql/ruby/codeql-extractor.yml.
[2024年07月25日 00:01:00] Plumbing command codeql resolve languages completed:
{
"aliases" : {
"c" : "cpp",
"c++" : "cpp",
"c-c++" : "cpp",
"c-cpp" : "cpp",
"c#" : "csharp",
"java-kotlin" : "java",
"kotlin" : "java",
"javascript-typescript" : "javascript",
"typescript" : "javascript"
},
"extractors" : {
"go" : [
{
"extractor_root" : "/Users/mendickxiao/tool/codeql/go"
}
],
"python" : [
{
"extractor_root" : "/Users/mendickxiao/tool/codeql/python",
"extractor_options" : {
"logging" : {
"title" : "Options pertaining to logging.",
"description" : "Options pertaining to logging.",
"type" : "object",
"properties" : {
"verbosity" : {
"title" : "Python extractor logging verbosity level.",
"description" : "Controls the level of verbosity of the CodeQL Python extractor.\nThe supported levels are (in order of increasing verbosity):\n\n - off\n - errors\n - warnings\n - info or progress\n - debug or progress+\n - trace or progress++\n - progress+++\n",
"type" : "string",
"pattern" : "^(off|errors|warnings|(info|progress)|(debug|progress\+)|(trace|progress\+\+)|progress\+\+\+)$"
}
}
},
"python_executable_name" : {
"title" : "Controls the name of the Python executable used by the Python extractor.",
"description" : "The Python extractor uses platform-dependent heuristics to determine the name of the Python executable to use. Specifying a value for this option overrides the name of the Python executable used by the extractor. Accepted values are py, python and python3. Use this setting with caution, the Python extractor requires Python 3 to run.\n",
"type" : "string",
"pattern" : "^(py|python|python3)$"
}
}
}
],
"java" : [
{
"extractor_root" : "/Users/mendickxiao/tool/codeql/java",
"extractor_options" : {
"exclude" : {
"title" : "A glob excluding files from analysis.",
"description" : "A glob indicating what files to exclude from the analysis.\n",
"type" : "string"
},
"add_prefer_source" : {
"title" : "Whether to always prefer source files over class files.",
"description" : "A value indicating whether source files should be preferred over class files. If set to 'true', the extraction adds '-Xprefer:source' to the javac command line. If set to 'false', the extraction uses the default javac behavior ('-Xprefer:newer'). The default is 'true'.\n",
"type" : "string",
"pattern" : "^(false|true)$"
},
"buildless" : {
"title" : "Whether to use buildless (standalone) extraction (experimental).",
"description" : "A value indicating, which type of extraction the autobuilder should perform. If 'true', then the standalone extractor will be used, otherwise tracing extraction will be performed. The default is 'false'. Note that buildless extraction will generally yield less accurate analysis results, and should only be used in cases where it is not possible to build the code (for example if it uses inaccessible dependencies).\n",
"type" : "string",
"pattern" : "^(false|true)$"
}
}
}
],
"html" : [
{
"extractor_root" : "/Users/mendickxiao/tool/codeql/html"
}
],
"xml" : [
{
"extractor_root" : "/Users/mendickxiao/tool/codeql/xml"
}
],
"properties" : [
{
"extractor_root" : "/Users/mendickxiao/tool/codeql/properties"
}
],
"cpp" : [
{
"extractor_root" : "/Users/mendickxiao/tool/codeql/cpp",
"extractor_options" : { }
}
],
"swift" : [
{
"extractor_root" : "/Users/mendickxiao/tool/codeql/swift"
}
],
"csv" : [
{
"extractor_root" : "/Users/mendickxiao/tool/codeql/csv"
}
],
"yaml" : [
{
"extractor_root" : "/Users/mendickxiao/tool/codeql/yaml"
}
],
"csharp" : [
{
"extractor_root" : "/Users/mendickxiao/tool/codeql/csharp",
"extractor_options" : {
"trap" : {
"title" : "Options pertaining to TRAP.",
"description" : "Options pertaining to TRAP.",
"type" : "object",
"properties" : {
"compression" : {
"title" : "Controls compression for the TRAP files written by the extractor.",
"description" : "This option is only intended for use in debugging the extractor. Accepted values are 'brotli' (the default, to write brotli-compressed TRAP), 'gzip', and 'none' (to write uncompressed TRAP).\n",
"type" : "string",
"pattern" : "^(none|gzip|brotli)$"
}
}
},
"buildless" : {
"title" : "DEPRECATED - Whether to use buildless (standalone) extraction.",
"description" : "DEPRECATED: Use --build-mode none instead.\nA value indicating, which type of extraction the autobuilder should perform. If 'true', then the standalone extractor will be used, otherwise tracing extraction will be performed. The default is 'false'. Note that buildless extraction will generally yield less accurate analysis results, and should only be used in cases where it is not possible to build the code (for example if it uses inaccessible dependencies).\n",
"type" : "string",
"pattern" : "^(false|true)$"
},
"logging" : {
"title" : "Options pertaining to logging.",
"description" : "Options pertaining to logging.",
"type" : "object",
"properties" : {
"verbosity" : {
"title" : "Extractor logging verbosity level.",
"description" : "Controls the level of verbosity of the extractor. The supported levels are (in order of increasing verbosity):\n - off\n - errors\n - warnings\n - info or progress\n - debug or progress+\n - trace or progress++\n - progress+++\n",
"type" : "string",
"pattern" : "^(off|errors|warnings|(info|progress)|(debug|progress\+)|(trace|progress\+\+)|progress\+\+\+)$"
}
}
},
"binlog" : {
"title" : "Binlog",
"description" : "[EXPERIMENTAL] The value is a path to the MsBuild binary log file that should be extracted. This option only works when --build-mode none is also specified.\n",
"type" : "string"
}
}
}
],
"javascript" : [
{
"extractor_root" : "/Users/mendickxiao/tool/codeql/javascript",
"extractor_options" : {
"skip_types" : {
"title" : "Skip type extraction for TypeScript",
"description" : "Whether to skip the extraction of types in a TypeScript application",
"type" : "string",
"pattern" : "^(false|true)$"
}
}
}
],
"ruby" : [
{
"extractor_root" : "/Users/mendickxiao/tool/codeql/ruby",
"extractor_options" : {
"trap" : {
"title" : "Options pertaining to TRAP.",
"description" : "Options pertaining to TRAP.",
"type" : "object",
"properties" : {
"compression" : {
"title" : "Controls compression for the TRAP files written by the extractor.",
"description" : "This option is only intended for use in debugging the extractor. Accepted values are 'gzip' (the default, to write gzip-compressed TRAP) and 'none' (to write uncompressed TRAP).\n",
"type" : "string",
"pattern" : "^(none|gzip)$"
}
}
}
}
}
]
}
}
[2024年07月25日 00:01:00] [SPAMMIER] database finalize> Loaded the following extractors: Go, Python, Java/Kotlin, HTML, XML, Java Properties Files, C/C++, Swift, CSV, YAML, C#, JavaScript/TypeScript, Ruby
[2024年07月25日 00:01:00] [ERROR] database finalize> CodeQL detected code written in Java/Kotlin but could not automatically build any of it. Provide an explicit build command with --command or check the logs. For more information, review our troubleshooting guide at https://gh.io/troubleshooting-code-scanning/no-source-code-seen-during-build.
[2024年07月25日 00:01:00] Plumbing command codeql database finalize completed with status 32.
[2024年07月25日 00:01:00] Exiting with code 32
Beta Was this translation helpful? Give feedback.
All reactions
-
I tested --build-mode=none is working, but --build-mode=autobuild is not working. And If I miss this parameter --build-mode, it is not working.
Beta Was this translation helpful? Give feedback.
All reactions
-
I found the root cause is that I deleted the XCode, so we can see this error.
xcrun: error: active developer path ("/Applications/Xcode.app/Contents/Developer") does not exist
Use sudo xcode-select --switch path/to/Xcode.app to specify the Xcode that you wish to use for command line developer tools, or use xcode-select --install to install the standalone command line developer tools.
I have installed the command line tools for XCode, and I can use this command:
sudo xcode-select --switch / to switch to use the command line.
Beta Was this translation helpful? Give feedback.
All reactions
-
Well, this looks like a problem -- can you address this issue (which is an Apple build tools problem), and then try again?
/Users/mendickxiao/code/security/WebGoat-main/webgoat-db-test-1/working/copy-root/000001F5/bin/bash.semmle.0000717F.16FCEB10.slice.x86_64: replacing existing signature
xcrun: error: active developer path ("/Applications/Xcode.app/Contents/Developer") does not exist
Use sudo xcode-select --switch path/to/Xcode.app to specify the Xcode that you wish to use for command line developer tools, or use xcode-select --install to install the standalone command line developer tools.
See man xcode-select for more details.
Beta Was this translation helpful? Give feedback.
All reactions
-
Excellent, glad you got it fixed :)
Beta Was this translation helpful? Give feedback.