{"id":5554,"date":"2025-07-24T14:12:40","date_gmt":"2025-07-24T14:12:40","guid":{"rendered":"https:\/\/techhub.saworks.io\/docs\/tutoriel-github\/securite-avancee-sur-github-partie-2-sur-2\/preparer-une-base-de-donnees-pour-codeql\/"},"modified":"2025-07-31T13:59:30","modified_gmt":"2025-07-31T13:59:30","slug":"preparer-une-base-de-donnees-pour-codeql","status":"publish","type":"docs","link":"https:\/\/techhub.saworks.io\/fr\/docs\/tutoriel-github\/securite-avancee-sur-github-partie-2-sur-2\/preparer-une-base-de-donnees-pour-codeql\/","title":{"rendered":"Pr\u00e9parer une base de donn\u00e9es pour CodeQL"},"content":{"rendered":"\n<div class=\"wp-block-group is-layout-constrained wp-block-group-is-layout-constrained\">\n<p>CodeQL traite le code comme des donn\u00e9es. Vous cr\u00e9ez une base de donn\u00e9es en extrayant des donn\u00e9es interrogeables \u00e0 partir de votre base de code. Ensuite, vous pouvez ex\u00e9cuter des requ\u00eates CodeQL sur cette base pour identifier des vuln\u00e9rabilit\u00e9s de s\u00e9curit\u00e9, des bogues et d&rsquo;autres erreurs. Vous pouvez \u00e9crire vos propres requ\u00eates ou utiliser celles fournies par les chercheurs de GitHub et la communaut\u00e9.<\/p>\n\n\n\n<p>Dans cette unit\u00e9, vous apprendrez \u00e0 cr\u00e9er une base de donn\u00e9es. Cette \u00e9tape est n\u00e9cessaire avant de pouvoir analyser votre code. Vous devez cr\u00e9er une base de donn\u00e9es CodeQL contenant toutes les donn\u00e9es n\u00e9cessaires \u00e0 l&rsquo;ex\u00e9cution de requ\u00eates sur votre code.<\/p>\n\n\n\n<p>L\u2019analyse CodeQL repose sur l\u2019extraction de donn\u00e9es relationnelles \u00e0 partir de votre code pour construire une base de donn\u00e9es CodeQL. Ces bases contiennent toutes les informations importantes sur une base de code.<\/p>\n\n\n\n<p>Vous pouvez utiliser l\u2019outil en ligne de commande CodeQL (CLI) pour analyser le code et g\u00e9n\u00e9rer une repr\u00e9sentation en base de donn\u00e9es. Une fois la base pr\u00eate, vous pouvez l\u2019interroger ou ex\u00e9cuter une suite de requ\u00eates pour g\u00e9n\u00e9rer un ensemble de r\u00e9sultats au format SARIF (Static Analysis Results Interchange Format).<\/p>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h3 class=\"wp-block-heading\">Pr\u00e9paration de la base de donn\u00e9es pour CodeQL<\/h3>\n\n\n\n<p>Avant de g\u00e9n\u00e9rer une base de donn\u00e9es CodeQL, vous devez installer et configurer le CLI CodeQL. Ensuite, vous devez r\u00e9cup\u00e9rer la version du code que vous souhaitez analyser.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Pour les langages compil\u00e9s<\/strong>, le r\u00e9pertoire doit \u00eatre pr\u00eat \u00e0 \u00eatre compil\u00e9, avec toutes les d\u00e9pendances install\u00e9es. CodeQL commence par extraire une repr\u00e9sentation relationnelle de chaque fichier source pour cr\u00e9er la base de donn\u00e9es.<\/li>\n\n\n\n<li><strong>Pour les langages interpr\u00e9t\u00e9s<\/strong>, l\u2019extracteur s\u2019ex\u00e9cute directement sur le code source, ce qui permet une repr\u00e9sentation pr\u00e9cise de la base de code et la r\u00e9solution des d\u00e9pendances.<\/li>\n<\/ul>\n\n\n\n<p>L\u2019extraction des fichiers source fonctionne en surveillant le processus de compilation normal. CodeQL copie chaque fichier source \u00e0 chaque fois que le compilateur est invoqu\u00e9, collectant toutes les informations pertinentes.<\/p>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h3 class=\"wp-block-heading\">Configuration du CLI<\/h3>\n\n\n\n<p>Voici les \u00e9tapes pour configurer le CLI CodeQL :<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>T\u00e9l\u00e9charger l\u2019archive .zip du bundle CodeQL CLI<\/strong><br>Il est recommand\u00e9 de t\u00e9l\u00e9charger le bundle complet (CLI + requ\u00eates) pour garantir la compatibilit\u00e9 et de meilleures performances.<br>Le bundle contient : le CLI CodeQL, des versions compatibles des requ\u00eates et biblioth\u00e8ques du d\u00e9p\u00f4t GitHub CodeQL, et des versions pr\u00e9compil\u00e9es des requ\u00eates incluses.\n<ul class=\"wp-block-list\">\n<li>Allez sur la page des versions (Releases) du d\u00e9p\u00f4t public CodeQL.<\/li>\n\n\n\n<li>T\u00e9l\u00e9chargez le bundle sp\u00e9cifique \u00e0 votre plateforme sous la section&nbsp;<em>Assets<\/em>.<\/li>\n\n\n\n<li>Vous pouvez aussi t\u00e9l\u00e9charger&nbsp;<code>codeql-bundle.tar.gz<\/code>&nbsp;pour toutes les plateformes.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Extraire l\u2019archive .zip<\/strong><br>Sous Linux, Windows ou macOS, extrayez l\u2019archive dans le r\u00e9pertoire de votre choix.<br>Les utilisateurs de macOS Catalina (ou version ult\u00e9rieure) doivent suivre des \u00e9tapes suppl\u00e9mentaires (voir <a href=\"https:\/\/docs.github.com\/en\/code-security\/codeql-cli\/getting-started-with-the-codeql-cli\">la documentation CodeQL<\/a>).<\/li>\n\n\n\n<li><strong>Ex\u00e9cuter les processus CodeQL<\/strong><br>Apr\u00e8s extraction, vous pouvez :\n<ul class=\"wp-block-list\">\n<li>Ex\u00e9cuter&nbsp;<code>&lt;chemin-extraction&gt;\/codeql\/codeql<\/code><\/li>\n\n\n\n<li>Ou ajouter&nbsp;<code>&lt;chemin-extraction&gt;\/codeql<\/code>&nbsp;\u00e0 votre variable d\u2019environnement&nbsp;<code>PATH<\/code>&nbsp;pour ex\u00e9cuter simplement&nbsp;<code>codeql<\/code>.<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h3 class=\"wp-block-heading\">V\u00e9rification de la configuration du CLI<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Ex\u00e9cutez&nbsp;<code>codeql resolve packs<\/code>&nbsp;(ou le chemin complet si non ajout\u00e9 au PATH) pour afficher les packs CodeQL disponibles.<\/li>\n\n\n\n<li>Ex\u00e9cutez&nbsp;<code>codeql resolve languages<\/code>&nbsp;pour voir les langages pris en charge par d\u00e9faut.<\/li>\n<\/ul>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h3 class=\"wp-block-heading\">Cr\u00e9ation de la base de donn\u00e9es<\/h3>\n\n\n\n<p>Cr\u00e9ez une base de donn\u00e9es CodeQL en ex\u00e9cutant cette commande depuis la racine du projet clon\u00e9 :<\/p>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro cbp-has-line-numbers\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.75rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;--cbp-line-number-color:#EEFFFF;--cbp-line-number-width:calc(1 * 0.6 * .75rem);line-height:1rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:block;padding:16px 0 0 16px;margin-bottom:-1px;width:100%;text-align:left;background-color:#212121\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"54\" height=\"14\" viewBox=\"0 0 54 14\"><g fill=\"none\" fill-rule=\"evenodd\" transform=\"translate(1 1)\"><circle cx=\"6\" cy=\"6\" r=\"6\" fill=\"#FF5F56\" stroke=\"#E0443E\" stroke-width=\".5\"><\/circle><circle cx=\"26\" cy=\"6\" r=\"6\" fill=\"#FFBD2E\" stroke=\"#DEA123\" stroke-width=\".5\"><\/circle><circle cx=\"46\" cy=\"6\" r=\"6\" fill=\"#27C93F\" stroke=\"#1AAB29\" stroke-width=\".5\"><\/circle><\/g><\/svg><\/span><span role=\"button\" tabindex=\"0\" style=\"color:#EEFFFF;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>codeql database create &lt;database> --language=&lt;language-identifier><\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2\"><\/path><\/svg><\/span><pre class=\"shiki material-theme-darker\" style=\"background-color: #212121\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #FFCB6B\">codeql<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #C3E88D\">database<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #C3E88D\">create<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #89DDFF\">&lt;<\/span><span style=\"color: #C3E88D\">databas<\/span><span style=\"color: #EEFFFF\">e<\/span><span style=\"color: #89DDFF\">&gt;<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #C3E88D\">--language=<\/span><span style=\"color: #89DDFF\">&lt;<\/span><span style=\"color: #C3E88D\">language-identifier<\/span><span style=\"color: #89DDFF\">&gt;<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h3 class=\"wp-block-heading\">Dans la commande :<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Remplacez&nbsp;<strong><code>&lt;database&gt;<\/code><\/strong>&nbsp;par le chemin vers la nouvelle base de donn\u00e9es \u00e0 cr\u00e9er.<\/li>\n\n\n\n<li>Remplacez&nbsp;<strong><code>&lt;language-identifier&gt;<\/code><\/strong>&nbsp;par l\u2019identifiant du langage que vous utilisez pour cr\u00e9er la base. Vous pouvez utiliser cet identifiant avec&nbsp;<code>--db-cluster<\/code>&nbsp;pour accepter une liste s\u00e9par\u00e9e par des virgules, ou le sp\u00e9cifier plusieurs fois.<\/li>\n<\/ul>\n\n\n\n<p>Vous pouvez \u00e9galement sp\u00e9cifier les options suivantes, selon l\u2019emplacement des fichiers sources, si votre code doit \u00eatre compil\u00e9, ou si vous souhaitez cr\u00e9er des bases CodeQL pour plusieurs langages :<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Utilisez&nbsp;<strong><code>--source-root<\/code><\/strong>&nbsp;pour indiquer le dossier racine des fichiers sources principaux pour la cr\u00e9ation de la base.<\/li>\n\n\n\n<li>Utilisez&nbsp;<strong><code>--db-cluster<\/code><\/strong>&nbsp;pour les bases de code multilingues lorsque vous souhaitez cr\u00e9er des bases pour plusieurs langages.<\/li>\n\n\n\n<li>Utilisez&nbsp;<strong><code>--command<\/code><\/strong>&nbsp;lorsque vous cr\u00e9ez une base pour un ou plusieurs langages compil\u00e9s. Cette option n\u2019est pas n\u00e9cessaire si vous utilisez uniquement Python ou JavaScript.<\/li>\n\n\n\n<li>Utilisez&nbsp;<strong><code>--no-run-unnecessary-builds<\/code><\/strong>&nbsp;avec&nbsp;<code>--db-cluster<\/code>&nbsp;pour \u00e9viter d\u2019ex\u00e9cuter la commande de compilation pour les langages o\u00f9 le CLI CodeQL n\u2019a pas besoin de surveiller la compilation.<\/li>\n<\/ul>\n\n\n\n<p>Apr\u00e8s avoir cr\u00e9\u00e9 la base avec succ\u00e8s, un nouveau r\u00e9pertoire appara\u00eet \u00e0 l\u2019emplacement sp\u00e9cifi\u00e9 dans la commande. Si vous avez utilis\u00e9 l\u2019option&nbsp;<code>--db-cluster<\/code>&nbsp;pour cr\u00e9er plusieurs bases, un sous-r\u00e9pertoire est cr\u00e9\u00e9 pour chaque langage.<\/p>\n\n\n\n<p>Chaque r\u00e9pertoire de base de donn\u00e9es CodeQL contient plusieurs sous-dossiers, y compris les donn\u00e9es relationnelles utilis\u00e9es pour l\u2019analyse et une&nbsp;<strong>archive source<\/strong>. Cette archive est une copie des fichiers source au moment de la cr\u00e9ation de la base, utilis\u00e9e par CodeQL pour afficher les r\u00e9sultats d\u2019analyse.<\/p>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h3 class=\"wp-block-heading\">Extracteurs<\/h3>\n\n\n\n<p>Un&nbsp;<strong>extracteur<\/strong>&nbsp;est un outil qui produit les donn\u00e9es relationnelles et les r\u00e9f\u00e9rences aux sources pour chaque fichier d\u2019entr\u00e9e, \u00e0 partir desquels une base CodeQL peut \u00eatre construite. Chaque langage pris en charge par CodeQL poss\u00e8de son propre extracteur, ce qui garantit une extraction aussi pr\u00e9cise que possible.<\/p>\n\n\n\n<p>Chaque extracteur d\u00e9finit son propre ensemble d\u2019options de configuration.<br>L\u2019ex\u00e9cution de la commande suivante :<\/p>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro cbp-has-line-numbers\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.75rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;--cbp-line-number-color:#EEFFFF;--cbp-line-number-width:calc(2 * 0.6 * .75rem);line-height:1rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:block;padding:16px 0 0 16px;margin-bottom:-1px;width:100%;text-align:left;background-color:#212121\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"54\" height=\"14\" viewBox=\"0 0 54 14\"><g fill=\"none\" fill-rule=\"evenodd\" transform=\"translate(1 1)\"><circle cx=\"6\" cy=\"6\" r=\"6\" fill=\"#FF5F56\" stroke=\"#E0443E\" stroke-width=\".5\"><\/circle><circle cx=\"26\" cy=\"6\" r=\"6\" fill=\"#FFBD2E\" stroke=\"#DEA123\" stroke-width=\".5\"><\/circle><circle cx=\"46\" cy=\"6\" r=\"6\" fill=\"#27C93F\" stroke=\"#1AAB29\" stroke-width=\".5\"><\/circle><\/g><\/svg><\/span><span role=\"button\" tabindex=\"0\" style=\"color:#EEFFFF;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>{\n    \"extractor_root\" : \"\/home\/user\/codeql\/java\",\n    \"extractor_options\" : {\n        \"option1\" : {\n            \"title\" : \"Java extractor option 1\",\n            \"description\" : \"An example string option for the Java extractor.\",\n            \"type\" : \"string\",\n            \"pattern\" : \"&#91;a-z&#93;+\"\n        },\n        \"group1\" : {\n            \"title\" : \"Java extractor group 1\",\n            \"description\" : \"An example option group for the Java extractor.\",\n            \"type\" : \"object\",\n            \"properties\" : {\n                \"option2\" : {\n                    \"title\" : \"Java extractor option 2\",\n                    \"description\" : \"An example array option for the Java extractor\",\n                    \"type\" : \"array\",\n                    \"pattern\" : \"&#91;1-9&#93;&#91;0-9&#93;*\"\n                }\n            }\n        }\n    }\n}<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2\"><\/path><\/svg><\/span><pre class=\"shiki material-theme-darker\" style=\"background-color: #212121\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #89DDFF\">{<\/span><\/span>\n<span class=\"line\"><span style=\"color: #EEFFFF\">    <\/span><span style=\"color: #FFCB6B\">&quot;extractor_root&quot;<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #C3E88D\">:<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #89DDFF\">&quot;<\/span><span style=\"color: #C3E88D\">\/home\/user\/codeql\/java<\/span><span style=\"color: #89DDFF\">&quot;<\/span><span style=\"color: #C3E88D\">,<\/span><\/span>\n<span class=\"line\"><span style=\"color: #EEFFFF\">    <\/span><span style=\"color: #FFCB6B\">&quot;extractor_options&quot;<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #C3E88D\">:<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #C3E88D\">{<\/span><\/span>\n<span class=\"line\"><span style=\"color: #EEFFFF\">        <\/span><span style=\"color: #FFCB6B\">&quot;option1&quot;<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #C3E88D\">:<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #C3E88D\">{<\/span><\/span>\n<span class=\"line\"><span style=\"color: #EEFFFF\">            <\/span><span style=\"color: #FFCB6B\">&quot;title&quot;<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #C3E88D\">:<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #89DDFF\">&quot;<\/span><span style=\"color: #C3E88D\">Java extractor option 1<\/span><span style=\"color: #89DDFF\">&quot;<\/span><span style=\"color: #C3E88D\">,<\/span><\/span>\n<span class=\"line\"><span style=\"color: #EEFFFF\">            <\/span><span style=\"color: #FFCB6B\">&quot;description&quot;<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #C3E88D\">:<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #89DDFF\">&quot;<\/span><span style=\"color: #C3E88D\">An example string option for the Java extractor.<\/span><span style=\"color: #89DDFF\">&quot;<\/span><span style=\"color: #C3E88D\">,<\/span><\/span>\n<span class=\"line\"><span style=\"color: #EEFFFF\">            <\/span><span style=\"color: #FFCB6B\">&quot;type&quot;<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #C3E88D\">:<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #89DDFF\">&quot;<\/span><span style=\"color: #C3E88D\">string<\/span><span style=\"color: #89DDFF\">&quot;<\/span><span style=\"color: #C3E88D\">,<\/span><\/span>\n<span class=\"line\"><span style=\"color: #EEFFFF\">            <\/span><span style=\"color: #FFCB6B\">&quot;pattern&quot;<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #C3E88D\">:<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #89DDFF\">&quot;<\/span><span style=\"color: #C3E88D\">&#91;a-z&#93;+<\/span><span style=\"color: #89DDFF\">&quot;<\/span><\/span>\n<span class=\"line\"><span style=\"color: #EEFFFF\">        <\/span><span style=\"color: #89DDFF\">}<\/span><span style=\"color: #EEFFFF\">,<\/span><\/span>\n<span class=\"line\"><span style=\"color: #EEFFFF\">        <\/span><span style=\"color: #FFCB6B\">&quot;group1&quot;<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #C3E88D\">:<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #C3E88D\">{<\/span><\/span>\n<span class=\"line\"><span style=\"color: #EEFFFF\">            <\/span><span style=\"color: #FFCB6B\">&quot;title&quot;<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #C3E88D\">:<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #89DDFF\">&quot;<\/span><span style=\"color: #C3E88D\">Java extractor group 1<\/span><span style=\"color: #89DDFF\">&quot;<\/span><span style=\"color: #C3E88D\">,<\/span><\/span>\n<span class=\"line\"><span style=\"color: #EEFFFF\">            <\/span><span style=\"color: #FFCB6B\">&quot;description&quot;<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #C3E88D\">:<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #89DDFF\">&quot;<\/span><span style=\"color: #C3E88D\">An example option group for the Java extractor.<\/span><span style=\"color: #89DDFF\">&quot;<\/span><span style=\"color: #C3E88D\">,<\/span><\/span>\n<span class=\"line\"><span style=\"color: #EEFFFF\">            <\/span><span style=\"color: #FFCB6B\">&quot;type&quot;<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #C3E88D\">:<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #89DDFF\">&quot;<\/span><span style=\"color: #C3E88D\">object<\/span><span style=\"color: #89DDFF\">&quot;<\/span><span style=\"color: #C3E88D\">,<\/span><\/span>\n<span class=\"line\"><span style=\"color: #EEFFFF\">            <\/span><span style=\"color: #FFCB6B\">&quot;properties&quot;<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #C3E88D\">:<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #C3E88D\">{<\/span><\/span>\n<span class=\"line\"><span style=\"color: #EEFFFF\">                <\/span><span style=\"color: #FFCB6B\">&quot;option2&quot;<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #C3E88D\">:<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #C3E88D\">{<\/span><\/span>\n<span class=\"line\"><span style=\"color: #EEFFFF\">                    <\/span><span style=\"color: #FFCB6B\">&quot;title&quot;<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #C3E88D\">:<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #89DDFF\">&quot;<\/span><span style=\"color: #C3E88D\">Java extractor option 2<\/span><span style=\"color: #89DDFF\">&quot;<\/span><span style=\"color: #C3E88D\">,<\/span><\/span>\n<span class=\"line\"><span style=\"color: #EEFFFF\">                    <\/span><span style=\"color: #FFCB6B\">&quot;description&quot;<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #C3E88D\">:<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #89DDFF\">&quot;<\/span><span style=\"color: #C3E88D\">An example array option for the Java extractor<\/span><span style=\"color: #89DDFF\">&quot;<\/span><span style=\"color: #C3E88D\">,<\/span><\/span>\n<span class=\"line\"><span style=\"color: #EEFFFF\">                    <\/span><span style=\"color: #FFCB6B\">&quot;type&quot;<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #C3E88D\">:<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #89DDFF\">&quot;<\/span><span style=\"color: #C3E88D\">array<\/span><span style=\"color: #89DDFF\">&quot;<\/span><span style=\"color: #C3E88D\">,<\/span><\/span>\n<span class=\"line\"><span style=\"color: #EEFFFF\">                    <\/span><span style=\"color: #FFCB6B\">&quot;pattern&quot;<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #C3E88D\">:<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #89DDFF\">&quot;<\/span><span style=\"color: #C3E88D\">&#91;1-9&#93;&#91;0-9&#93;*<\/span><span style=\"color: #89DDFF\">&quot;<\/span><\/span>\n<span class=\"line\"><span style=\"color: #EEFFFF\">                }<\/span><\/span>\n<span class=\"line\"><span style=\"color: #EEFFFF\">            }<\/span><\/span>\n<span class=\"line\"><span style=\"color: #EEFFFF\">        }<\/span><\/span>\n<span class=\"line\"><span style=\"color: #EEFFFF\">    }<\/span><\/span>\n<span class=\"line\"><span style=\"color: #EEFFFF\">}<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h3 class=\"wp-block-heading\">Pour conna\u00eetre les options disponibles pour l\u2019extracteur de votre langage<\/h3>\n\n\n\n<p>Ex\u00e9cutez l\u2019une des commandes suivantes :<\/p>\n\n\n\n<p>codeql&nbsp;resolve&nbsp;languages&nbsp;&#8211;format=betterjson ou codeql&nbsp;resolve&nbsp;extractor&nbsp;&#8211;format=betterjson<\/p>\n\n\n\n<p>Le format de sortie&nbsp;<code>betterjson<\/code>&nbsp;fournit \u00e9galement le chemin racine de l\u2019extracteur ainsi que d\u2019autres options sp\u00e9cifiques au langage.<\/p>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h3 class=\"wp-block-heading\">Donn\u00e9es dans une base de donn\u00e9es CodeQL<\/h3>\n\n\n\n<p>Une&nbsp;<strong>base de donn\u00e9es CodeQL<\/strong>&nbsp;est un r\u00e9pertoire unique contenant toutes les donn\u00e9es n\u00e9cessaires \u00e0 l\u2019analyse. Ces donn\u00e9es incluent :<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>des donn\u00e9es relationnelles,<\/li>\n\n\n\n<li>une copie des fichiers source,<\/li>\n\n\n\n<li>un sch\u00e9ma de base de donn\u00e9es sp\u00e9cifique au langage, qui d\u00e9finit les relations entre les donn\u00e9es.<\/li>\n<\/ul>\n\n\n\n<p>CodeQL importe ces donn\u00e9es apr\u00e8s l\u2019extraction.<\/p>\n\n\n\n<p>Les bases de donn\u00e9es CodeQL offrent une&nbsp;<strong>vue instantan\u00e9e<\/strong>&nbsp;des donn\u00e9es interrogeables d\u2019un langage, extraites d\u2019une base de code. Ces donn\u00e9es repr\u00e9sentent de mani\u00e8re hi\u00e9rarchique l\u2019ensemble du code, y compris :<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>l\u2019arbre de syntaxe abstraite (AST),<\/li>\n\n\n\n<li>le graphe de flux de donn\u00e9es,<\/li>\n\n\n\n<li>le graphe de flux de contr\u00f4le.<\/li>\n<\/ul>\n\n\n\n<p>Pour les bases de code multilingues, les bases sont g\u00e9n\u00e9r\u00e9es&nbsp;<strong>langage par langage<\/strong>, chacune avec son propre sch\u00e9ma. Le sch\u00e9ma sert d\u2019interface entre l\u2019analyse lexicale initiale et l\u2019analyse complexe effectu\u00e9e par CodeQL.<\/p>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h3 class=\"wp-block-heading\">Une base de donn\u00e9es CodeQL contient deux tables principales :<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong><code>expressions<\/code><\/strong>&nbsp;: une ligne pour chaque expression analys\u00e9e dans le code source.<\/li>\n\n\n\n<li><strong><code>statements<\/code><\/strong>&nbsp;: une ligne pour chaque instruction analys\u00e9e dans le code source.<\/li>\n<\/ul>\n\n\n\n<p>La biblioth\u00e8que CodeQL d\u00e9finit des&nbsp;<strong>classes<\/strong>&nbsp;qui fournissent une couche d\u2019abstraction au-dessus de ces tables, notamment les tables auxiliaires&nbsp;<strong><code>Expr<\/code><\/strong>&nbsp;et&nbsp;<strong><code>Stmt<\/code><\/strong>.<\/p>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h3 class=\"wp-block-heading\">Limitations potentielles de CodeQL<\/h3>\n\n\n\n<p>La cr\u00e9ation de base de donn\u00e9es dans le cadre de l\u2019analyse de code (code scanning) peut pr\u00e9senter certaines limites, notamment avec l\u2019action GitHub CodeQL.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Vous devez utiliser une&nbsp;<strong>matrice de langages<\/strong>&nbsp;pour que l\u2019<strong>autobuild<\/strong>&nbsp;compile chaque langage compil\u00e9 list\u00e9. Cela permet de cr\u00e9er des jobs pour plusieurs versions d\u2019un langage, syst\u00e8me d\u2019exploitation ou outil.<\/li>\n\n\n\n<li>Sans matrice,&nbsp;<strong>autobuild<\/strong>&nbsp;tente de compiler le langage compil\u00e9 avec le plus de fichiers source. Cela \u00e9choue souvent (sauf pour Go) si vous ne fournissez pas de commande explicite de compilation avant l\u2019analyse.<\/li>\n\n\n\n<li>Le comportement de l\u2019\u00e9tape&nbsp;<strong>autobuild<\/strong>&nbsp;varie selon le syst\u00e8me d\u2019exploitation. Elle tente de d\u00e9tecter automatiquement une m\u00e9thode de compilation, ce qui peut entra\u00eener des r\u00e9sultats peu fiables, voire des \u00e9checs.<\/li>\n<\/ul>\n\n\n\n<p><strong>Recommandation<\/strong>&nbsp;: configurez une \u00e9tape de compilation dans votre fichier de workflow avant l\u2019analyse, au lieu de laisser autobuild compiler automatiquement. Cela rend l\u2019analyse plus fiable et adapt\u00e9e \u00e0 votre projet.<\/p>\n\n\n\n<p>Vous pouvez consulter la documentation de <a href=\"https:\/\/docs.github.com\/fr\/code-security\/code-scanning\/creating-an-advanced-setup-for-code-scanning\/codeql-code-scanning-for-compiled-languages#about-autobuild-for-codeql\">CodeQL sur&nbsp;<strong>autobuild<\/strong><\/a>&nbsp;pour plus de d\u00e9tails selon les langages.<\/p>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h3 class=\"wp-block-heading\">Extension VS Code<\/h3>\n\n\n\n<p>Vous pouvez utiliser&nbsp;<strong>Visual Studio Code<\/strong>&nbsp;(version 1.39 ou plus r\u00e9cente) avec l\u2019extension&nbsp;<strong>CodeQL<\/strong>&nbsp;pour compiler et ex\u00e9cuter des requ\u00eates.<\/p>\n\n\n\n<p>L\u2019extension utilise le CLI install\u00e9 (s\u2019il est dans le&nbsp;<code>PATH<\/code>). Sinon, elle g\u00e8re automatiquement l\u2019acc\u00e8s \u00e0 l\u2019ex\u00e9cutable, garantissant la compatibilit\u00e9 avec l\u2019extension.<br>T\u00e9l\u00e9chargez l\u2019extension depuis le&nbsp;<strong><a href=\"https:\/\/marketplace.visualstudio.com\/VSCode\">Visual Studio Code Marketplace<\/a><\/strong>&nbsp;ou via le fichier&nbsp;<strong>CodeQL VSIX<\/strong>.<\/p>\n\n\n\n<p><\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>CodeQL traite le code comme des donn\u00e9es. Vous cr\u00e9ez une base de donn\u00e9es en extrayant des donn\u00e9es interrogeables \u00e0 partir de votre base [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"parent":5546,"menu_order":3,"comment_status":"closed","ping_status":"closed","template":"","doc_tag":[],"doc_badge":[],"class_list":["post-5554","docs","type-docs","status-publish","hentry"],"author_avatar":"https:\/\/secure.gravatar.com\/avatar\/6a70e7c73db9f245e650948d09d74f61?s=96&d=mm&r=g","author_name":"Annick N'dri","_links":{"self":[{"href":"https:\/\/techhub.saworks.io\/fr\/wp-json\/wp\/v2\/docs\/5554"}],"collection":[{"href":"https:\/\/techhub.saworks.io\/fr\/wp-json\/wp\/v2\/docs"}],"about":[{"href":"https:\/\/techhub.saworks.io\/fr\/wp-json\/wp\/v2\/types\/docs"}],"author":[{"embeddable":true,"href":"https:\/\/techhub.saworks.io\/fr\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/techhub.saworks.io\/fr\/wp-json\/wp\/v2\/comments?post=5554"}],"version-history":[{"count":0,"href":"https:\/\/techhub.saworks.io\/fr\/wp-json\/wp\/v2\/docs\/5554\/revisions"}],"up":[{"embeddable":true,"href":"https:\/\/techhub.saworks.io\/fr\/wp-json\/wp\/v2\/docs\/5546"}],"wp:attachment":[{"href":"https:\/\/techhub.saworks.io\/fr\/wp-json\/wp\/v2\/media?parent=5554"}],"wp:term":[{"taxonomy":"doc_tag","embeddable":true,"href":"https:\/\/techhub.saworks.io\/fr\/wp-json\/wp\/v2\/doc_tag?post=5554"},{"taxonomy":"doc_badge","embeddable":true,"href":"https:\/\/techhub.saworks.io\/fr\/wp-json\/wp\/v2\/doc_badge?post=5554"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}