{"id":8041,"date":"2025-09-16T09:13:39","date_gmt":"2025-09-16T09:13:39","guid":{"rendered":"https:\/\/techhub.saworks.io\/?post_type=docs&#038;p=8041"},"modified":"2025-09-24T12:02:34","modified_gmt":"2025-09-24T12:02:34","slug":"preparer-une-base-de-donnees-pour-codeql-2","status":"publish","type":"docs","link":"https:\/\/techhub.saworks.io\/fr\/docs\/tutoriel-github-intermediaire\/securite-avancee-de-github-partie-2-sur-2\/preparer-une-base-de-donnees-pour-codeql-2\/","title":{"rendered":"Pr\u00e9parer une base de donn\u00e9es pour CodeQL"},"content":{"rendered":"\n<div class=\"wp-block-group is-layout-constrained wp-block-group-is-layout-constrained\">\n<h3 class=\"wp-block-heading\"><strong>CodeQL consid\u00e8re le code comme des donn\u00e9es.<\/strong><\/h3>\n\n\n\n<p>Vous cr\u00e9ez une base de donn\u00e9es en utilisant des donn\u00e9es interrogeables extraites de votre base de code. Ensuite, vous pouvez ex\u00e9cuter des requ\u00eates CodeQL sur cette base de donn\u00e9es pour identifier des vuln\u00e9rabilit\u00e9s de s\u00e9curit\u00e9, des bugs et d&rsquo;autres erreurs. Vous pouvez \u00e9crire vos propres requ\u00eates ou ex\u00e9cuter des requ\u00eates standard CodeQL r\u00e9dig\u00e9es par des chercheurs de GitHub et des contributeurs de la communaut\u00e9.<\/p>\n\n\n\n<p>Dans cette unit\u00e9, vous apprendrez \u00e0 cr\u00e9er une base de donn\u00e9es. Cette \u00e9tape est n\u00e9cessaire avant de pouvoir analyser votre code. Vous devez cr\u00e9er une base de donn\u00e9es CodeQL contenant toutes les donn\u00e9es n\u00e9cessaires pour ex\u00e9cuter des requ\u00eates sur votre code.<\/p>\n\n\n\n<p>L\u2019analyse CodeQL repose sur l\u2019extraction de donn\u00e9es relationnelles \u00e0 partir de votre code, utilis\u00e9es pour construire une base de donn\u00e9es CodeQL. Ces bases de donn\u00e9es contiennent toutes les informations importantes sur une base de code.<\/p>\n\n\n\n<p>Vous pouvez utiliser le produit autonome <strong>CodeQL CLI<\/strong> pour analyser du code et g\u00e9n\u00e9rer une repr\u00e9sentation en base de donn\u00e9es d\u2019une base de code. Une fois la base de donn\u00e9es pr\u00eate, vous pouvez l\u2019interroger ou ex\u00e9cuter une suite de requ\u00eates pour g\u00e9n\u00e9rer un ensemble de r\u00e9sultats au format <strong>SARIF (Static Analysis Results Interchange Format)<\/strong>.<\/p>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Pr\u00e9paration de la base de donn\u00e9es pour CodeQL<\/strong><\/h3>\n\n\n\n<p>Avant de g\u00e9n\u00e9rer une base de donn\u00e9es CodeQL, vous devez installer et configurer le <strong>CodeQL CLI<\/strong>. Ensuite, vous devez r\u00e9cup\u00e9rer la version de votre base de code que vous souhaitez analyser.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Pour les langages compil\u00e9s<\/strong>, le r\u00e9pertoire doit \u00eatre pr\u00eat \u00e0 \u00eatre compil\u00e9, avec toutes les d\u00e9pendances d\u00e9j\u00e0 install\u00e9es. CodeQL commence par extraire une repr\u00e9sentation relationnelle de chaque fichier source dans la base de code pour cr\u00e9er une base de donn\u00e9es. Vous utilisez cette base pour analyser votre code.<\/li>\n\n\n\n<li><strong>Pour les langages interpr\u00e9t\u00e9s<\/strong>, l\u2019extracteur s\u2019ex\u00e9cute directement sur le code source. Cette capacit\u00e9 vous donne une repr\u00e9sentation pr\u00e9cise de la base de code et r\u00e9sout toutes les d\u00e9pendances.<\/li>\n<\/ul>\n\n\n\n<p>L\u2019extraction des fichiers source fonctionne en surveillant le processus de compilation normal pour les langages compil\u00e9s. CodeQL fait une copie du fichier source chaque fois que vous invoquez un compilateur pour traiter un fichier source. Il collecte toutes les informations pertinentes sur le code source avec chaque fichier.<\/p>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Configuration du CLI<\/strong><\/h3>\n\n\n\n<p>Suivez les \u00e9tapes ci-dessous pour configurer le CodeQL CLI :<\/p>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h4 class=\"wp-block-heading\">1. T\u00e9l\u00e9charger l\u2019archive .zip du bundle CodeQL CLI<\/h4>\n\n\n\n<p>Il est recommand\u00e9 d\u2019installer le CodeQL CLI et les requ\u00eates en t\u00e9l\u00e9chargeant le package group\u00e9. Cette m\u00e9thode garantit une meilleure compatibilit\u00e9 et performance, contrairement au t\u00e9l\u00e9chargement s\u00e9par\u00e9 du CLI et des requ\u00eates.<\/p>\n\n\n\n<p>Le package de t\u00e9l\u00e9chargement est une archive <code>.zip<\/code> contenant des outils, des scripts et divers fichiers sp\u00e9cifiques \u00e0 CodeQL. Le bundle inclut : le CodeQL CLI, des versions compatibles des requ\u00eates et biblioth\u00e8ques du d\u00e9p\u00f4t GitHub CodeQL, et des versions pr\u00e9compil\u00e9es des requ\u00eates incluses.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Rendez-vous sur la page <a href=\"https:\/\/github.com\/github\/codeql-action\/releases\"><strong>Releases<\/strong> du d\u00e9p\u00f4t public CodeQL<\/a>.<\/li>\n\n\n\n<li>T\u00e9l\u00e9chargez le bundle sp\u00e9cifique \u00e0 votre plateforme sous <strong>Assets<\/strong>.<\/li>\n\n\n\n<li>Sur cette page, vous pouvez aussi consulter les journaux de modifications et t\u00e9l\u00e9charger des versions ant\u00e9rieures. Si n\u00e9cessaire, vous pouvez t\u00e9l\u00e9charger <code>codeql-bundle.tar.gz<\/code>, qui contient le CLI pour toutes les plateformes prises en charge.<\/li>\n<\/ul>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h4 class=\"wp-block-heading\">2. Extraire l\u2019archive .zip<\/h4>\n\n\n\n<p>Si vous utilisez Linux, Windows ou macOS, vous pouvez extraire l\u2019archive dans le r\u00e9pertoire de votre choix.<\/p>\n\n\n\n<p>Les utilisateurs de macOS Catalina (ou version ult\u00e9rieure) doivent suivre des \u00e9tapes suppl\u00e9mentaires. Pour plus d\u2019informations, consultez la documentation <a href=\"https:\/\/docs.github.com\/en\/code-security\/codeql-cli\/getting-started-with-the-codeql-cli\">CodeQL sur la prise en main du CLI<\/a>.<\/p>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h4 class=\"wp-block-heading\">3. Ex\u00e9cuter les processus CodeQL<\/h4>\n\n\n\n<p>Apr\u00e8s extraction, effectuez l\u2019une des actions suivantes pour utiliser le fichier ex\u00e9cutable <code>codeql<\/code> :<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Ex\u00e9cutez <code>&lt;extraction-root>\/codeql\/codeql<\/code>, o\u00f9 <code>&lt;extraction-root><\/code> est le dossier dans lequel vous avez extrait le package.<\/li>\n\n\n\n<li>Ajoutez <code>&lt;extraction-root>\/codeql<\/code> \u00e0 votre variable <strong>PATH<\/strong>, afin de pouvoir ex\u00e9cuter le fichier simplement avec <code>codeql<\/code>.<\/li>\n<\/ul>\n\n\n\n<p>Vous pouvez maintenant ex\u00e9cuter des commandes CodeQL.<\/p>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>V\u00e9rification de la configuration du CLI<\/strong><\/h3>\n\n\n\n<p>Vous pouvez ex\u00e9cuter des sous-commandes CodeQL CLI pour v\u00e9rifier que le CLI est correctement configur\u00e9 et peut analyser des bases de donn\u00e9es :<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Ex\u00e9cutez <code>codeql resolve packs<\/code> (si vous avez ajout\u00e9 <code>codeql<\/code> au PATH) pour afficher les packs CodeQL que le CLI peut trouver. Sinon, utilisez <code>\/extraction-root\/codeql\/codeql resolve packs<\/code>. Cette commande affiche les noms des packs inclus dans le bundle CLI.<\/li>\n\n\n\n<li>Si le CLI ne trouve pas les packs pour les langages attendus, v\u00e9rifiez que vous avez bien t\u00e9l\u00e9charg\u00e9 le bundle complet et non une copie autonome du CLI.<\/li>\n\n\n\n<li>Ex\u00e9cutez <code>codeql resolve languages<\/code> pour afficher les langages pris en charge par d\u00e9faut par le package CLI.<\/li>\n<\/ul>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Cr\u00e9ation de la base de donn\u00e9es<\/strong><\/h3>\n\n\n\n<p>Cr\u00e9ez une base de donn\u00e9es CodeQL en ex\u00e9cutant cette commande depuis la racine du projet que vous avez r\u00e9cup\u00e9r\u00e9 :<\/p>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro cbp-has-line-numbers\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.75rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;--cbp-line-number-color:#24292e;--cbp-line-number-width:calc(1 * 0.6 * .75rem);line-height:1rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:flex;align-items:center;padding:10px 0px 10px 16px;margin-bottom:-2px;width:100%;text-align:left;background-color:#f2f2f2;color:#2f363c\">Bash<\/span><span role=\"button\" tabindex=\"0\" style=\"color:#24292e;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>codeql database create &lt;database> --language=&lt;language-identifier><\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2\"><\/path><\/svg><\/span><pre class=\"shiki github-light\" style=\"background-color: #fff\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #6F42C1\">codeql<\/span><span style=\"color: #24292E\"> <\/span><span style=\"color: #032F62\">database<\/span><span style=\"color: #24292E\"> <\/span><span style=\"color: #032F62\">create<\/span><span style=\"color: #24292E\"> <\/span><span style=\"color: #D73A49\">&lt;<\/span><span style=\"color: #032F62\">databas<\/span><span style=\"color: #24292E\">e<\/span><span style=\"color: #D73A49\">&gt;<\/span><span style=\"color: #24292E\"> <\/span><span style=\"color: #005CC5\">--language=<\/span><span style=\"color: #D73A49\">&lt;<\/span><span style=\"color: #005CC5\">language-identifier<\/span><span style=\"color: #D73A49\">&gt;<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>In the command:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Replace\u00a0<code>&lt;database><\/code>\u00a0with the path to the new database to be created.<\/li>\n\n\n\n<li>Replace\u00a0<code>&lt;language-identifier><\/code>\u00a0with the identifier for the language that you&rsquo;re using to create the database. You can use this identifier with\u00a0<code>--db-cluster<\/code>\u00a0to accept comma-separated lists, or you can specify it more than once.<\/li>\n<\/ul>\n\n\n\n<p>You can also specify the following options. These options depend on the location of the source file, whether your code needs to be compiled, or whether you want to create CodeQL databases for more than one language.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use\u00a0<code>--source-root<\/code>\u00a0to identify the root folder for the primary source files for database creation.<\/li>\n\n\n\n<li>Use\u00a0<code>--db-cluster<\/code>\u00a0for multiple-language codebases when you want to create databases for more than one language.<\/li>\n\n\n\n<li>Use\u00a0<code>--command<\/code>\u00a0when you create a database for one or more compiled languages. You don&rsquo;t need this option if you&rsquo;re using only Python and JavaScript.<\/li>\n\n\n\n<li>Use\u00a0<code>--no-run-unnecessary-builds<\/code>\u00a0along with\u00a0<code>--db-cluster<\/code>\u00a0to suppress the build command for languages where the CodeQL CLI doesn&rsquo;t need to monitor the build.<\/li>\n<\/ul>\n\n\n\n<p>After you successfully create the database, a new directory appears at the path specified in the command. If you used the&nbsp;<code>--db-cluster<\/code>&nbsp;option to create more than one database, a subdirectory is created for each language.<\/p>\n\n\n\n<p>Each CodeQL database directory contains multiple subdirectories, including the relational data that&rsquo;s used for analysis and a source archive. The source archive is a copy of the source files made at the time that you created the database. CodeQL uses it for displaying analysis results.<\/p>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"extractors\">Extractors<\/h2>\n\n\n\n<p>An extractor is a tool that produces the relational data and source reference for each input file, from which a CodeQL database can be built. Each language that CodeQL supports has one extractor. This structure ensures that the extraction process is as accurate as possible.<\/p>\n\n\n\n<p>Each extractor defines its own set of configuration options. Entering&nbsp;<code>codeql resolve extractor --format=betterjson<\/code>&nbsp;results in data formatted like the following example:<\/p>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro cbp-has-line-numbers\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.75rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;--cbp-line-number-color:#24292e;--cbp-line-number-width:calc(2 * 0.6 * .75rem);line-height:1rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:flex;align-items:center;padding:10px 0px 10px 16px;margin-bottom:-2px;width:100%;text-align:left;background-color:#f2f2f2;color:#2f363c\">Bash<\/span><span role=\"button\" tabindex=\"0\" style=\"color:#24292e;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>{\n    \"extractor_root\" : \"\/home\/user\/codeql\/java\",\n    \"extractor_options\" : {\n        \"option1\" : {\n            \"title\" : \"Java extractor option 1\",\n            \"description\" : \"An example string option for the Java extractor.\",\n            \"type\" : \"string\",\n            \"pattern\" : \"&#91;a-z&#93;+\"\n        },\n        \"group1\" : {\n            \"title\" : \"Java extractor group 1\",\n            \"description\" : \"An example option group for the Java extractor.\",\n            \"type\" : \"object\",\n            \"properties\" : {\n                \"option2\" : {\n                    \"title\" : \"Java extractor option 2\",\n                    \"description\" : \"An example array option for the Java extractor\",\n                    \"type\" : \"array\",\n                    \"pattern\" : \"&#91;1-9&#93;&#91;0-9&#93;*\"\n                }\n            }\n        }\n    }\n}<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2\"><\/path><\/svg><\/span><pre class=\"shiki github-light\" style=\"background-color: #fff\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #24292E\">{<\/span><\/span>\n<span class=\"line\"><span style=\"color: #24292E\">    <\/span><span style=\"color: #6F42C1\">&quot;extractor_root&quot;<\/span><span style=\"color: #24292E\"> <\/span><span style=\"color: #032F62\">:<\/span><span style=\"color: #24292E\"> <\/span><span style=\"color: #032F62\">&quot;\/home\/user\/codeql\/java&quot;,<\/span><\/span>\n<span class=\"line\"><span style=\"color: #24292E\">    <\/span><span style=\"color: #6F42C1\">&quot;extractor_options&quot;<\/span><span style=\"color: #24292E\"> <\/span><span style=\"color: #032F62\">:<\/span><span style=\"color: #24292E\"> <\/span><span style=\"color: #032F62\">{<\/span><\/span>\n<span class=\"line\"><span style=\"color: #24292E\">        <\/span><span style=\"color: #6F42C1\">&quot;option1&quot;<\/span><span style=\"color: #24292E\"> <\/span><span style=\"color: #032F62\">:<\/span><span style=\"color: #24292E\"> <\/span><span style=\"color: #032F62\">{<\/span><\/span>\n<span class=\"line\"><span style=\"color: #24292E\">            <\/span><span style=\"color: #6F42C1\">&quot;title&quot;<\/span><span style=\"color: #24292E\"> <\/span><span style=\"color: #032F62\">:<\/span><span style=\"color: #24292E\"> <\/span><span style=\"color: #032F62\">&quot;Java extractor option 1&quot;,<\/span><\/span>\n<span class=\"line\"><span style=\"color: #24292E\">            <\/span><span style=\"color: #6F42C1\">&quot;description&quot;<\/span><span style=\"color: #24292E\"> <\/span><span style=\"color: #032F62\">:<\/span><span style=\"color: #24292E\"> <\/span><span style=\"color: #032F62\">&quot;An example string option for the Java extractor.&quot;,<\/span><\/span>\n<span class=\"line\"><span style=\"color: #24292E\">            <\/span><span style=\"color: #6F42C1\">&quot;type&quot;<\/span><span style=\"color: #24292E\"> <\/span><span style=\"color: #032F62\">:<\/span><span style=\"color: #24292E\"> <\/span><span style=\"color: #032F62\">&quot;string&quot;,<\/span><\/span>\n<span class=\"line\"><span style=\"color: #24292E\">            <\/span><span style=\"color: #6F42C1\">&quot;pattern&quot;<\/span><span style=\"color: #24292E\"> <\/span><span style=\"color: #032F62\">:<\/span><span style=\"color: #24292E\"> <\/span><span style=\"color: #032F62\">&quot;&#91;a-z&#93;+&quot;<\/span><\/span>\n<span class=\"line\"><span style=\"color: #24292E\">        },<\/span><\/span>\n<span class=\"line\"><span style=\"color: #24292E\">        <\/span><span style=\"color: #6F42C1\">&quot;group1&quot;<\/span><span style=\"color: #24292E\"> <\/span><span style=\"color: #032F62\">:<\/span><span style=\"color: #24292E\"> <\/span><span style=\"color: #032F62\">{<\/span><\/span>\n<span class=\"line\"><span style=\"color: #24292E\">            <\/span><span style=\"color: #6F42C1\">&quot;title&quot;<\/span><span style=\"color: #24292E\"> <\/span><span style=\"color: #032F62\">:<\/span><span style=\"color: #24292E\"> <\/span><span style=\"color: #032F62\">&quot;Java extractor group 1&quot;,<\/span><\/span>\n<span class=\"line\"><span style=\"color: #24292E\">            <\/span><span style=\"color: #6F42C1\">&quot;description&quot;<\/span><span style=\"color: #24292E\"> <\/span><span style=\"color: #032F62\">:<\/span><span style=\"color: #24292E\"> <\/span><span style=\"color: #032F62\">&quot;An example option group for the Java extractor.&quot;,<\/span><\/span>\n<span class=\"line\"><span style=\"color: #24292E\">            <\/span><span style=\"color: #6F42C1\">&quot;type&quot;<\/span><span style=\"color: #24292E\"> <\/span><span style=\"color: #032F62\">:<\/span><span style=\"color: #24292E\"> <\/span><span style=\"color: #032F62\">&quot;object&quot;,<\/span><\/span>\n<span class=\"line\"><span style=\"color: #24292E\">            <\/span><span style=\"color: #6F42C1\">&quot;properties&quot;<\/span><span style=\"color: #24292E\"> <\/span><span style=\"color: #032F62\">:<\/span><span style=\"color: #24292E\"> <\/span><span style=\"color: #032F62\">{<\/span><\/span>\n<span class=\"line\"><span style=\"color: #24292E\">                <\/span><span style=\"color: #6F42C1\">&quot;option2&quot;<\/span><span style=\"color: #24292E\"> <\/span><span style=\"color: #032F62\">:<\/span><span style=\"color: #24292E\"> <\/span><span style=\"color: #032F62\">{<\/span><\/span>\n<span class=\"line\"><span style=\"color: #24292E\">                    <\/span><span style=\"color: #6F42C1\">&quot;title&quot;<\/span><span style=\"color: #24292E\"> <\/span><span style=\"color: #032F62\">:<\/span><span style=\"color: #24292E\"> <\/span><span style=\"color: #032F62\">&quot;Java extractor option 2&quot;,<\/span><\/span>\n<span class=\"line\"><span style=\"color: #24292E\">                    <\/span><span style=\"color: #6F42C1\">&quot;description&quot;<\/span><span style=\"color: #24292E\"> <\/span><span style=\"color: #032F62\">:<\/span><span style=\"color: #24292E\"> <\/span><span style=\"color: #032F62\">&quot;An example array option for the Java extractor&quot;,<\/span><\/span>\n<span class=\"line\"><span style=\"color: #24292E\">                    <\/span><span style=\"color: #6F42C1\">&quot;type&quot;<\/span><span style=\"color: #24292E\"> <\/span><span style=\"color: #032F62\">:<\/span><span style=\"color: #24292E\"> <\/span><span style=\"color: #032F62\">&quot;array&quot;,<\/span><\/span>\n<span class=\"line\"><span style=\"color: #24292E\">                    <\/span><span style=\"color: #6F42C1\">&quot;pattern&quot;<\/span><span style=\"color: #24292E\"> <\/span><span style=\"color: #032F62\">:<\/span><span style=\"color: #24292E\"> <\/span><span style=\"color: #032F62\">&quot;&#91;1-9&#93;&#91;0-9&#93;*&quot;<\/span><\/span>\n<span class=\"line\"><span style=\"color: #24292E\">                }<\/span><\/span>\n<span class=\"line\"><span style=\"color: #24292E\">            }<\/span><\/span>\n<span class=\"line\"><span style=\"color: #24292E\">        }<\/span><\/span>\n<span class=\"line\"><span style=\"color: #24292E\">    }<\/span><\/span>\n<span class=\"line\"><span style=\"color: #24292E\">}<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Pour conna\u00eetre les options disponibles pour l\u2019extracteur de votre langage<\/strong>,<\/h3>\n\n\n\n<p>entrez la commande suivante :<\/p>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro cbp-has-line-numbers\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.75rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;--cbp-line-number-color:#24292e;--cbp-line-number-width:calc(1 * 0.6 * .75rem);line-height:1rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:flex;align-items:center;padding:10px 0px 10px 16px;margin-bottom:-2px;width:100%;text-align:left;background-color:#f2f2f2;color:#2f363c\">Bash<\/span><span role=\"button\" tabindex=\"0\" style=\"color:#24292e;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>codeql resolve languages --format=betterjson<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2\"><\/path><\/svg><\/span><pre class=\"shiki github-light\" style=\"background-color: #fff\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #6F42C1\">codeql<\/span><span style=\"color: #24292E\"> <\/span><span style=\"color: #032F62\">resolve<\/span><span style=\"color: #24292E\"> <\/span><span style=\"color: #032F62\">languages<\/span><span style=\"color: #24292E\"> <\/span><span style=\"color: #005CC5\">--format=betterjson<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>ou<\/p>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro cbp-has-line-numbers\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.75rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;--cbp-line-number-color:#24292e;--cbp-line-number-width:calc(1 * 0.6 * .75rem);line-height:1rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:flex;align-items:center;padding:10px 0px 10px 16px;margin-bottom:-2px;width:100%;text-align:left;background-color:#f2f2f2;color:#2f363c\">ShellScript<\/span><span role=\"button\" tabindex=\"0\" style=\"color:#24292e;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>codeql resolve extractor --format=betterjson<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2\"><\/path><\/svg><\/span><pre class=\"shiki github-light\" style=\"background-color: #fff\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #6F42C1\">codeql<\/span><span style=\"color: #24292E\"> <\/span><span style=\"color: #032F62\">resolve<\/span><span style=\"color: #24292E\"> <\/span><span style=\"color: #032F62\">extractor<\/span><span style=\"color: #24292E\"> <\/span><span style=\"color: #005CC5\">--format=betterjson<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>Le format de sortie <code>betterjson<\/code> fournit \u00e9galement la racine de l\u2019extracteur et d\u2019autres options sp\u00e9cifiques au langage.<\/p>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Donn\u00e9es dans une base de donn\u00e9es CodeQL<\/strong><\/h3>\n\n\n\n<p>Une base de donn\u00e9es CodeQL est un <strong>r\u00e9pertoire unique<\/strong> contenant toutes les donn\u00e9es n\u00e9cessaires \u00e0 l\u2019analyse. Ces donn\u00e9es incluent :<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>des donn\u00e9es relationnelles,<\/li>\n\n\n\n<li>des copies des fichiers source,<\/li>\n\n\n\n<li>un sch\u00e9ma de base de donn\u00e9es sp\u00e9cifique au langage, qui d\u00e9finit les relations entre les donn\u00e9es.<\/li>\n<\/ul>\n\n\n\n<p>CodeQL importe ces donn\u00e9es apr\u00e8s l\u2019extraction.<\/p>\n\n\n\n<p>Les bases de donn\u00e9es CodeQL offrent une <strong>capture instantan\u00e9e<\/strong> des donn\u00e9es interrogeables d\u2019un langage particulier extraites d\u2019une base de code. Ces donn\u00e9es repr\u00e9sentent une structure hi\u00e9rarchique compl\u00e8te du code, incluant :<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>l\u2019arbre de syntaxe abstraite (AST),<\/li>\n\n\n\n<li>le graphe de flux de donn\u00e9es,<\/li>\n\n\n\n<li>le graphe de flux de contr\u00f4le.<\/li>\n<\/ul>\n\n\n\n<p>Les bases de donn\u00e9es sont g\u00e9n\u00e9r\u00e9es <strong>langage par langage<\/strong> pour les projets multi-langages. Chaque langage poss\u00e8de son propre sch\u00e9ma de base de donn\u00e9es. Ce sch\u00e9ma sert d\u2019interface entre l\u2019analyse lexicale initiale (lors de l\u2019extraction) et l\u2019analyse complexe effectu\u00e9e par CodeQL.<\/p>\n\n\n\n<p>Une base de donn\u00e9es CodeQL contient principalement <strong>deux tables<\/strong> :<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>La table <strong>expressions<\/strong> contient une ligne pour chaque expression dans le code source analys\u00e9 pendant le processus de compilation.<\/li>\n\n\n\n<li>La table <strong>statements<\/strong> contient une ligne pour chaque instruction dans le code source analys\u00e9.<\/li>\n<\/ul>\n\n\n\n<p>La biblioth\u00e8que CodeQL d\u00e9finit des <strong>classes<\/strong> pour fournir une couche d\u2019abstraction au-dessus de ces tables, incluant les tables auxiliaires associ\u00e9es : <code>Expr<\/code> et <code>Stmt<\/code>.<\/p>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Limites potentielles de CodeQL<\/strong><\/h3>\n\n\n\n<p>La cr\u00e9ation de base de donn\u00e9es dans le cadre du <strong>workflow d\u2019analyse de code<\/strong> peut pr\u00e9senter certaines limites, notamment lors de l\u2019utilisation de l\u2019action GitHub CodeQL.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Il est n\u00e9cessaire d\u2019utiliser une <strong>matrice de langages<\/strong> pour que <code>autobuild<\/code> puisse compiler chaque langage list\u00e9. Cette matrice permet de cr\u00e9er des jobs pour plusieurs versions d\u2019un langage, syst\u00e8me d\u2019exploitation ou outil.<\/li>\n\n\n\n<li>Si vous n\u2019utilisez pas de matrice, <code>autobuild<\/code> essaiera de compiler le langage avec le plus grand nombre de fichiers source dans le d\u00e9p\u00f4t. L\u2019analyse des langages compil\u00e9s (sauf Go) \u00e9choue souvent si vous ne fournissez pas de commandes explicites pour compiler le code avant l\u2019analyse.<\/li>\n\n\n\n<li>Le comportement de <code>autobuild<\/code> varie selon le syst\u00e8me d\u2019exploitation sur lequel l\u2019extracteur s\u2019ex\u00e9cute. Il tente de d\u00e9tecter automatiquement une m\u00e9thode de compilation adapt\u00e9e au langage, ce qui peut entra\u00eener des r\u00e9sultats peu fiables, voire des \u00e9checs.<\/li>\n<\/ul>\n\n\n\n<p>\ud83d\udc49 Il est <strong>recommand\u00e9<\/strong> de configurer une \u00e9tape de compilation dans le fichier de workflow <strong>avant l\u2019analyse<\/strong>, plut\u00f4t que de laisser <code>autobuild<\/code> compiler les langages. Cela permet d\u2019adapter le workflow aux exigences sp\u00e9cifiques de votre syst\u00e8me et projet, pour des analyses plus fiables.<\/p>\n\n\n\n<p>Vous pouvez consulter la documentation CodeQL sur <code>autobuild<\/code> pour en savoir plus sur les \u00e9tapes sp\u00e9cifiques \u00e0 chaque langage.<\/p>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Extension VS Code<\/strong><\/h3>\n\n\n\n<p>Vous pouvez utiliser <strong>Visual Studio Code (VS Code)<\/strong> et l\u2019extension CodeQL pour compiler et ex\u00e9cuter des requ\u00eates, \u00e0 condition d\u2019utiliser VS Code version <strong>1.39 ou ult\u00e9rieure<\/strong>.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>L\u2019extension est disponible sur le <strong>Visual Studio Code Marketplace<\/strong> ou en t\u00e9l\u00e9chargeant le fichier <strong>CodeQL VSIX<\/strong>.<\/li>\n\n\n\n<li>L\u2019extension utilise le CLI install\u00e9 sur votre syst\u00e8me (d\u00e9tect\u00e9 via <code>PATH<\/code>) si disponible. Sinon, elle g\u00e8re automatiquement l\u2019acc\u00e8s au fichier ex\u00e9cutable du CLI. Cette gestion automatique garantit la compatibilit\u00e9 entre le CLI et l\u2019extension CodeQL.<\/li>\n<\/ul>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>CodeQL consid\u00e8re le code comme des donn\u00e9es. Vous cr\u00e9ez une base de donn\u00e9es en utilisant des donn\u00e9es interrogeables extraites de votre base de [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"parent":8024,"menu_order":58,"comment_status":"closed","ping_status":"closed","template":"","doc_tag":[],"doc_badge":[],"class_list":["post-8041","docs","type-docs","status-publish","hentry"],"author_avatar":"https:\/\/secure.gravatar.com\/avatar\/6a70e7c73db9f245e650948d09d74f61?s=96&d=mm&r=g","author_name":"Annick N'dri","_links":{"self":[{"href":"https:\/\/techhub.saworks.io\/fr\/wp-json\/wp\/v2\/docs\/8041"}],"collection":[{"href":"https:\/\/techhub.saworks.io\/fr\/wp-json\/wp\/v2\/docs"}],"about":[{"href":"https:\/\/techhub.saworks.io\/fr\/wp-json\/wp\/v2\/types\/docs"}],"author":[{"embeddable":true,"href":"https:\/\/techhub.saworks.io\/fr\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/techhub.saworks.io\/fr\/wp-json\/wp\/v2\/comments?post=8041"}],"version-history":[{"count":0,"href":"https:\/\/techhub.saworks.io\/fr\/wp-json\/wp\/v2\/docs\/8041\/revisions"}],"up":[{"embeddable":true,"href":"https:\/\/techhub.saworks.io\/fr\/wp-json\/wp\/v2\/docs\/8024"}],"wp:attachment":[{"href":"https:\/\/techhub.saworks.io\/fr\/wp-json\/wp\/v2\/media?parent=8041"}],"wp:term":[{"taxonomy":"doc_tag","embeddable":true,"href":"https:\/\/techhub.saworks.io\/fr\/wp-json\/wp\/v2\/doc_tag?post=8041"},{"taxonomy":"doc_badge","embeddable":true,"href":"https:\/\/techhub.saworks.io\/fr\/wp-json\/wp\/v2\/doc_badge?post=8041"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}