CodeQL for Java and Kotlin¶

Experiment and learn how to write effective and efficient queries for CodeQL databases generated from Java and Kotlin codebases.

Note

CodeQL analysis for Kotlin is currently in beta. During the beta, analysis of Kotlin code, and the accompanying documentation, will not be as comprehensive as for other languages.

Enabling Kotlin support

CodeQL treats Java and Kotlin as parts of the same language, so to enable Kotlin support you should enable java as a language.

Basic query for Java code: Learn to write and run a simple CodeQL query.
CodeQL library for Java: When analyzing Java code, you can use the large collection of classes in the CodeQL library for Java.
Analyzing data flow in Java: You can use CodeQL to track the flow of data through a Java program to its use.
Java types: You can use CodeQL to find out information about data types used in Java code. This allows you to write queries to identify specific type-related issues.
Overflow-prone comparisons in Java: You can use CodeQL to check for comparisons in Java code where one side of the comparison is prone to overflow.
Navigating the call graph: CodeQL has classes for identifying code that calls other code, and code that can be called from elsewhere. This allows you to find, for example, methods that are never used.
Annotations in Java: CodeQL databases of Java projects contain information about all annotations attached to program elements.
Javadoc: You can use CodeQL to find errors in Javadoc comments in Java code.
Working with source locations: You can use the location of entities within Java code to look for potential errors. Locations allow you to deduce the presence, or absence, of white space which, in some cases, may indicate a problem.
Abstract syntax tree classes for working with Java programs: CodeQL has a large selection of classes for representing the abstract syntax tree of Java programs.