Greetings, many thanks for getting is touch with this question. Indeed the query ExternalAPIsUsedWithUntrustedData.ql is not intended to be run directly with database analyze since it does not produce a set of results within your code but rather produces a table of information. Queries like that are internal queries that we use for certain analytics rather than ones that are useful to you to find results within your code.

Running queries by specifying large directories as you have done is not a recommended way of choosing what queries to run as you are likely to pick up queries like the one above that do not produce desirable results. Instead, I would recommend that you run one of the built-in query suites, such as java-security-and-quality.qls or java-security-extended.qls. Your invocation would look something like this:

codeql database analyze --threads 16 ./java-database java-security-and-quality.qls --format=csv --output=java-results.csv

I hope the above information is helpful to you, and do let me know if we can be of further assistance!

@edoardopirovano thanks
codeql database analyze --threads 16 ./java-database /Users/51pwn/MyWork/codeql/java/ql/src/Security/CWE/CWE-020/ExternalAPIsUsedWithUntrustedData.ql --format=csv --output=java-results.csv
Running queries.
[1/1] No need to rerun /Users/51pwn/MyWork/codeql/java/ql/src/Security/CWE/CWE-020/ExternalAPIsUsedWithUntrustedData.ql.
Shutting down query evaluator.
Interpreting results.
A fatal error occurred: Could not process query metadata for /Users/51pwn/MyWork/codeql/java/ql/src/Security/CWE/CWE-020/ExternalAPIsUsedWithUntrustedData.ql.
Error was: Unknown kind "Table" when converting to analysis model. [UNSUPPORTED_KIND]