Semmle™ QL, is a declarative, object-oriented query language. It is a modern variant of Datalog, and it is ideal for those who want an unbounded ability to ask questions of their code and related development team information by interrogating it the way they would any database.
Examples of the kinds of things you can do with Semmle QL include:
- Find all instances of a security vulnerability
- Check correct usage of an API
- Search for usage of a specific library – where it’s used and by whom
- Report metrics like lines of code, or number of test methods, etc.
- Perform any other search or analysis you can imagine
QL syntax and libraries
The syntax of QL is modeled on Java, with a strong influence from other query languages like SQL. The object-oriented syntax, with support for recursion, allows you to define queries with very sophisticated logic. The complexity of that logic can be hidden from query users and made reusable by storing it in query libraries.
The Semmle query libraries are totally open. The source code for them is included with Semmle. They contain hundreds of queries that you can use as examples to build on or customize to support your specific definitions of coding best practices standards.
QL in the wild
Using QL, any developer can quickly and simply write highly customized queries to be executed across a code base. For example:
- Modernizing systems & culture – A “Win-Win-Win” with Semmle QL
- Here is a case study of using QL to find instances of the infamous Heartbleed bug
- Validating API implementations against their RAML specs – Semmle QL white paper
- NASA used it to find and correct a bug in the landing software of the Curiosity Mars rover
Mining all software engineering data
Software systems contain many artifacts that are not written in a traditional programming language, such as configuration files and interface specifications. QL gives you the flexibility to query those artifacts along with your source code. As your engineering process introduces new artifact types over time, Semmle can adapt by enabling you to easily write new analyses to support them.