Code Exploration

Semmle™ QL, is a declarative, object-oriented query language. It is a modern variant of Datalog, and it is ideal for those who want an unbounded ability to ask questions of their code and related development team information by interrogating it the way they would any database.

Examples of the kinds of things you can do with Semmle QL include:

  • Find all instances of a security vulnerability
  • Check correct usage of an API
  • Search for usage of a specific library – where it’s used and by whom
  • Report metrics like lines of code, or number of test methods, etc.
  • Perform any other search or analysis you can imagine

QL syntax and libraries

The syntax of QL is modeled on Java, with a strong influence from other query languages like SQL. The object-oriented syntax, with support for recursion, allows you to define queries with very sophisticated logic. The complexity of that logic can be hidden from query users and made reusable by storing it in query libraries.

Semmle includes query libraries for many different programming languages. They implement rules for performing static code analysis on applications written in Java, JavaScript, C, C++, C#, Objective-C, Objective-C++, Scala, and Python (which versions are supported?). The underlying technology in Semmle makes it easy to add support for new languages. We simply build an extractor that loads code written in the language into the Semmle knowledge base, and then create a query library for the new language.

The Semmle query libraries are totally open. The source code for them is included with Semmle. They contain hundreds of queries that you can use as examples to build on or customize to support your specific definitions of coding best practices standards.

QL in the wild

Using QL, any developer can quickly and simply write highly customized queries to be executed across a code base. For example:

Mining all software engineering data

Software systems contain many artifacts that are not written in a traditional programming language, such as configuration files and interface specifications. QL gives you the flexibility to query those artifacts along with your source code. As your engineering process introduces new artifact types over time, Semmle can adapt  by enabling you to easily write new analyses to support them.