Writing QL queries

If you are familiar with QL, you can modify the exisiting Semmle queries or write custom queries to analyze, improve and secure your own projects. Get started by reading the information for query writers and viewing the examples provided below.

Information for query writers

Visit Learning QL to find basic information about QL, as well as help and advice on writing QL for specific programming languages. To learn more about the structure of query files, the key information to include when writing your own QL queries, and how to format your QL for clarity and consistency, see the following topics:

Viewing the built-in QL queries

The easiest way to get started writing your own queries is to modify an exisiting query. To view examples of the queries included in the latest release of the Semmle tools, or to try out the QL query cookbooks, visit Exploring QL queries. You can also find all of the Semmle queries in our open source repository on GitHub.

You can also find examples of queries developed to find security vulnerabilities and bugs in open-source software projects in the Semmle demos GitHub repository and the LGTM blog.

Contributing queries

Contributions to the standard queries and libraries are very welcome–see our contributing guidelines for further information. If you are contributing a query to the open source GitHub repository, writing a custom query for LGTM, or using a custom query in an analysis with the QL command-line tools, then you need to include extra metadata in your query to ensure that the query results are interpreted and displayed correctly. See the following topics for more information on query metadata:

Query contributions to the open source GitHub repository may also have an accompanying query help file to provide information about their purpose for other users. For more information on writing query help, see the Query help style guide on GitHub.