QL training

Introduction to variant analysis with QL

Variant analysis is the process of using a known vulnerability as a seed to find similar problems in your code. Security engineers typically perform variant analysis to identify possible vulnerabilities and to ensure these threats are properly fixed across multiple code bases.

QL is Semmle’s variant analysis engine, and it is also the technology that underpins LGTM, Semmle’s community driven security analysis platform. Together, QL and LGTM provide continuous monitoring and scalable variant analysis for your projects, even if you don’t have your own team of dedicated security engineers. You can read more about using QL and LGTM in variant analysis in the LGTM blog.

Getting started with QL for variant analysis

The QL language is easy to learn, and exploring code using QL is the most efficient way to perform variant analysis.

Start learning how to use QL in variant analysis by working through the topics below, taking a look at Learning QL, or by browsing Semmle’s standard QL libraries and queries, which are avaliable in our open source repository on GitHub.

Each topic below contains a short presentation on the QL language. Examples featured in the slides explain how to write QL queries. In each topic, you can also find links to useful technical information about the QL language, QL language tutorials, and examples of QL queries that were used to find variants of security vulnerabilities in open source projects.

Introduction to QL

For more background information on the QL language, see About QL and Introduction to QL.

QL for C/C++

Other resources

To read more about how QL queries have been used in Semmle’s security research, and to read about new QL developments, visit the LGTM blog. You can find examples of the queries written by Semmle’s own security resesarchers in the Semmle Demos repository on GitHub.

There is also extensive documentation available to help you learn QL. You can use the interactive query console on LGTM.com or the QL for Eclipse plugin to try out your own queries on any of the open source projects that are currently on LGTM.