Queries are labeled with one or more category tags. The most common query categories are
readability. There are other categories, such as
frameworks, but these do not apply to all supported languages. These are not described here.
In addition to these broad categories, tags are used to group other related queries. For example:
securitytag denotes a security query.
- Tags of the form
external/cwe/cwe-xxxindicate that the query reports alerts that break the MITRE CWE-xxx (Common Weakness Enumeration) rule.
Common query tags
Correctness queries detect common coding mistakes. The corresponding alerts could easily lead to defects in the software.
- Addressing coding problems highlighted by this category immediately reduces the likelihood of defects in the current code and in future releases of the product.
- Coding mistakes are often relatively localized and so they can usually be addressed without affecting other components.
- Reducing the number of alerts of this type typically results in the reporting of fewer defects by QA departments.
Maintainability queries detect opportunities for structural improvement. They highlight areas where it is difficult for developers to augment or maintain the code.
- Alerts reported by maintainability queries usually represent a long-term risk to the ability to work with the code.
- Structural improvements typically require changes to multiple components and so should only be planned as part of a concerted refactoring effort.
- Improving the maintainability of frequently updated code is likely to result in substantial cost and time-savings.
- There is usually little benefit in improving the structure of infrequently updated code.
Readability queries detect confusing or dangerous patterns that make it harder for developers to make correct changes to the code. This type of alerts increase the risk that developers will introduce new defects in future changes to the code.
- Addressing alerts reported by readability queries proactively reduces the risk associated with future changes to the code.
- Readability improvements typically require localized changes to the code and so they can usually be addressed without affecting other components.
- Improved readability is likely to result in higher productivity for developers maintaining and extending this code.
Security queries detect security vulnerabilities which an attacker can exploit, putting your software and any related data at risk. Note that not all CWE queries have a security tag, because some relate to bad coding practices rather than security weaknesses. In LGTM, we only use the security tag for queries that identify security risks.
You can see query tags ( below) on the following pages in LGTM:
- The project Alerts page
- The My Alerts page
- The help for the query. To display the help for a query:
- Click the question mark () for the alert on the Alerts tab, or
- Search for a query and click its name in the search results
Can I search for queries using tags?
You can search for queries in LGTM in the same way that you search for projects or people. You can also use tags in your search. See Searching for more information.
Clicking a tag (in green) on the query's help takes you to a page showing queries that match the search for that tag.
For example, if you click the
maintainability tag in the query help page above, you see a page that returns all the queries with that tag: