Overview

This space contains one page for each of the C++ built-in queries for the most recent release of the QL tools. Each page contains:

  • Summary of key metadata for the query
  • QL code for the query
  • Help information for the query
  • Labels derived from the query metadata

About the queries

The queries built into the QL tools include queries that:

  • Run on LGTM—selected because they find issues that are important to the majority of developers and/or the results have a very high precision. That is, a high percentage of the alerts they report are true results. For a list of all the default LGTM queries, see LGTM.com and search: language=cpp. Note that the results may include queries that are scheduled for release next version of Semmle's product range.
  • Generate additional alerts—some of these queries are relevant only if you're working in a field which has special coding standards, for example, the Joint Strike Fighter Air Vehicle C++ Coding Standard.
  • Calculate metrics—these give you more general information about a project.
  • Demonstrate other ways to output data using QL—for example, generating a table, chart or graph of results. These are intended to be run using the QL plugins and extensions.

Exploring the queries

The heatmap below shows the labels for C++ built-in queries, click a label to view all queries with that tag or query type.

This document contains the help for all the C++ built-in queries for the most recent release of the QL tools.

About the security queries

There are two query suites for C security analysis: default and all. For most projects we recommend that you run queries from the default suite. The all suite contains a few additional rules which perform points-to analysis and may timeout on some projects. These rules test for the following CWEs:

 

Security analysis testing