You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/language/learn-ql/writing-queries/introduction-to-queries.rst
+21-5Lines changed: 21 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -6,12 +6,11 @@ CodeQL queries are used to analyze code for issues related to security, correctn
6
6
Overview
7
7
********
8
8
9
-
CodeQL includes queries to find the relevant and interesting problems for a each supported language. You can also write custom queries to find specific issues relevant to your own project.
10
-
11
-
The important types of query are:
9
+
CodeQL includes queries to find the most relevant and interesting problems for each supported language. You can also write custom queries to find specific issues relevant to your own project. The important types of query are:
12
10
13
11
- **Alert queries**: queries that highlight issues in specific locations in your code.
14
12
- **Path queries**: queries that describe the flow of information between a source and a sink in your code.
13
+
- **Metric queries**: queries that compute statistics for your code.
15
14
16
15
You can add custom queries to `custom query packs <https://lgtm.com/help/lgtm/about-queries#what-are-query-packs>`__ to analyze your projects in `LGTM <https://lgtm.com>`__, use them to analyze a database with the `CodeQL CLI <https://help.semmle.com/codeql/codeql-cli.html>`__, or you can contribute to the standard CodeQL queries in our `open source repository on GitHub <https://github.com/semmle/ql>`__.
17
16
@@ -24,10 +23,9 @@ You can add custom queries to `custom query packs <https://lgtm.com/help/lgtm/ab
24
23
You can explore the paths generated by path queries `directly in LGTM <https://lgtm.com/help/lgtm/exploring-data-flow-paths>`__ and in the `Results view <https://help.semmle.com/codeql/codeql-for-vscode/procedures/exploring-paths.html>`__ in VS Code.
25
24
26
25
27
-
This topic is a basic introduction to structuring query files. You can find further information on writing queries for specific programming languages `here <https://help.semmle.com/QL/learn-ql/>`__, and detailed technical information about QL in the `QL language handbook <https://help.semmle.com/QL/ql-handbook/index.html>`__ and the `QL language specification <https://help.semmle.com/QL/ql-spec/language.html>`__.
26
+
This topic is a basic introduction to query files. You can find further information on writing queries for specific programming languages `here <https://help.semmle.com/QL/learn-ql/>`__, and detailed technical information about QL in the `QL language handbook <https://help.semmle.com/QL/ql-handbook/index.html>`__ and the `QL language specification <https://help.semmle.com/QL/ql-spec/language.html>`__.
28
27
For information on how to format your code when contributing queries to the GitHub repository, see the `CodeQL style guide <https://github.com/Semmle/ql/blob/master/docs/ql-style-guide.md>`__.
29
28
30
-
31
29
Basic query structure
32
30
*********************
33
31
@@ -130,6 +128,24 @@ Select clauses for metric queries (``@kind metric``) consist of two 'columns', w
130
128
- ``element``: a code element that is identified by the query, which defines where the alert is displayed.
131
129
- ``metric``: the result of the metric that the query computes.
132
130
131
+
Viewing the standard CodeQL queries
132
+
***********************************
133
+
134
+
One of the easiest ways to get started writing your own queries is to modify an existing query. To see view the standard CodeQL queries, or to try out other examples, visit the `CodeQL <https://github.com/semmle/ql>`__ and `CodeQL for Go <https://github.com/github/codeql-qo>`__ repositories on GitHub.
135
+
136
+
You can also find examples of queries developed to find security vulnerabilities and bugs in open-source software projects on the `GitHub Security Lab website <https://securitylab.github.com/research>`__ and in the associated `repository <https://github.com/github/security-lab>`__.
137
+
138
+
Contributing queries
139
+
********************
140
+
141
+
Contributions to the standard queries and libraries are very welcome---see our `contributing guidelines <https://github.com/Semmle/ql/blob/master/CONTRIBUTING.md>`__ for further information.
142
+
If you are contributing a query to the open source GitHub repository, writing a custom query for LGTM, or using a custom query in an analysis with the CodeQL CLI, then you need to include extra metadata in your query to ensure that the query results are interpreted and displayed correctly. See the following topics for more information on query metadata:
- `Query metadata style guide on GitHub <https://github.com/Semmle/ql/blob/master/docs/query-metadata-style-guide.md>`__
146
+
147
+
Query contributions to the open source GitHub repository may also have an accompanying query help file to provide information about their purpose for other users. For more information on writing query help, see the `Query help style guide on GitHub <https://github.com/Semmle/ql/blob/master/docs/query-help-style-guide.md>`__ and the :doc:`Query help reference <query-help>`.
0 commit comments