CodeQL queries¶
CodeQL queries are used in code scanning analyses to find problems in source code, including potential security vulnerabilities.
- About CodeQL queries: CodeQL queries are used to analyze code for issues related to security, correctness, maintainability, and readability.
- Metadata for CodeQL queries: Metadata tells users important information about CodeQL queries. You must include the correct query metadata in a query to be able to view query results in source code.
- Query help files: Query help files tell users the purpose of a query, and recommend how to solve the potential problem the query finds.
- Defining the results of a query: You can control how analysis results are displayed in source code by modifying a query’s
select
statement. - Providing locations in CodeQL queries: CodeQL includes mechanisms for extracting the location of elements in a codebase. Use these mechanisms when writing custom CodeQL queries and libraries to help display information to users.
- About data flow analysis: Data flow analysis is used to compute the possible values that a variable can hold at various points in a program, determining how those values propagate through the program and where they are used.
- Creating path queries: You can create path queries to visualize the flow of information through a codebase.
- Troubleshooting query performance: Improve the performance of your CodeQL queries by following a few simple guidelines.
- Debugging data-flow queries using partial flow: If a data-flow query doesn’t produce the results you expect to see, you can use partial flow to debug the problem..