This open source repository contains demos of Semmle's products: QL and LGTM. Many of the demos are examples of security vulnerabilities that were found by a QL query. These demos contain step-by-step instructions on how to build a QL query that finds the vulnerability.
How do I run the demos?
Each demo consists of a snapshot database and a series of query files. Each query is annotated with useful information to explain its purpose. To run a demo, import the associated files into the QL for Eclipse plugin, and run the queries. For detailed instructions on installing QL for Eclipse, importing snapshots, and running queries, see the QL for Eclipse online help. You can also run the queries in the interactive query console on LGTM.
How do I learn more about QL?
QL is Semmle's variant analysis engine, and there is extensive documentation available to help you learn to write your own queries. You can also explore the QL queries and libraries by visiting the Semmle/ql repository. QL is open source, and we welcome contributions or improvements from the community–see our contributing guidelines for further information.