官方文档
https://codeql.github.com/docs/ql-language-reference/formulas/

比较

  1. <expression> <operator> <expression>

顺序运算符

, >=, <, <=

相等运算符

=, !=

示例

  1. 1 != [1..2] 成立,因为 1!=2
  1. 1 = [1..2] 成立,因为 1=1
  1. not 1 = [1..2] 不成立
  1. 1 != none 不成立
  1. 1 = none 不成立
  1. not 1=none 成立

类型检查

  1. <expression> instanceof <type>

范围检查

语法

  1. <expression> in <range>

示例

  1. predicate getFoo(int i){
  2.     i in [1..9]
  3. }

括号公式

用来增加可读性

量化公式

显式量词

exists
forall
forex

隐式量词

dot’s care expression

逻辑连接词

默认优先级:not、if then else、and、or、implies

not

  1. from File f
  2. where not f.getFileType().isHtml()
  3. select f

if … then … else

  1. string visibility(Class c){
  2.   if c.isPublic()
  3.   then result = "public"
  4.   else result = "private"
  5. }

and

  1. from File f
  2. where f.getExtension() = "js" and
  3.   f.getNumberOfLinesOfCode() < 200
  4. select f

or

  1. class OneTwoThree extends int {
  2.   OneTwoThree() {
  3.     this = 1 or this = 2 or this = 3
  4.   }
  5. }

implies

  1. A implies B

<=>

  1. (not A) or B

优先级