Skip to content

ONEKEY Query Language

The ONEKEY Query Language (OQL) is the most powerful and flexible way to search in issues, CVEs, and firmware images. Use OQL to specify advanced search criteria under the Analysis Profile function, with the GraphQL console, or in any API call.

Writing a query

OQL queries can consist of four elements: fields, values, operators, and keywords.

  • Fields represent different types of context-specific chunk of information in the system. For example, when querying issues, a field element corresponds to issue-related information such as severity, confidence, type, or file path. When querying firmware images, a field element stands for firmware-related information like product, product category, or product ID.
  • Operators define the type of comparison between the field and the value element. Some frequently used operators are: = (equals), != (not equals), < (less than).
  • Values are the actual data in the query. They are usually the item property for which we are looking for.
  • Keywords are special words in OQL that can link two or more clauses or negate part or all of a query.

The below is an example for a simple query:

severity = HIGH

It uses the field element severity followed by the = (equals) operator ending with the value HIGH to list all high severity issues.

Here is a more complex example:

severity = CRITICAL AND confidence != LOW

This compound query consists of two parts. The first uses the severity field with the = (equals) operator followed by the CRITICAL value to list all critical severity issues. The second part uses the confidence field, the != (not equals) operator, and the value LOW to list all the issues where confidence is not low. The two parts are connected with the AND keyword (meaning both must apply) to get all CRITICAL issues where the confidence is not LOW.

Note

OQL ignores extra white space.

Operator precedence and grouping

By default, statements are evaluated from left to right, but you can use parentheses () to enforce precedence. Parentheses can also be used to group clauses so that you can apply operations to the group as a whole (such as negation with the NOT keyword).

For example, if you want to search for all critical severity issues, as well as all high severity issues with high confidence, use parentheses to group the severity and confidence fields and their corresponding values:

severity = CRITICAL OR (severity = HIGH AND confidence = HIGH)