Using QL to find a remote code execution vulnerability in Apache Struts

Reading about CVE-2017-9805 it was really interesting to learn that the company that discovered it was using a Datalog-like language in order to query Java code for vulnerability patterns.<p><a href="https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Semmle" rel="nofollow">https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Semmle</a>