Supported languages and frameworks¶
View the languages, libraries, and frameworks supported in the latest version of CodeQL.
Languages and compilers¶
CodeQL supports the following languages and compilers.
| Language | Variants | Compilers | Extensions |
|---|---|---|---|
| C/C++ | C89, C99, C11, C18, C++98, C++03, C++11, C++14, C++17 | Clang (and clang-cl [1]) extensions (up to Clang 9.0), GNU extensions (up to GCC 9.2), Microsoft extensions (up to VS 2019), Arm Compiler 5 [2] |
.cpp, .c++, .cxx, .hpp, .hh, .h++, .hxx, .c, .cc, .h |
| C# | C# up to 9.0 | Microsoft Visual Studio up to 2019 with .NET up to 4.8, .NET Core up to 3.1 .NET 5 |
.sln, .csproj, .cs, .cshtml, .xaml |
| Go (aka Golang) | Go up to 1.16 | Go 1.11 or more recent | .go |
| Java | Java 7 to 15 [3] | javac (OpenJDK and Oracle JDK), Eclipse compiler for Java (ECJ) [4] |
.java |
| JavaScript | ECMAScript 2021 or lower | Not applicable | .js, .jsx, .mjs, .es, .es6, .htm, .html, .xhm, .xhtml, .vue, .json, .yaml, .yml, .raml, .xml [5] |
| Python | 2.7, 3.5, 3.6, 3.7, 3.8 | Not applicable | .py |
| TypeScript [6] | 2.6-4.2 | Standard TypeScript compiler | .ts, .tsx |
| [1] | Support for the clang-cl compiler is preliminary. |
| [2] | Support for the Arm Compiler (armcc) is preliminary. |
| [3] | Builds that execute on Java 7 to 15 can be analyzed. The analysis understands Java 15 standard language features. |
| [4] | ECJ is supported when the build invokes it via the Maven Compiler plugin or the Takari Lifecycle plugin. |
| [5] | JSX and Flow code, YAML, JSON, HTML, and XML files may also be analyzed with JavaScript files. |
| [6] | TypeScript analysis is performed by running the JavaScript extractor with TypeScript enabled. This is the default for LGTM. |
Frameworks and libraries¶
The libraries and queries in the current version of CodeQL have been explicitly checked against the libraries and frameworks listed below.
Tip
If you’re interested in other libraries or frameworks, you can extend the analysis to cover them. For example, by extending the data flow libraries to include data sources and sinks for additional libraries or frameworks.
C and C++ built-in support¶
| Name | Category |
|---|---|
| Bloomberg Standard Library | Utility library |
| Berkeley socket API library | Network communicator |
| string.h | String library |
C# built-in support¶
| Name | Category |
|---|---|
| ASP.NET | Web application framework |
| ASP.NET Core | Web application framework |
| ASP.NET Razor templates | Web application framework |
| Dapper | Database ORM |
| EntityFramework | Database ORM |
| EntityFramework Core | Database ORM |
| Json.NET | Serialization |
| NHibernate | Database ORM |
| WinForms | User interface |
Go built-in support¶
| Name | Category |
|---|---|
| beego | Web/logging/database framework |
| Chi | Web framework |
| Couchbase (gocb and go-couchbase) | Database |
| Echo | Web framework |
| Gin | Web framework |
| glog | Logging library |
| go-pg | Database |
| go-restful | Web application framework |
| go-sh | Utility library |
| go-spew | Logging library |
| GoKit | Microservice toolkit |
| Gokogiri | XPath library |
| golang.org/x/crypto/ssh | Network communicator |
| golang.org/x/net/websocket | Network communicator |
| goproxy | HTTP proxy library |
| Gorilla mux | HTTP request router and dispatcher |
| Gorilla websocket | Network communicator |
| GORM | Database |
| GoWebsocket | Network communicator |
| goxpath | XPath library |
| htmlquery | XPath library |
| json-iterator | Serialization |
| jsonpatch | Serialization |
| jsonquery | XPath library |
| klog | Logging library |
| Logrus | Logging library |
| Macaron | Web framework |
| mongo | Database |
| nhooyr.io/websocket | Network communicator |
| protobuf | Serialization |
| Revel | Web framework |
| sqlx | Database |
| SendGrid | Email library |
| Squirrel | Database |
| ws | Network communicator |
| xmlpath | XPath library |
| xmlquery | XPath library |
| xpath | XPath library |
| xpathparser | XPath library |
| yaml | Serialization |
| zap | Logging library |
Java built-in support¶
| Name | Category |
|---|---|
| Apache Commons Lang | Utility library |
| Apache HTTP components | Network communicator |
| Guava | Utility and collections library |
| Hibernate | Database |
| iBatis / MyBatis | Database |
| Java Persistence API (JPA) | Database |
| JDBC | Database |
| Protobuf | Serialization |
| Kryo deserialization | Serialization |
| SnakeYaml | Serialization |
| Spring JDBC | Database |
| Spring MVC | Web application framework |
| Struts | Web application framework |
| Thrift | RPC framework |
| XStream | Serialization |
JavaScript and TypeScript built-in support¶
| Name | Category |
|---|---|
| angular (modern version) | HTML framework |
| angular.js (legacy version) | HTML framework |
| axios | Network communicator |
| browser | Runtime environment |
| electron | Runtime environment |
| express | Server |
| hapi | Server |
| jquery | Utility library |
| koa | Server |
| lodash | Utility library |
| mongodb | Database |
| mssql | Database |
| mysql | Database |
| node | Runtime environment |
| nest.js | Server |
| postgres | Database |
| ramda | Utility library |
| react | HTML framework |
| react native | HTML framework |
| request | Network communicator |
| sequelize | Database |
| socket.io | Network communicator |
| sqlite3 | Database |
| superagent | Network communicator |
| underscore | Utility library |
| vue | HTML framework |
Python built-in support¶
| Name | Category |
|---|---|
| Django | Web framework |
| Flask | Web framework |
| Tornado | Web framework |
| PyYAML | Serialization |
| dill | Serialization |
| fabric | Utility library |
| invoke | Utility library |
| mysql-connector-python | Database |
| MySQLdb | Database |
| psycopg2 | Database |
| sqlite3 | Database |
| cryptography | Cryptography library |
| pycryptodome | Cryptography library |
| pycryptodomex | Cryptography library |