hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-12 13:11:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into azure_python_sdk_url_summary_upstream

Browse Source
This commit is contained in:
Ben Rodes
2026-02-04 08:55:38 -05:00
committed by GitHub
parent 7ddfa80399 544931f73f
commit cd73dcfb04
209 changed files with 817 additions and 494 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
python/ql/lib/CHANGELOG.md
View File

@@ -1,3 +1,16 @@
## 6.1.0
### New Features
* It is now possible to refer to list elements in the Python models-as-data language, via the `ListElement` path.
### Minor Analysis Improvements
* The predicate `SummarizedCallable.propagatesFlow` has been extended with the columns `Provenance p` and `boolean isExact`, and as a consequence the predicates `SummarizedCallable.hasProvenance` and `SummarizedCallable.hasExactModel` have been removed.
* Added experimental query `py/prompt-injection` to detect potential prompt injection vulnerabilities in code using LLMs.
* Added taint flow model and type model for `agents` and `openai` modules.
* Remote flow sources for the `websockets` package have been modeled.
## 6.0.0
### Breaking Changes

4
python/ql/lib/change-notes/2025-12-01-websockets.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* Remote flow sources for the `websockets` package have been modeled.

5
python/ql/lib/change-notes/2026-01-02-prompt-injection.md
View File

@@ -1,5 +0,0 @@
---
category: minorAnalysis
---
* Added experimental query `py/prompt-injection` to detect potential prompt injection vulnerabilities in code using LLMs.
* Added taint flow model and type model for `agents` and `openai` modules.

4
python/ql/lib/change-notes/2026-01-16-summarized-callable.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* The predicate `SummarizedCallable.propagatesFlow` has been extended with the columns `Provenance p` and `boolean isExact`, and as a consequence the predicates `SummarizedCallable.hasProvenance` and `SummarizedCallable.hasExactModel` have been removed.

4
python/ql/lib/change-notes/2026-01-20-support-ListElement-in-python-MaD.md
View File

@@ -1,4 +0,0 @@
---
category: feature
---
* It is now possible to refer to list elements in the Python models-as-data language, via the `ListElement` path.

12
python/ql/lib/change-notes/released/6.1.0.md Normal file
View File

@@ -0,0 +1,12 @@
## 6.1.0
### New Features
* It is now possible to refer to list elements in the Python models-as-data language, via the `ListElement` path.
### Minor Analysis Improvements
* The predicate `SummarizedCallable.propagatesFlow` has been extended with the columns `Provenance p` and `boolean isExact`, and as a consequence the predicates `SummarizedCallable.hasProvenance` and `SummarizedCallable.hasExactModel` have been removed.
* Added experimental query `py/prompt-injection` to detect potential prompt injection vulnerabilities in code using LLMs.
* Added taint flow model and type model for `agents` and `openai` modules.
* Remote flow sources for the `websockets` package have been modeled.

2
python/ql/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 6.0.0
lastReleaseVersion: 6.1.0

2
python/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/python-all
version: 6.0.1-dev
version: 6.1.1-dev
groups: python
dbscheme: semmlecode.python.dbscheme
extractor: python

4
python/ql/src/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 1.7.6
No user-facing changes.
## 1.7.5
No user-facing changes.

3
python/ql/src/change-notes/released/1.7.6.md Normal file
View File

@@ -0,0 +1,3 @@
## 1.7.6
No user-facing changes.

2
python/ql/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.7.5
lastReleaseVersion: 1.7.6

2
python/ql/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/python-queries
version: 1.7.6-dev
version: 1.7.7-dev
groups:
- python
- queries

7
python/ql/test/experimental/query-tests/Security/CWE-1427-PromptInjection/PromptInjection.expected
View File

@@ -20,7 +20,7 @@ edges
| agent_instructions.py:2:26:2:32 | ControlFlowNode for ImportMember | agent_instructions.py:2:26:2:32 | ControlFlowNode for request | provenance | |
| agent_instructions.py:2:26:2:32 | ControlFlowNode for request | agent_instructions.py:7:13:7:19 | ControlFlowNode for request | provenance | |
| agent_instructions.py:2:26:2:32 | ControlFlowNode for request | agent_instructions.py:17:13:17:19 | ControlFlowNode for request | provenance | |
| agent_instructions.py:7:5:7:9 | ControlFlowNode for input | agent_instructions.py:9:50:9:89 | ControlFlowNode for BinaryExpr | provenance | Sink:MaD:94 |
| agent_instructions.py:7:5:7:9 | ControlFlowNode for input | agent_instructions.py:9:50:9:89 | ControlFlowNode for BinaryExpr | provenance | Sink:MaD:2 |
| agent_instructions.py:7:13:7:19 | ControlFlowNode for request | agent_instructions.py:7:13:7:24 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep |
| agent_instructions.py:7:13:7:24 | ControlFlowNode for Attribute | agent_instructions.py:7:13:7:37 | ControlFlowNode for Attribute() | provenance | dict.get |
| agent_instructions.py:7:13:7:37 | ControlFlowNode for Attribute() | agent_instructions.py:7:5:7:9 | ControlFlowNode for input | provenance | |
@@ -38,7 +38,7 @@ edges
| openai_test.py:12:5:12:11 | ControlFlowNode for persona | openai_test.py:41:22:41:46 | ControlFlowNode for BinaryExpr | provenance | |
| openai_test.py:12:5:12:11 | ControlFlowNode for persona | openai_test.py:63:28:63:51 | ControlFlowNode for BinaryExpr | provenance | |
| openai_test.py:12:5:12:11 | ControlFlowNode for persona | openai_test.py:80:28:80:51 | ControlFlowNode for BinaryExpr | provenance | |
| openai_test.py:12:5:12:11 | ControlFlowNode for persona | openai_test.py:92:22:92:46 | ControlFlowNode for BinaryExpr | provenance | Sink:MaD:58614 |
| openai_test.py:12:5:12:11 | ControlFlowNode for persona | openai_test.py:92:22:92:46 | ControlFlowNode for BinaryExpr | provenance | Sink:MaD:1 |
| openai_test.py:12:15:12:21 | ControlFlowNode for request | openai_test.py:12:15:12:26 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep |
| openai_test.py:12:15:12:21 | ControlFlowNode for request | openai_test.py:13:13:13:24 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep |
| openai_test.py:12:15:12:26 | ControlFlowNode for Attribute | openai_test.py:12:15:12:41 | ControlFlowNode for Attribute() | provenance | dict.get |
@@ -53,6 +53,9 @@ edges
| openai_test.py:13:13:13:19 | ControlFlowNode for request | openai_test.py:13:13:13:24 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep |
| openai_test.py:13:13:13:24 | ControlFlowNode for Attribute | openai_test.py:13:13:13:37 | ControlFlowNode for Attribute() | provenance | dict.get |
| openai_test.py:13:13:13:37 | ControlFlowNode for Attribute() | openai_test.py:13:5:13:9 | ControlFlowNode for query | provenance | |
models
| 1 | Sink: OpenAI; Member[beta].Member[assistants].Member[create].Argument[instructions:]; prompt-injection |
| 2 | Sink: agents; Member[Agent].Argument[instructions:]; prompt-injection |
nodes
| agent_instructions.py:2:26:2:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember |
| agent_instructions.py:2:26:2:32 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |

4
python/ql/test/experimental/query-tests/Security/CWE-1427-PromptInjection/PromptInjection.qlref
View File

@@ -1,2 +1,4 @@
query: experimental/Security/CWE-1427/PromptInjection.ql
postprocess: utils/test/InlineExpectationsTestQuery.ql
postprocess:
- utils/test/PrettyPrintModels.ql
- utils/test/InlineExpectationsTestQuery.ql