hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-11 20:51:06 +01:00
Code Issues Packages Projects Releases Wiki Activity
85,841 Commits 1,689 Branches 160 Tags
main
Commit Graph

9749 Commits

Author SHA1 Message Date
yoff
5ad42f8bcc Merge pull request #20563 from microsoft/azure_python_sdk_url_summary_upstream 
Azure python sdk url summary upstream
 2026-02-09 18:34:36 +01:00
REDMOND\brodes
8459eec239 Moving the SsrfSink concept into Concepts.qll, and renaming to HttpClientRequestFromModel as suggested in PR review. 2026-02-06 09:26:49 -05:00
Ben Rodes
ac1987f264 Update python/ql/lib/change-notes/2025-09-30-azure_ssrf_models.md 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2026-02-05 15:44:44 -05:00
Taus
8c27437628 Python: Bump extractor version and add change note 2026-02-05 13:50:54 +00:00
Taus
12ee93042b Python: Add tests 2026-02-05 13:47:24 +00:00
Taus
bac356c9a1 Python: Regenerate parser files 2026-02-05 13:46:59 +00:00
Taus
68c1a3d389 Python: Fix syntax error when = is used as a format fill character 
An example (provided by @redsun82) is the string `f"{x:=^20}"`. Parsing
this (with unnamed nodes shown) illustrates the problem:

```
module [0, 0] - [2, 0]
  expression_statement [0, 0] - [0, 11]
    string [0, 0] - [0, 11]
      string_start [0, 0] - [0, 2]
      interpolation [0, 2] - [0, 10]
        "{" [0, 2] - [0, 3]
        expression: named_expression [0, 3] - [0, 9]
          name: identifier [0, 3] - [0, 4]
          ":=" [0, 4] - [0, 6]
          ERROR [0, 6] - [0, 7]
            "^" [0, 6] - [0, 7]
          value: integer [0, 7] - [0, 9]
        "}" [0, 9] - [0, 10]
      string_end [0, 10] - [0, 11]
```
Observe that we've managed to combine the format specifier token `:` and
the fill character `=` in a single token (which doesn't match the `:` we
expect in the grammar rule), and hence we get a syntax error.

If we change the `=` to some other character (e.g. a `-`), we instead
get

```
module [0, 0] - [2, 0]
  expression_statement [0, 0] - [0, 11]
    string [0, 0] - [0, 11]
      string_start [0, 0] - [0, 2]
      interpolation [0, 2] - [0, 10]
        "{" [0, 2] - [0, 3]
        expression: identifier [0, 3] - [0, 4]
        format_specifier: format_specifier [0, 4] - [0, 9]
          ":" [0, 4] - [0, 5]
        "}" [0, 9] - [0, 10]
      string_end [0, 10] - [0, 11]
```
and in particular no syntax error.

To fix this, we want to ensure that the `:` is lexed on its own, and the
`token(prec(1, ...))` construction can be used to do exactly this.

Finally, you may wonder why `=` is special here. I think what's going on
is that the lexer knows that `:=` is a token on its own (because it's
used in the walrus operator), and so it greedily consumes the following
`=` with this in mind.
 2026-02-05 13:45:54 +00:00
REDMOND\brodes
0a88425170 Python: Altering SSRF MaD to use 'request-forgery' tag. Update to test cases expected results, off by one line. Changed to using ModelOutput::sinkNode. 2026-02-04 09:04:22 -05:00
Ben Rodes
cd73dcfb04 Merge branch 'main' into azure_python_sdk_url_summary_upstream 2026-02-04 08:55:38 -05:00
Owen Mansel-Chan
3f08ff88a4 Pretty print models in test 
Otherwise the tests breaks when unrelated changes are made because the
model numbers change
 2026-02-04 10:52:44 +00:00
github-actions[bot]
73d06f26cb Post-release preparation for codeql-cli-2.24.1 2026-02-02 14:04:26 +00:00
Ben Rodes
7ddfa80399 Merge branch 'main' into azure_python_sdk_url_summary_upstream 2026-02-02 09:00:35 -05:00
github-actions[bot]
0db542e9f0 Release preparation for version 2.24.1 2026-02-02 12:09:09 +00:00
Owen Mansel-Chan
5204255615 Merge pull request #21234 from owen-mc/python/convert-sanitizers-to-mad 
Python: Allow models-as-data sanitizers
 2026-01-30 14:28:39 +00:00
Owen Mansel-Chan
0222159df5 Specify vulnerable args instead of safe ones 2026-01-30 14:10:03 +00:00
yoff
8c0baefd3b Merge pull request #21141 from mbaluda/prompt-injection 
Python: Prompt injection in OpenAI clients
 2026-01-30 12:55:56 +01:00
Owen Mansel-Chan
a3885cd8b2 Replace sanitizer by exclusion from sink definition 2026-01-30 09:28:02 +00:00
Owen Mansel-Chan
b4cb2c3f13 Make qldoc slightly more specific 2026-01-30 09:28:01 +00:00
Owen Mansel-Chan
ef6332c581 Allow MaD sanitizers for queries with MaD sinks 2026-01-30 09:27:59 +00:00
Owen Mansel-Chan
ad6f800022 Pretty print model numbers in tests 2026-01-30 09:21:24 +00:00
yoff
e7a0fc7140 python: Add query for prompt injection 
This pull request introduces a new CodeQL query for detecting prompt injection vulnerabilities in Python code targeting AI prompting APIs such as agents and openai. The changes includes a new experimental query, new taint flow and type models, a customizable dataflow configuration, documentation, and comprehensive test coverage.
 2026-01-29 23:47:52 +01:00
Jon Janego
e54d7c7c73 Update CHANGELOG.md 2026-01-29 16:20:25 -06:00
Jon Janego
813d4639ca Fix typo in taint flow model for urllib.parse 2026-01-29 16:18:21 -06:00
Taus
34800d1519 Merge pull request #20945 from joefarebrother/python-websockets 
Python: Model remote flow sources for the `websockets` library
 2026-01-29 15:47:46 +01:00
Tom Hvitved
b974a84bef Merge pull request #21051 from hvitved/shared/flow-summary-provenance-filtering 
Shared: Provenance-based filtering of flow summaries
 2026-01-26 17:24:34 +01:00
Tom Hvitved
0f6bae0ae1 Add change notes 2026-01-26 12:40:22 +01:00
Tom Hvitved
0adece7cde Python: Adapt to changes in FlowSummaryImpl 2026-01-26 12:40:19 +01:00
yoff
55abc52c61 python: format file 2026-01-22 20:51:46 +01:00
yoff
d05901ad3f python/javascript/ruby: mark internal predicates 2026-01-22 17:30:24 +01:00
yoff
7f00a7f67e Update python/ql/lib/semmle/python/security/dataflow/UrlRedirectCustomizations.qll 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2026-01-22 17:30:24 +01:00
yoff
3dbfb9fa4b python: add machinery for MaD barriers 
and reinstate previously removed barrier
now as a MaD row
 2026-01-22 17:30:24 +01:00
yoff
699ed50432 python: remove barrier that can be expressed in MaD 2026-01-22 17:30:24 +01:00
Taus
5414bd2716 Merge pull request #21134 from yoff/python/support-ListElement-in-MaD 
Python support `ListElement` in MaD
 2026-01-20 23:38:02 +01:00
yoff
fa926456ef python: add changenote 2026-01-20 18:16:03 +01:00
Ian Lynagh
82e9ea2da0 python: Add up/downgrade scripts 2026-01-20 11:56:16 +00:00
Ian Lynagh
d2da49220b python: Regenerate dbscheme 2026-01-20 11:56:15 +00:00
Ian Lynagh
d1175276ca python: Use more standard shared dbscheme sections 
We now use the shared "Overlay support" and "Database metadata".
 2026-01-20 11:56:13 +00:00
Ian Lynagh
d125e224ac python: Add dbscheme regeneration instructions 2026-01-20 11:56:13 +00:00
github-actions[bot]
48475e66af Post-release preparation for codeql-cli-2.24.0 2026-01-19 15:49:08 +00:00
github-actions[bot]
4142b9c4ce Release preparation for version 2.24.0 2026-01-19 14:49:14 +00:00
Asger F
ff580410fe Merge pull request #20733 from asgerf/js/incremental-api-graphs 
JS: Incremental API graph
 2026-01-14 12:49:41 +01:00
yoff
6c4a0bb52b Merge pull request #20990 from github/tausbn/python-support-relaxed-exception-groups 
Python: Add support for PEP-758 exception syntax
 2026-01-13 19:04:27 +01:00
Ian Lynagh
dcd0a69759 Merge remote-tracking branch 'upstream/main' into igfoo/mb 2026-01-13 01:01:35 +00:00
Taus
8c90c113c2 Update change note to reflect Python 2 changes 2026-01-12 15:27:38 +00:00
Taus
659ec3999b Mark generated files as generated 2026-01-12 15:24:01 +00:00
Chris Smowton
44089d84a3 Merge pull request #21102 from github/smowton/admin/respect-config-paths-filters-pre-finalize 
All languages: account for paths and paths-ignore in XML and other ancillary extraction
 2026-01-09 16:23:26 +00:00
Taus
89ddd67ebe Merge pull request #21002 from github/tausbn/python-add-models-for-zstd-compression 
Python: Add modelling for `zstd.compression`
 2026-01-09 14:05:06 +01:00
yoff
1ac3706e75 Python support ListElement in MaD 2026-01-09 13:08:06 +01:00
Taus
8602a2d59b Python: Use correct first parameter name for zstd call 
Co-authored-by: yoff <yoff@github.com>
 2026-01-07 14:47:11 +01:00
Asger F
869efb8a48 JS: Sync ApiGraphModels.qll 2026-01-07 11:05:41 +01:00