hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-19 20:01:09 +02:00
Code Issues Packages Projects Releases Wiki Activity
88,098 Commits 1,780 Branches 169 Tags
018ba92b1e97932ef473d644319eb17e371c398e
Commit Graph

27 Commits

Author SHA1 Message Date
Sotiris Dragonas
72bc52b2fd Python: promote prompt injection queries from experimental to production 
Mirror the JavaScript layout from PR #21953:
- Move SystemPromptInjection.ql / UserPromptInjection.ql to src/Security/CWE-1427
- Move customizations, query and framework libs to python/ql/lib
- Move the AIPrompt concept to the production Concepts.qll
- Drop the experimental tag; py/system-prompt-injection (high precision) now
  joins the code-scanning, security-extended and security-and-quality suites,
  while py/user-prompt-injection (low precision) stays out of the default suites
- Move query tests to python/ql/test/query-tests/Security

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-06-18 16:30:29 +03:00
Sotiris Dragonas
db493ef30a Python: port prompt injection queries (system + user) from JS PR #21953 
Replace the experimental py/prompt-injection query with two queries mirroring
the JavaScript split:
- py/system-prompt-injection (system prompt / tool description / developer prompt)
- py/user-prompt-injection (user-role prompt)

Supports OpenAI (+Agents), Anthropic, Google GenAI, LangChain and OpenRouter
via MaD models plus role-filtered framework sinks that MaD cannot express.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-06-18 13:52:51 +03:00
yoff
e7a0fc7140 python: Add query for prompt injection 
This pull request introduces a new CodeQL query for detecting prompt injection vulnerabilities in Python code targeting AI prompting APIs such as agents and openai. The changes includes a new experimental query, new taint flow and type models, a customizable dataflow configuration, documentation, and comprehensive test coverage.
 2026-01-29 23:47:52 +01:00
Joe Farebrother
654ed9ca12 Update integration tests 2025-09-24 10:58:53 +01:00
Michael Nebel
c2628fe1df Python: Update integration tests expected output. 2025-09-11 08:44:18 +02:00
Michael Nebel
7c58098f12 Python: Update integration tests expected output. 2025-09-10 16:08:14 +02:00
Joe Farebrother
72df584e9b Update integration test outout and fix qhelp 2025-09-01 15:12:51 +01:00
Joe Farebrother
74a312735c Update integration test output 2025-09-01 15:11:58 +01:00
Joe Farebrother
7ef2b01119 Merge pull request #20142 from joefarebrother/python-qual-subclass-shadow 
Python: Modernise Superclass attribute shadows subclass method query
 2025-08-28 13:40:26 +01:00
Joe Farebrother
1efc09bbba Update integration tests 2025-07-30 15:54:39 +01:00
Joe Farebrother
0f04a8b2c0 Update integration test output 2025-07-14 14:35:12 +01:00
Joe Farebrother
61af4e4514 Add changenote and update integraion test output 2025-07-14 11:00:05 +01:00
Joe Farebrother
e67f057b85 Update integration test output 2025-06-19 14:09:55 +01:00
Joe Farebrother
09516a47d3 Fix integration test output 2025-06-19 14:08:42 +01:00
Joe Farebrother
d28a19c961 Update integration test output & add changenote 2025-06-19 14:08:30 +01:00
Jeroen Ketema
dd1c09769f Python: Fix integration test 2025-06-19 13:36:57 +02:00
Joe Farebrother
4ae72dbad6 Merge pull request #19709 from joefarebrother/python-qual-init-call-subclass 
Python: Modernize the init-calls-subclass query
 2025-06-18 14:21:25 +01:00
Tamas Vajk
e6a9ff08a3 Adjust query-suite integration test expected files 2025-06-18 13:10:34 +02:00
Tamas Vajk
40274dcd69 Add code-quality-extended query suites 2025-06-18 13:10:34 +02:00
Joe Farebrother
547c03cee6 Update tests 2025-06-17 13:58:27 +01:00
Joe Farebrother
2c8896848f Update integration test output 2025-06-17 13:58:22 +01:00
Joe Farebrother
e04dea10c8 Merge pull request #19554 from joefarebrother/python-qual-iter-not-return-self 
Python: Modernize iter not returning self query
 2025-06-13 13:13:31 +01:00
Joe Farebrother
b15fec0fb9 Fix qhelp and tests 2025-05-23 14:17:21 +01:00
Joe Farebrother
06504f2cb6 Update tests 2025-05-23 13:04:56 +01:00
Michael Nebel
530025b7ae Update integration tests expected output. 2025-05-19 09:26:47 +02:00
Tamas Vajk
fdeac95714 Use code-quality-selectors in Python suite 2025-04-29 16:23:22 +02:00
Tamas Vajk
a408e216ae Add query suite inclusion tests for cpp, python 2025-04-29 08:45:01 +02:00