hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-12 05:01:06 +01:00
Code Issues Packages Projects Releases Wiki Activity
85,812 Commits 1,690 Branches 160 Tags
22e9b42808f7aea4ce6dea1c92e71816b4c08a0a
Commit Graph

3125 Commits

Author SHA1 Message Date
yoff
5ad42f8bcc Merge pull request #20563 from microsoft/azure_python_sdk_url_summary_upstream 
Azure python sdk url summary upstream
 2026-02-09 18:34:36 +01:00
REDMOND\brodes
8459eec239 Moving the SsrfSink concept into Concepts.qll, and renaming to HttpClientRequestFromModel as suggested in PR review. 2026-02-06 09:26:49 -05:00
Ben Rodes
ac1987f264 Update python/ql/lib/change-notes/2025-09-30-azure_ssrf_models.md 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2026-02-05 15:44:44 -05:00
Taus
8c27437628 Python: Bump extractor version and add change note 2026-02-05 13:50:54 +00:00
REDMOND\brodes
0a88425170 Python: Altering SSRF MaD to use 'request-forgery' tag. Update to test cases expected results, off by one line. Changed to using ModelOutput::sinkNode. 2026-02-04 09:04:22 -05:00
Ben Rodes
cd73dcfb04 Merge branch 'main' into azure_python_sdk_url_summary_upstream 2026-02-04 08:55:38 -05:00
github-actions[bot]
73d06f26cb Post-release preparation for codeql-cli-2.24.1 2026-02-02 14:04:26 +00:00
Ben Rodes
7ddfa80399 Merge branch 'main' into azure_python_sdk_url_summary_upstream 2026-02-02 09:00:35 -05:00
github-actions[bot]
0db542e9f0 Release preparation for version 2.24.1 2026-02-02 12:09:09 +00:00
Owen Mansel-Chan
5204255615 Merge pull request #21234 from owen-mc/python/convert-sanitizers-to-mad 
Python: Allow models-as-data sanitizers
 2026-01-30 14:28:39 +00:00
Owen Mansel-Chan
0222159df5 Specify vulnerable args instead of safe ones 2026-01-30 14:10:03 +00:00
yoff
8c0baefd3b Merge pull request #21141 from mbaluda/prompt-injection 
Python: Prompt injection in OpenAI clients
 2026-01-30 12:55:56 +01:00
Owen Mansel-Chan
a3885cd8b2 Replace sanitizer by exclusion from sink definition 2026-01-30 09:28:02 +00:00
Owen Mansel-Chan
b4cb2c3f13 Make qldoc slightly more specific 2026-01-30 09:28:01 +00:00
Owen Mansel-Chan
ef6332c581 Allow MaD sanitizers for queries with MaD sinks 2026-01-30 09:27:59 +00:00
Owen Mansel-Chan
ad6f800022 Pretty print model numbers in tests 2026-01-30 09:21:24 +00:00
yoff
e7a0fc7140 python: Add query for prompt injection 
This pull request introduces a new CodeQL query for detecting prompt injection vulnerabilities in Python code targeting AI prompting APIs such as agents and openai. The changes includes a new experimental query, new taint flow and type models, a customizable dataflow configuration, documentation, and comprehensive test coverage.
 2026-01-29 23:47:52 +01:00
Jon Janego
e54d7c7c73 Update CHANGELOG.md 2026-01-29 16:20:25 -06:00
Jon Janego
813d4639ca Fix typo in taint flow model for urllib.parse 2026-01-29 16:18:21 -06:00
Taus
34800d1519 Merge pull request #20945 from joefarebrother/python-websockets 
Python: Model remote flow sources for the `websockets` library
 2026-01-29 15:47:46 +01:00
Tom Hvitved
b974a84bef Merge pull request #21051 from hvitved/shared/flow-summary-provenance-filtering 
Shared: Provenance-based filtering of flow summaries
 2026-01-26 17:24:34 +01:00
Tom Hvitved
0f6bae0ae1 Add change notes 2026-01-26 12:40:22 +01:00
Tom Hvitved
0adece7cde Python: Adapt to changes in FlowSummaryImpl 2026-01-26 12:40:19 +01:00
yoff
55abc52c61 python: format file 2026-01-22 20:51:46 +01:00
yoff
d05901ad3f python/javascript/ruby: mark internal predicates 2026-01-22 17:30:24 +01:00
yoff
7f00a7f67e Update python/ql/lib/semmle/python/security/dataflow/UrlRedirectCustomizations.qll 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2026-01-22 17:30:24 +01:00
yoff
3dbfb9fa4b python: add machinery for MaD barriers 
and reinstate previously removed barrier
now as a MaD row
 2026-01-22 17:30:24 +01:00
yoff
699ed50432 python: remove barrier that can be expressed in MaD 2026-01-22 17:30:24 +01:00
Taus
5414bd2716 Merge pull request #21134 from yoff/python/support-ListElement-in-MaD 
Python support `ListElement` in MaD
 2026-01-20 23:38:02 +01:00
yoff
fa926456ef python: add changenote 2026-01-20 18:16:03 +01:00
Ian Lynagh
82e9ea2da0 python: Add up/downgrade scripts 2026-01-20 11:56:16 +00:00
Ian Lynagh
d2da49220b python: Regenerate dbscheme 2026-01-20 11:56:15 +00:00
github-actions[bot]
48475e66af Post-release preparation for codeql-cli-2.24.0 2026-01-19 15:49:08 +00:00
github-actions[bot]
4142b9c4ce Release preparation for version 2.24.0 2026-01-19 14:49:14 +00:00
Asger F
ff580410fe Merge pull request #20733 from asgerf/js/incremental-api-graphs 
JS: Incremental API graph
 2026-01-14 12:49:41 +01:00
yoff
6c4a0bb52b Merge pull request #20990 from github/tausbn/python-support-relaxed-exception-groups 
Python: Add support for PEP-758 exception syntax
 2026-01-13 19:04:27 +01:00
Ian Lynagh
dcd0a69759 Merge remote-tracking branch 'upstream/main' into igfoo/mb 2026-01-13 01:01:35 +00:00
Taus
8c90c113c2 Update change note to reflect Python 2 changes 2026-01-12 15:27:38 +00:00
Chris Smowton
44089d84a3 Merge pull request #21102 from github/smowton/admin/respect-config-paths-filters-pre-finalize 
All languages: account for paths and paths-ignore in XML and other ancillary extraction
 2026-01-09 16:23:26 +00:00
Taus
89ddd67ebe Merge pull request #21002 from github/tausbn/python-add-models-for-zstd-compression 
Python: Add modelling for `zstd.compression`
 2026-01-09 14:05:06 +01:00
yoff
1ac3706e75 Python support ListElement in MaD 2026-01-09 13:08:06 +01:00
Asger F
869efb8a48 JS: Sync ApiGraphModels.qll 2026-01-07 11:05:41 +01:00
github-actions[bot]
2cb932cf5d Post-release preparation for codeql-cli-2.23.9 2026-01-06 15:42:16 +00:00
Taus
4a567ad75e Python: Add change note 2026-01-06 13:40:38 +00:00
Chris Smowton
6ed24f22b5 Change notes 2026-01-06 13:01:37 +00:00
github-actions[bot]
c00663766e Release preparation for version 2.23.9 2026-01-05 11:57:06 +00:00
Taus
6b03130755 Python: Fix bad join in import_points_to 2025-12-18 12:03:40 +00:00
Taus
4d45b5839d Python: Add change note 2025-12-16 23:57:58 +01:00
Taus
b9616eb639 Python: Add stats 
Not actually based on any measurements, just the usual 100/1000 stuff.
 2025-12-16 23:57:58 +01:00
Taus
82c629ada8 Python: Add up-/downgrade scripts for template literals 
We do the usual thing. Downgrade scripts remove the relevant relations;
upgrade scripts do nothing.
 2025-12-16 23:57:58 +01:00