Use the PrettyPrintModels postprocess so the test reports a stable
per-test model index instead of a brittle global MaD number that drifts
when models are added elsewhere.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Preparatory refactor for the shared-CFG dataflow migration.
Deprecates the AstNode.getAFlowNode() cached predicate on the public
Python QL API and rewrites all ~140 internal callers across lib/, src/,
test/, and tools/ from `expr.getAFlowNode() = cfgNode` to
`cfgNode.getNode() = expr`, using ControlFlowNode.getNode() which
already exists in Flow.qll.
The predicate itself is preserved (with a deprecation note pointing at
the new pattern) so external users do not experience churn — they can
migrate at their own pace and the AST/CFG hierarchies still get the
intended untangling once the deprecation eventually elapses.
Semantic noop verified by:
- All 361 lib/ + src/ queries compile clean.
- All 122 ControlFlow + PointsTo library-tests pass.
- All 64 dataflow library-tests pass.
- All 113 Variables/Exceptions/Expressions/Statements/Functions/Imports/
Security/CWE-798/ModificationOfParameterWithDefault query-tests pass.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Verified all prompt-injection framework models against the real Python
SDK sources:
- OpenRouter: the official openrouter SDK uses client.chat.send(messages=)
(not chat.completions.create), client.embeddings.generate(input=) (not
embeddings.create), and client.responses.send(input=, instructions=).
Corrected the framework qll and model, and fixed the test files that
used the wrong API.
- Anthropic: added the managed-agents system prompt sink
(beta.agents.create/update Argument[system:]).
- Google GenAI: added models.edit_image Argument[prompt:] as user content.
OpenAI, agents and LangChain models were confirmed correct against their
SDK sources.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Mirror the JavaScript layout from PR #21953:
- Move SystemPromptInjection.ql / UserPromptInjection.ql to src/Security/CWE-1427
- Move customizations, query and framework libs to python/ql/lib
- Move the AIPrompt concept to the production Concepts.qll
- Drop the experimental tag; py/system-prompt-injection (high precision) now
joins the code-scanning, security-extended and security-and-quality suites,
while py/user-prompt-injection (low precision) stays out of the default suites
- Move query tests to python/ql/test/query-tests/Security
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
We now find an alert on this line as we hope to
It is not an alert for _full_ SSRF, though, since that configuration cannot handle multiple substitutions.
- remove `tupleStoreStep` and `dictStoreStep` from `containerStep`
These are imprecise compared to the content being precise.
- add implicit reads to recover taint at sinks
- add implicit read steps for decoders
to supplement the `AdditionalTaintStep`
that now only covers when the full container is tainted.