hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-23 18:33:42 +01:00
Code Issues Packages Projects Releases Wiki Activity
86,066 Commits 1,693 Branches 161 Tags
480ae619e6e499dfe9da2bbdc512a30d3f481b00
Commit Graph

2499 Commits

Author SHA1 Message Date
Taus
480ae619e6 Merge pull request #21116 from github/tausbn/python-add-dataflow-overlay-annotations 
Add `overlay[local]` annotations
 2026-02-21 13:44:09 +01:00
Taus
6b6d8862b0 Merge pull request #21288 from microsoft/azure_python_sanitizer_upstream2 
Azure python sanitizer upstream2
 2026-02-18 14:59:59 +01:00
Ben Rodes
ceb3b21e0f Update python/ql/lib/semmle/python/security/dataflow/ServerSideRequestForgeryCustomizations.qll 
Co-authored-by: Taus <tausbn@github.com>
 2026-02-17 10:28:43 -05:00
Taus
cd62cdadff Python: Fix bad join in returnStep 2026-02-16 16:48:08 +00:00
Taus
304cd12fff Python: Fix bad join in missing_imported_module 
This caused a ~30x blowup in intermediate tuples, now back to baseline.
 2026-02-16 13:48:33 +00:00
Taus
987b10ab3e Python: Fix bad join in OutgoingRequestCall 
On `keras-team/keras`, this was producing ~200 million intermediate
tuples in order to produce a total of ... 2 tuples.

After the refactor, max intermediate tuple count is ~80k for the
charpred (and 4 for the new helper predicate).
 2026-02-16 13:48:33 +00:00
Taus
72f5109ec2 Python: Add more overlay[caller] to Flow.qll 
These were causing the repo `gufolabs/noc` to spend ~30 seconds
evaluating `ControlFlowNode.strictlyDominates`. Just in case, I added
`overlay[caller] to the other instances of `pragma[inline]` as well.
 2026-02-16 13:48:33 +00:00
Taus
306d7d1b5d Python: DataFlowDispatch.qll annotations 2026-02-16 13:48:32 +00:00
Taus
7ea96c43ec Python: DataFlowPrivate.qll annotations 2026-02-16 13:48:32 +00:00
Taus
bd71db87be Python: DataFlowPublic.qll annotations 2026-02-16 13:48:32 +00:00
Taus
c46c662b72 Python: LocalSources.qll annotations 2026-02-16 13:48:32 +00:00
Taus
df0f2f8ce4 Python: Simple dataflow annotations 
None of these required any changes to the dataflow libraries, so it
seemed easiest to put them in their own commit.
 2026-02-16 13:48:32 +00:00
Taus
fd7b123ee3 Python: Add overlay annotations to AST classes 
... and everything else that it depends on.
 2026-02-16 13:48:32 +00:00
Taus
7d17454a3b Merge pull request #21138 from github/tausbn/python-prepare-for-overlay-annotations 
Prepare dataflow for local annotations
 2026-02-12 14:23:45 +01:00
REDMOND\brodes
a91cf6b7cb Applying copilot PR suggestions. 2026-02-10 11:37:11 -05:00
REDMOND\brodes
4f11913ee5 removing SSRFSink.qll 2026-02-06 11:23:58 -05:00
REDMOND\brodes
42f6e6a19c Fixing inefficiently passed variable in nested existential quantification. 2026-02-06 11:20:15 -05:00
REDMOND\brodes
97ddab0724 Added support for new URIValidator in AntiSSRF library. Updated test caes to use postprocessing results. Currently results for partial ssrf still need work, it is flagging cases where the URL is fully controlled, but is sanitized. I'm not sure if this should be flagged yet. 2026-02-06 11:20:11 -05:00
REDMOND\brodes
88adb05d4b Adjusting acryonym for SSRF for casing standards. 2026-02-06 11:20:08 -05:00
REDMOND\brodes
265922d2e5 Adding docs. 2026-02-06 11:20:01 -05:00
REDMOND\brodes
8459eec239 Moving the SsrfSink concept into Concepts.qll, and renaming to HttpClientRequestFromModel as suggested in PR review. 2026-02-06 09:26:49 -05:00
REDMOND\brodes
0a88425170 Python: Altering SSRF MaD to use 'request-forgery' tag. Update to test cases expected results, off by one line. Changed to using ModelOutput::sinkNode. 2026-02-04 09:04:22 -05:00
Taus
62fb38d834 Python: Rename otherArgs to implicitArgumentNode 
Co-authored-by: yoff <yoff@github.com>
 2026-02-03 15:32:46 +00:00
Ben Rodes
7ddfa80399 Merge branch 'main' into azure_python_sdk_url_summary_upstream 2026-02-02 09:00:35 -05:00
Owen Mansel-Chan
5204255615 Merge pull request #21234 from owen-mc/python/convert-sanitizers-to-mad 
Python: Allow models-as-data sanitizers
 2026-01-30 14:28:39 +00:00
Owen Mansel-Chan
0222159df5 Specify vulnerable args instead of safe ones 2026-01-30 14:10:03 +00:00
Taus
3f718123a6 Python: Make capturing closure arguments synthetic and non-global 
Uses the same trick as for `ExtractedArgumentNode`, wherein we postpone
the global restriction on the charpred to instead be in the `argumentOf`
predicate (which is global anyway).

In addition to this, we also converted `CapturedVariablesArgumentNode`
into a proper synthetic node, and added an explicit post-update node for
it. These nodes just act as wrappers for the function part of call
nodes. Thus, to make them work with the variable capture machinery, we
simply map them to the closure node for the corresponding control-flow
or post-update node.
 2026-01-30 12:50:25 +00:00
Taus
7fccc23dbe Python: Make ExtractedArgumentNode local 
Explicitly adds a bunch of nodes that were previously (using a global
analysis) identified as `ExtractedArgumentNode`s. These are then
subsequently filtered out in `argumentOf` (which is global) by putting
the call to `getCallArg` there instead of in the charpred.
 2026-01-30 12:50:25 +00:00
Taus
30ce4069c7 Python: Remove global restriction on ModuleVariableNode 
This may result in more nodes, but it should still be bounded by the
number of global variables in the source code.
 2026-01-30 12:50:24 +00:00
Taus
4543c66d26 Python: Prepare LocalSourceNode for locality 
Removes the dependence on the (global) `ModuleVariableNode.getARead()`,
by adding a local version (that doesn't include `import *` reads)
instead.
 2026-01-30 12:50:24 +00:00
Owen Mansel-Chan
a3885cd8b2 Replace sanitizer by exclusion from sink definition 2026-01-30 09:28:02 +00:00
Owen Mansel-Chan
b4cb2c3f13 Make qldoc slightly more specific 2026-01-30 09:28:01 +00:00
Owen Mansel-Chan
ef6332c581 Allow MaD sanitizers for queries with MaD sinks 2026-01-30 09:27:59 +00:00
yoff
e7a0fc7140 python: Add query for prompt injection 
This pull request introduces a new CodeQL query for detecting prompt injection vulnerabilities in Python code targeting AI prompting APIs such as agents and openai. The changes includes a new experimental query, new taint flow and type models, a customizable dataflow configuration, documentation, and comprehensive test coverage.
 2026-01-29 23:47:52 +01:00
Taus
34800d1519 Merge pull request #20945 from joefarebrother/python-websockets 
Python: Model remote flow sources for the `websockets` library
 2026-01-29 15:47:46 +01:00
Tom Hvitved
b974a84bef Merge pull request #21051 from hvitved/shared/flow-summary-provenance-filtering 
Shared: Provenance-based filtering of flow summaries
 2026-01-26 17:24:34 +01:00
Tom Hvitved
0adece7cde Python: Adapt to changes in FlowSummaryImpl 2026-01-26 12:40:19 +01:00
yoff
55abc52c61 python: format file 2026-01-22 20:51:46 +01:00
yoff
d05901ad3f python/javascript/ruby: mark internal predicates 2026-01-22 17:30:24 +01:00
yoff
7f00a7f67e Update python/ql/lib/semmle/python/security/dataflow/UrlRedirectCustomizations.qll 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2026-01-22 17:30:24 +01:00
yoff
3dbfb9fa4b python: add machinery for MaD barriers 
and reinstate previously removed barrier
now as a MaD row
 2026-01-22 17:30:24 +01:00
yoff
699ed50432 python: remove barrier that can be expressed in MaD 2026-01-22 17:30:24 +01:00
Taus
5414bd2716 Merge pull request #21134 from yoff/python/support-ListElement-in-MaD 
Python support `ListElement` in MaD
 2026-01-20 23:38:02 +01:00
yoff
1ac3706e75 Python support ListElement in MaD 2026-01-09 13:08:06 +01:00
Asger F
869efb8a48 JS: Sync ApiGraphModels.qll 2026-01-07 11:05:41 +01:00
Taus
6b03130755 Python: Fix bad join in import_points_to 2025-12-18 12:03:40 +00:00
Taus
414e689291 Python: Add AST node wrappers 2025-12-16 23:57:58 +01:00
Taus
652c335d30 Python: Regenerate AST and dbscheme files 2025-12-16 23:57:58 +01:00
yoff
5c6d83ed65 Merge pull request #20877 from joefarebrother/python-tornado-websocket 
Python: Add models for websocket handlers for Tornado
 2025-12-09 10:08:59 +01:00
Taus
1b519384d7 Merge pull request #20739 from github/tausbn/python-remove-top-level-points-to-imports 
Python: Hide points-to imports in `python.qll`
 2025-12-05 14:24:41 +01:00