hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-23 18:33:42 +01:00
Code Issues Packages Projects Releases Wiki Activity
85,778 Commits 1,693 Branches 161 Tags
9f8ed710e28870ccd1044c53055bcce57ce062cf
Commit Graph

4091 Commits

Author SHA1 Message Date
Ben Rodes
9f8ed710e2 Update python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/test_path_validation.py 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-02-10 11:09:25 -05:00
REDMOND\brodes
f6c302b68c Removing commented out test cases. 2026-02-06 11:28:48 -05:00
REDMOND\brodes
97f19d03ad Updating test case expected alerts. 2026-02-06 11:20:13 -05:00
REDMOND\brodes
97ddab0724 Added support for new URIValidator in AntiSSRF library. Updated test caes to use postprocessing results. Currently results for partial ssrf still need work, it is flagging cases where the URL is fully controlled, but is sanitized. I'm not sure if this should be flagged yet. 2026-02-06 11:20:11 -05:00
Ben Rodes
08b72d0a86 Update python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/test_azure_client.py 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-02-06 11:18:51 -05:00
Ben Rodes
46a2a249f9 Update python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/test_azure_client.py 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-02-06 11:18:49 -05:00
REDMOND\brodes
9912aaaf1a Adding azure sdk test cases and updated test expected file. 2026-02-06 11:18:16 -05:00
REDMOND\brodes
0a88425170 Python: Altering SSRF MaD to use 'request-forgery' tag. Update to test cases expected results, off by one line. Changed to using ModelOutput::sinkNode. 2026-02-04 09:04:22 -05:00
Ben Rodes
cd73dcfb04 Merge branch 'main' into azure_python_sdk_url_summary_upstream 2026-02-04 08:55:38 -05:00
Owen Mansel-Chan
3f08ff88a4 Pretty print models in test 
Otherwise the tests breaks when unrelated changes are made because the
model numbers change
 2026-02-04 10:52:44 +00:00
Ben Rodes
7ddfa80399 Merge branch 'main' into azure_python_sdk_url_summary_upstream 2026-02-02 09:00:35 -05:00
Owen Mansel-Chan
5204255615 Merge pull request #21234 from owen-mc/python/convert-sanitizers-to-mad 
Python: Allow models-as-data sanitizers
 2026-01-30 14:28:39 +00:00
Owen Mansel-Chan
ad6f800022 Pretty print model numbers in tests 2026-01-30 09:21:24 +00:00
yoff
e7a0fc7140 python: Add query for prompt injection 
This pull request introduces a new CodeQL query for detecting prompt injection vulnerabilities in Python code targeting AI prompting APIs such as agents and openai. The changes includes a new experimental query, new taint flow and type models, a customizable dataflow configuration, documentation, and comprehensive test coverage.
 2026-01-29 23:47:52 +01:00
Taus
34800d1519 Merge pull request #20945 from joefarebrother/python-websockets 
Python: Model remote flow sources for the `websockets` library
 2026-01-29 15:47:46 +01:00
Tom Hvitved
b974a84bef Merge pull request #21051 from hvitved/shared/flow-summary-provenance-filtering 
Shared: Provenance-based filtering of flow summaries
 2026-01-26 17:24:34 +01:00
Tom Hvitved
0adece7cde Python: Adapt to changes in FlowSummaryImpl 2026-01-26 12:40:19 +01:00
yoff
3dbfb9fa4b python: add machinery for MaD barriers 
and reinstate previously removed barrier
now as a MaD row
 2026-01-22 17:30:24 +01:00
yoff
699ed50432 python: remove barrier that can be expressed in MaD 2026-01-22 17:30:24 +01:00
Taus
5414bd2716 Merge pull request #21134 from yoff/python/support-ListElement-in-MaD 
Python support `ListElement` in MaD
 2026-01-20 23:38:02 +01:00
yoff
1ac3706e75 Python support ListElement in MaD 2026-01-09 13:08:06 +01:00
Taus
d2c7147480 Python: Add new test 2025-12-10 13:52:13 +00:00
Taus
6af9fd816f Python: Make space for new test 2025-12-10 13:51:20 +00:00
yoff
5c6d83ed65 Merge pull request #20877 from joefarebrother/python-tornado-websocket 
Python: Add models for websocket handlers for Tornado
 2025-12-09 10:08:59 +01:00
Taus
1b519384d7 Merge pull request #20739 from github/tausbn/python-remove-top-level-points-to-imports 
Python: Hide points-to imports in `python.qll`
 2025-12-05 14:24:41 +01:00
Joe Farebrother
d70c596c86 Merge pull request #20914 from joefarebrother/python-socketio 
Python: Add models for socketio
 2025-12-04 23:14:58 +00:00
Joe Farebrother
ac55cf9544 Update test and qldoc 2025-12-01 20:41:59 +00:00
Joe Farebrother
7cf3964e44 Update expectations 2025-12-01 20:27:48 +00:00
Joe Farebrother
384e17a4ef Implement websockets models 2025-12-01 16:24:59 +00:00
Taus
24a29f46be Python: Fix all metrics-related compilation failures 
In hindsight, having a `.getMetrics()` method that just returns `this`
is somewhat weird. It's possible that it predates the existence of the
inline cast, however.
 2025-11-26 21:28:51 +00:00
Taus
cd1619b43e Python: Fix queries and tests 2025-11-26 17:06:55 +00:00
Joe Farebrother
16018e91a2 Minor test fix 2025-11-26 15:47:56 +00:00
yoff
24e55c0691 python: update MAD expectations 2025-11-26 14:00:22 +01:00
yoff
ebe29dd143 python: model urllib.ParseResult 2025-11-26 13:36:05 +01:00
yoff
d59f721341 python: add test for header injection 2025-11-26 13:32:54 +01:00
Taus
9dc774aaa3 Python: Remove points-to dependency from parts of SSA 
For whatever reason, the CFG node for exceptions and exception groups
was placed with the points-to code. (Probably because a lot of the
predicates depended on points-to.)

However, as it turned out, two of the SSA modules only depended on
non-points-to properties of these nodes, and so it was fairly
straightforward to remove the imports of `LegacyPointsTo` for those
modules.

In the process, I moved the aforementioned CFG node types into
`Flow.qll`, and changed the classes in the `Exceptions` module to the
`...WithPointsTo` form that we introduced elsewhere.
 2025-11-26 12:30:31 +00:00
Taus
e09840426c Python: Get rid of points-to from Definitions.qll 
Turns out the `ImportTime` module (despite living in
`semmle.python.types` does not actually depend on points-to, so some of
the `LegacyPointsTo` imports could be replaced or removed.
 2025-11-26 12:30:31 +00:00
Taus
7176898503 Python: Fix library tests 2025-11-26 12:30:31 +00:00
Taus
b3b87c968b Python: Fix extractor/experimental tests 2025-11-26 12:30:31 +00:00
Taus
665104e626 Python: Fix Python 3 tests 2025-11-26 12:30:31 +00:00
Taus
85029bd77d Python: Fix Python 2 tests 2025-11-26 12:30:30 +00:00
Taus
f0465f441f Python: Get rid of some get...Object methods 
This frees `Class.qll`, `Exprs.qll`, and `Function.qll` from the
clutches of points-to. For the somewhat complicated setup with
`getLiteralObject` (an abstract method), I opted for a slightly ugly but
workable solution of just defining a predicate on `ImmutableLiteral`
that inlines each predicate body, special-cased to the specific instance
to which it applies.
 2025-11-26 12:30:30 +00:00
Joe Farebrother
eb7fe71557 Fix namespace instances and update tests 2025-11-26 10:51:16 +00:00
Joe Farebrother
83eadbad60 Add namespace models 2025-11-25 16:56:36 +00:00
Joe Farebrother
b0be8184ac Add taint test 2025-11-24 16:54:21 +00:00
Joe Farebrother
dada49f402 Fix qldoc and tests 2025-11-24 13:57:43 +00:00
Joe Farebrother
a83c70f99d Add tests 2025-11-24 11:03:16 +00:00
Joe Farebrother
cdc44c3267 Model tornado websockets 2025-11-20 10:49:30 +00:00
Taus
820d8e76c4 Python: Remove points-to from Module 2025-10-30 13:59:30 +00:00
Taus
b93ce98612 Python: Remove points-to from Expr 2025-10-30 13:58:59 +00:00