hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-24 02:43:40 +01:00
Code Issues Packages Projects Releases Wiki Activity
85,783 Commits 1,693 Branches 161 Tags
ceb3b21e0f2e27f7cf2926fa235c286eea34c1e9
Commit Graph

2481 Commits

Author SHA1 Message Date
Ben Rodes
ceb3b21e0f Update python/ql/lib/semmle/python/security/dataflow/ServerSideRequestForgeryCustomizations.qll 
Co-authored-by: Taus <tausbn@github.com>
 2026-02-17 10:28:43 -05:00
REDMOND\brodes
a91cf6b7cb Applying copilot PR suggestions. 2026-02-10 11:37:11 -05:00
REDMOND\brodes
4f11913ee5 removing SSRFSink.qll 2026-02-06 11:23:58 -05:00
REDMOND\brodes
42f6e6a19c Fixing inefficiently passed variable in nested existential quantification. 2026-02-06 11:20:15 -05:00
REDMOND\brodes
97ddab0724 Added support for new URIValidator in AntiSSRF library. Updated test caes to use postprocessing results. Currently results for partial ssrf still need work, it is flagging cases where the URL is fully controlled, but is sanitized. I'm not sure if this should be flagged yet. 2026-02-06 11:20:11 -05:00
REDMOND\brodes
88adb05d4b Adjusting acryonym for SSRF for casing standards. 2026-02-06 11:20:08 -05:00
REDMOND\brodes
265922d2e5 Adding docs. 2026-02-06 11:20:01 -05:00
REDMOND\brodes
8459eec239 Moving the SsrfSink concept into Concepts.qll, and renaming to HttpClientRequestFromModel as suggested in PR review. 2026-02-06 09:26:49 -05:00
REDMOND\brodes
0a88425170 Python: Altering SSRF MaD to use 'request-forgery' tag. Update to test cases expected results, off by one line. Changed to using ModelOutput::sinkNode. 2026-02-04 09:04:22 -05:00
Ben Rodes
7ddfa80399 Merge branch 'main' into azure_python_sdk_url_summary_upstream 2026-02-02 09:00:35 -05:00
Owen Mansel-Chan
5204255615 Merge pull request #21234 from owen-mc/python/convert-sanitizers-to-mad 
Python: Allow models-as-data sanitizers
 2026-01-30 14:28:39 +00:00
Owen Mansel-Chan
0222159df5 Specify vulnerable args instead of safe ones 2026-01-30 14:10:03 +00:00
Owen Mansel-Chan
a3885cd8b2 Replace sanitizer by exclusion from sink definition 2026-01-30 09:28:02 +00:00
Owen Mansel-Chan
b4cb2c3f13 Make qldoc slightly more specific 2026-01-30 09:28:01 +00:00
Owen Mansel-Chan
ef6332c581 Allow MaD sanitizers for queries with MaD sinks 2026-01-30 09:27:59 +00:00
yoff
e7a0fc7140 python: Add query for prompt injection 
This pull request introduces a new CodeQL query for detecting prompt injection vulnerabilities in Python code targeting AI prompting APIs such as agents and openai. The changes includes a new experimental query, new taint flow and type models, a customizable dataflow configuration, documentation, and comprehensive test coverage.
 2026-01-29 23:47:52 +01:00
Taus
34800d1519 Merge pull request #20945 from joefarebrother/python-websockets 
Python: Model remote flow sources for the `websockets` library
 2026-01-29 15:47:46 +01:00
Tom Hvitved
b974a84bef Merge pull request #21051 from hvitved/shared/flow-summary-provenance-filtering 
Shared: Provenance-based filtering of flow summaries
 2026-01-26 17:24:34 +01:00
Tom Hvitved
0adece7cde Python: Adapt to changes in FlowSummaryImpl 2026-01-26 12:40:19 +01:00
yoff
55abc52c61 python: format file 2026-01-22 20:51:46 +01:00
yoff
d05901ad3f python/javascript/ruby: mark internal predicates 2026-01-22 17:30:24 +01:00
yoff
7f00a7f67e Update python/ql/lib/semmle/python/security/dataflow/UrlRedirectCustomizations.qll 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2026-01-22 17:30:24 +01:00
yoff
3dbfb9fa4b python: add machinery for MaD barriers 
and reinstate previously removed barrier
now as a MaD row
 2026-01-22 17:30:24 +01:00
yoff
699ed50432 python: remove barrier that can be expressed in MaD 2026-01-22 17:30:24 +01:00
Taus
5414bd2716 Merge pull request #21134 from yoff/python/support-ListElement-in-MaD 
Python support `ListElement` in MaD
 2026-01-20 23:38:02 +01:00
yoff
1ac3706e75 Python support ListElement in MaD 2026-01-09 13:08:06 +01:00
Asger F
869efb8a48 JS: Sync ApiGraphModels.qll 2026-01-07 11:05:41 +01:00
Taus
6b03130755 Python: Fix bad join in import_points_to 2025-12-18 12:03:40 +00:00
Taus
414e689291 Python: Add AST node wrappers 2025-12-16 23:57:58 +01:00
Taus
652c335d30 Python: Regenerate AST and dbscheme files 2025-12-16 23:57:58 +01:00
yoff
5c6d83ed65 Merge pull request #20877 from joefarebrother/python-tornado-websocket 
Python: Add models for websocket handlers for Tornado
 2025-12-09 10:08:59 +01:00
Taus
1b519384d7 Merge pull request #20739 from github/tausbn/python-remove-top-level-points-to-imports 
Python: Hide points-to imports in `python.qll`
 2025-12-05 14:24:41 +01:00
Joe Farebrother
d70c596c86 Merge pull request #20914 from joefarebrother/python-socketio 
Python: Add models for socketio
 2025-12-04 23:14:58 +00:00
Anders Schack-Mulligen
607ad1f886 Merge pull request #20961 from aschackmull/dataflow/flowfrom 
Dataflow: Add flowFrom predicates to mirror flowTo.
 2025-12-04 10:09:29 +01:00
yoff
7fd4755e93 Merge pull request #20919 from yoff/python/header-splitting-experiments 
Python: detecting header splitting in synthetic app
 2025-12-03 15:48:54 +01:00
Anders Schack-Mulligen
78e1879c9e Use more flowTo. 2025-12-03 14:12:08 +01:00
Joe Farebrother
ac55cf9544 Update test and qldoc 2025-12-01 20:41:59 +00:00
Joe Farebrother
6fbae45d49 Update qldoc 2025-12-01 20:14:36 +00:00
Joe Farebrother
384e17a4ef Implement websockets models 2025-12-01 16:24:59 +00:00
Asger F
6257bed089 Sync OverlayXml.qll 2025-11-28 09:23:49 +01:00
Taus
bc8ed286ac Python: Make some more points-to imports private 
This makes things a bit cleaner.

After this, the only non-private (and non-`LegacyPointsTo`) imports of
`semmle.python.{types,objects,pointsto}.*` are in
`semmle.python.objects.ObjectInternal`, which is reasonable, as that is
the entry point for the entire internal object API.
 2025-11-27 16:47:53 +00:00
Taus
a7458df0a4 Python: Appease the QLDoc checker 2025-11-26 22:13:21 +00:00
Taus
c75329d7b7 Python: Move metrics-related API to LegacyPointsTo module 
Gets rid of the `getMetrics` methods on the `Function`, `Class`, and
`Module` classes. To access the metrics, one must first import the
`LegacyPointsTo` module, and then either change the type to
`{Function,Class,Module}Metrics` or cast to the appropriate type.
 2025-11-26 17:06:55 +00:00
Taus
b9a5b3b628 Python: Remove points-to from SSA.ql 
Happily, this was not as deeply entwined as it looked at first glance.
 2025-11-26 17:06:55 +00:00
yoff
ebe29dd143 python: model urllib.ParseResult 2025-11-26 13:36:05 +01:00
yoff
a878bc61e1 python: add model for urllib.urlparse 2025-11-26 13:32:54 +01:00
Taus
5b47fcbfa4 Python: Remove dependence on Builtins from attribute module 
The `Builtins` module is deeply entwined with points-to, so it would be
nice to not have this dependence. Happily, the only thing we used
`Builtin` for was to get the names of known builtins, and for this we
already maintain such a set of names in
`dataflow.new.internal.Builtins`.
 2025-11-26 12:30:31 +00:00
Taus
9dc774aaa3 Python: Remove points-to dependency from parts of SSA 
For whatever reason, the CFG node for exceptions and exception groups
was placed with the points-to code. (Probably because a lot of the
predicates depended on points-to.)

However, as it turned out, two of the SSA modules only depended on
non-points-to properties of these nodes, and so it was fairly
straightforward to remove the imports of `LegacyPointsTo` for those
modules.

In the process, I moved the aforementioned CFG node types into
`Flow.qll`, and changed the classes in the `Exceptions` module to the
`...WithPointsTo` form that we introduced elsewhere.
 2025-11-26 12:30:31 +00:00
Taus
e09840426c Python: Get rid of points-to from Definitions.qll 
Turns out the `ImportTime` module (despite living in
`semmle.python.types` does not actually depend on points-to, so some of
the `LegacyPointsTo` imports could be replaced or removed.
 2025-11-26 12:30:31 +00:00
Taus
7328f26311 Python: Fix reachability-related test failures 2025-11-26 12:30:31 +00:00