The shared CFG library overrides ControlFlowNode.toString() as 'final'
(shared/controlflow/codeql/controlflow/Cfg.qll:1217), so the legacy
'ControlFlowNode for X' prefix is gone — the new toString returns just
'X' for normal nodes and 'After X' for after-nodes. This produces a
large cosmetic diff in test expected files with no semantic change.
Mass-rebless 78 .expected files whose actual output differs from the
checked-in expected only by this rename. Each file was verified to be
identical after normalising 'ControlFlowNode for ' and 'After ' away
from both sides.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This pull request introduces a new CodeQL query for detecting prompt injection vulnerabilities in Python code targeting AI prompting APIs such as agents and openai. The changes includes a new experimental query, new taint flow and type models, a customizable dataflow configuration, documentation, and comprehensive test coverage.
This PR adds a query to detect a Cross Origin Resource Sharing(CORS) policy bypass due to an incorrect check.
This PR attempts to detect the vulnerability pattern found in CVE-2022-3457
```python
if request.method in ['POST', 'PUT', 'PATCH', 'DELETE']:
origin = request.headers.get('Origin', None)
if origin and not origin.startswith(request.base):
raise cherrypy.HTTPError(403, 'Unexpected Origin header')
```
In this case, a value obtained from a header is compared using `startswith` call. This comparision is easily bypassed resulting in a CORS bypass. Given that similar bugs have been found in other languages as well, I think this PR would be a great addition to the exisitng python query pack.
The databases for CVE-2022-3457 can be downloaded from
```
https://filetransfer.io/data-package/i4Mfepls#linkhttps://file.io/V67T4SSgmExF
```
Js2Py is a Javascript to Python translation library written in Python. It allows users to invoke JavaScript code directly from Python.
The Js2Py interpreter by default exposes the entire standard library to it's users. This can lead to security issues if a malicious input were directly.
This PR includes a CodeQL query along with a qhelp and testcases to detect cases where an untrusted input flows to an Js2Py eval call.
This query successfully detects CVE-2023-0297 in `pyload/pyload`along with it's fix.
The databases can be downloaded from the links bellow.
```
https://file.io/qrMEjSJJoTq1https://filetransfer.io/data-package/a02eab7V#link
```
