yoff
e7a0fc7140
python: Add query for prompt injection
...
This pull request introduces a new CodeQL query for detecting prompt injection vulnerabilities in Python code targeting AI prompting APIs such as agents and openai. The changes includes a new experimental query, new taint flow and type models, a customizable dataflow configuration, documentation, and comprehensive test coverage.
2026-01-29 23:47:52 +01:00
Tom Hvitved
df09f02981
Shared: Shadow hasManualModel in RelevantSummarizedCallable
2026-01-26 12:40:25 +01:00
Tom Hvitved
4ce04e4749
Shared: Provenance-based filtering of flow summaries
2026-01-26 12:39:37 +01:00
Simon Friis Vindum
a7fecaaa1b
Shared: Use HasTypeTreeSig for TypeMention
2026-01-26 09:29:51 +01:00
Simon Friis Vindum
ffaf1c0a24
Rust: Change getATypeParameterConstraint to not require a TypeMention
2026-01-22 14:54:24 +01:00
Tom Hvitved
8ce2618b7d
Merge pull request #21151 from hvitved/rust/disable-universal-conds-by-default
...
Type inference: Disable universal conditions by default
2026-01-22 11:19:50 +01:00
Tom Hvitved
65ca8849f2
Type inference: Disable universal conditions
2026-01-22 09:56:52 +01:00
Ian Lynagh
df8029ff87
tree-sitter: Use more standard shared dbscheme sections
...
We now use the shared "Overlay support" and "Database metadata".
2026-01-20 11:56:15 +00:00
Ian Lynagh
c6500e2759
tree-sitter: Add dbscheme regeneration instructions
2026-01-20 11:56:14 +00:00
github-actions[bot]
48475e66af
Post-release preparation for codeql-cli-2.24.0
2026-01-19 15:49:08 +00:00
github-actions[bot]
4142b9c4ce
Release preparation for version 2.24.0
2026-01-19 14:49:14 +00:00
Mathias Vorreiter Pedersen
dc7ce3fba3
Merge pull request #21171 from MathiasVP/fix-conflation-in-guards
...
C++: Fix conflation in barrier guards
2026-01-19 11:29:05 +00:00
Mathias Vorreiter Pedersen
28681508f3
C++: Fix bug and accept test changes.
2026-01-15 11:17:15 +00:00
Simon Friis Vindum
8bfce6b284
Shared, rust: Add option to disable reads steps as taint steps in model generator
2026-01-13 15:58:23 +01:00
Ian Lynagh
dcd0a69759
Merge remote-tracking branch 'upstream/main' into igfoo/mb
2026-01-13 01:01:35 +00:00
Anders Schack-Mulligen
c28062aff5
Merge pull request #21127 from aschackmull/ssa/phi-input-perf
...
SSA: Improve performance of finding relevant phi input nodes.
2026-01-12 13:29:58 +01:00
Anders Schack-Mulligen
aae8ec2240
SSA: Use fastTC for even better performance.
2026-01-12 09:39:15 +01:00
Tom Hvitved
6028cd6636
Address review comments
2026-01-09 11:14:23 +01:00
Anders Schack-Mulligen
af5adbac30
SSA: Improve performance of finding relevant phi input nodes.
2026-01-08 15:02:34 +01:00
Tom Hvitved
dce21e595e
Rust: Model implicit Deref trait calls in data flow
2026-01-07 10:51:56 +01:00
Tom Hvitved
4540662ab9
Rust: Model Deref trait in type inference
2026-01-07 10:51:53 +01:00
github-actions[bot]
2cb932cf5d
Post-release preparation for codeql-cli-2.23.9
2026-01-06 15:42:16 +00:00
github-actions[bot]
c00663766e
Release preparation for version 2.23.9
2026-01-05 11:57:06 +00:00
Tom Hvitved
b6cda4a29b
Update shared/util/codeql/util/UnboundList.qll
...
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com >
2025-12-17 13:44:47 +01:00
Tom Hvitved
08339fe0df
Shared: Add library for unbound lists
2025-12-17 13:13:39 +01:00
Tom Hvitved
d709343d38
Merge pull request #21011 from aschackmull/mad/shared-externalflow
...
Java/C++/Go/C#: Share parts of ExternalFlow.qll
2025-12-15 20:27:04 +01:00
Óscar San José
2824c98efb
Merge pull request #21025 from github/oscarsj/mergeback-rc-3-20-into-main
...
Mergeback rc/3.20 into main
2025-12-15 11:59:58 +01:00
Anders Schack-Mulligen
64a48e4e7b
MaD: Use "namespace" instead "package" in shared code.
2025-12-12 13:57:02 +01:00
Anders Schack-Mulligen
7f8d0771df
MaD: Rename file.
2025-12-12 13:50:58 +01:00
Óscar San José
d972af9ef8
Merge branch 'main' of https://github.com/github/codeql into oscarsj/mergeback-rc-3-20-into-main
2025-12-12 13:22:08 +01:00
Anders Schack-Mulligen
8564b4ea66
Go: Use shared modelCoverage.
2025-12-12 11:24:39 +01:00
Tom Hvitved
c4a8e9df21
Shared: Prefer source/sink models with manual provenance over generated
2025-12-12 11:16:13 +01:00
Anders Schack-Mulligen
5bddc8d289
Go: Move Go package-grouping support into shared lib.
2025-12-12 09:17:51 +01:00
Anders Schack-Mulligen
e262438557
C++: Use shared model coverage code.
2025-12-12 08:20:20 +01:00
Anders Schack-Mulligen
07252519c8
Java/C++: Thread additional models through the shared lib.
2025-12-12 08:20:20 +01:00
Anders Schack-Mulligen
3b334ea215
Java/C#: Share model coverage code.
2025-12-12 08:20:19 +01:00
Anders Schack-Mulligen
cb578e32ab
Java: Move interpretModelForTest into shared code.
2025-12-12 08:20:17 +01:00
Anders Schack-Mulligen
8da65ec6d0
Java: Add support for boolean MaD barrier guards.
2025-12-11 16:24:25 +01:00
Anders Schack-Mulligen
d24b0ff596
Java: Basic support for pass-through barrier models.
2025-12-11 16:24:25 +01:00
Tom Hvitved
d5a95a8099
Rust: Strengthen isNotInstantiationOf uses
2025-12-10 20:48:21 +01:00
Anders Schack-Mulligen
09058e48aa
Guards: Rename -WithState to Parameterized-.
2025-12-10 12:23:51 +01:00
Anders Schack-Mulligen
ebb989962c
Guards: Generalise ValidationWrapper to support GuardValue-based BarrierGuards.
2025-12-10 12:23:51 +01:00
github-actions[bot]
2854330759
Post-release preparation for codeql-cli-2.23.8
2025-12-08 15:49:10 +00:00
github-actions[bot]
66c51e979e
Release preparation for version 2.23.8
2025-12-08 14:38:23 +00:00
Óscar San José
bc6133de5c
Merge branch 'main' of https://github.com/github/codeql into oscarsj/merge-back-rc-3.20
2025-12-05 19:31:47 +01:00
Anders Schack-Mulligen
607ad1f886
Merge pull request #20961 from aschackmull/dataflow/flowfrom
...
Dataflow: Add flowFrom predicates to mirror flowTo.
2025-12-04 10:09:29 +01:00
Tom Hvitved
ca9d327280
Merge pull request #20915 from hvitved/content-flow-ap-limit
...
Shared: Improvements to content-sensitive model generation
2025-12-03 15:54:57 +01:00
Tom Hvitved
3ba256a72a
C#/Java: Go back to access path limit 2
2025-12-03 15:05:02 +01:00
Anders Schack-Mulligen
4191b18410
Dataflow: Add flowFrom predicates to mirror flowTo.
2025-12-03 13:46:44 +01:00
github-actions[bot]
085faa2bdb
Post-release preparation for codeql-cli-2.23.7
2025-12-02 16:39:43 +00:00
