hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-21 14:47:10 +02:00
Code Issues Packages Projects Releases Wiki Activity
87,237 Commits 1,758 Branches 167 Tags
fe7eabd56fba168d7edef3a375b33eaef397f692
Commit Graph

71 Commits

Author SHA1 Message Date
BazookaMusic
fe7eabd56f Add run from agents into the user prompt and fix an issue with classifying it as a system prompt injection 2026-05-15 12:39:54 +02:00
BazookaMusic
535adc7a31 add barrier when data flows into user messages for system prompt detection, remove embeddings from user prompt injection query 2026-05-15 12:14:14 +02:00
BazookaMusic
9c136264de remove guardrails sanitizer for now 2026-05-13 13:37:44 +02:00
BazookaMusic
74a3ba1f0d changes for spliting into system and user 2026-05-04 11:57:43 +02:00
BazookaMusic
0b7133c4ce JS: Add prompt injection detection (CWE-1427) for OpenAI, Anthropic, and Google GenAI SDKs 
Add experimental CodeQL query detecting prompt injection vulnerabilities
in JavaScript/TypeScript applications using AI SDK libraries.

Modeled frameworks:
- openai (OpenAI, AzureOpenAI): responses, chat.completions, completions,
  images, embeddings, beta.assistants, beta.threads, audio APIs
- @openai/agents: Agent instructions, handoffDescription, run/Runner.run,
  asTool, tool()
- @anthropic-ai/sdk: messages.create, beta.messages.create,
  beta.agents.create/update
- @google/genai (GoogleGenAI): generateContent, generateContentStream,
  generateImages, editImage, chats, live.connect

Includes role-based filtering (system/developer/assistant/model roles)
and constant-comparison sanitizer guard.
 2026-04-30 17:39:09 +02:00
Napalys Klicius
c4c8dbcf7d Merge remote-tracking branch 'origin/main' into js/move-cors-query-from-experimental 2025-09-04 15:24:44 +02:00
Asger F
cc8fe10801 JS: Update locations in expected files 2025-08-29 12:03:11 +02:00
Napalys Klicius
358617f533 Move CORS misconfiguration query from experimental to Security 2025-07-30 10:22:59 +00:00
Asger F
3a00e8d1c5 JS: Remove js/actions/pull-request-target 
Superseded by actions/untrusted-checkout/{medium,high,critical}
 2025-06-23 14:37:21 +02:00
Asger F
871bc3b84a JS: Port experimental CorsPermissiveConfiguration to ConfigSig 
The tests show a new (source, sink) pair for an already-flagged sink.

Not sure why it was not flagged originally since the data flow path seems valid, given the steps provided by our models.
 2024-12-03 14:30:20 +01:00
Asger F
f5a6485ef2 JS: Port experimental decodeJwtWithoutVerificationLocalSource 2024-12-03 14:30:19 +01:00
Asger F
72e522631d JS: Port experimental jwtDecodeWithoutVerification to ConfigSig 2024-12-03 14:30:18 +01:00
Asger F
7e162f5451 JS: Port experimental EnvValueInjection to ConfigSig 2024-12-03 14:30:17 +01:00
Asger F
4f839070a0 JS: Port experimental EnvValueAndKeyInjection to ConfigSig 2024-12-03 14:30:16 +01:00
Asger F
8887ca1722 JS: Port an experimental CodeInjection variant to ConfigSig 2024-12-03 14:30:15 +01:00
Asger F
8818fcc207 JS: Benign test output changes 2024-11-26 15:47:13 +01:00
Asger F
d52bc971b8 Merge branch 'main' into js/shared-dataflow-merge-main 2024-11-20 14:05:03 +01:00
Napalys Klicius
1eabb6cbdd Update javascript/ql/test/experimental/Security/CWE-918/check-regex.js 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2024-11-11 15:40:22 +01:00
Napalys
514375dbf9 Fixes false positives from commit 42600c93ff 2024-11-07 13:00:54 +01:00
Napalys
42600c93ff Added tests which shows false positive SSRF via matchAll 2024-11-07 11:40:20 +01:00
Napalys
449cee91c8 Fixes false positives from commit 445552d3b53ec9592e8e3892cb337d1004b6a432 2024-11-07 10:33:13 +01:00
Napalys
4106663d89 Added tests for regex sanitization to identify false positives matchAll 2024-11-07 10:27:58 +01:00
Asger F
df64388d79 Merge branch 'main' into js/shared-dataflow-merge-main 2024-08-02 13:18:38 +02:00
Maiky
d0cf2a978c Merge branch 'main' into maikypedia/javascript-cors 2024-06-27 20:24:42 +02:00
Asger F
53efb5837b JS: Update some tests with provenance columns 
Only includes the changes that purely contain the new provenance columns
 2024-06-26 13:51:44 +02:00
Asger F
ecf418b8f6 Merge branch 'main' into js/shared-dataflow 2024-06-25 11:48:41 +02:00
Erik Krogh Kristensen
db768960f4 Merge pull request #15060 from am0o0/amammad-js-envinjection 
JS: Env Injection query
 2024-06-20 21:27:21 +02:00
Erik Krogh Kristensen
555d7e5958 Merge pull request #14293 from am0o0/amammad-js-CodeInjection_dynamic_import 
JS: Dynamic import as code injection sink
 2024-06-20 21:19:57 +02:00
am0o0
f0a467e80b update tests 2024-06-13 14:52:22 +02:00
am0o0
9db334d02f update select statement, update test cases 2024-06-07 21:26:20 +02:00
am0o0
2c9340331d update test cases expected results 2024-06-07 21:16:31 +02:00
am0o0
5e0a78c4c7 make predicate for env key and value nodes, use propertyRead/Write instead of API nodes to find env key and value assignments, fix a bug thanks to @erik-krogh 2024-06-07 21:15:30 +02:00
am0o0
1033bf9c4c remove unused imports from javascript test cases 2024-06-07 06:04:12 +02:00
am0o0
b9e3b3310e update the remote flow based query thanks to @erik-krogh, update tests and separate the local and remote query tests 2024-06-07 06:01:49 +02:00
am0o0
2b929c4d2d remove old expected test file 2024-05-25 20:45:34 +02:00
am0o0
1fc481ce81 v2: it is basically the first stable version :)) 2024-05-25 20:43:36 +02:00
am0o0
ea05b297a3 update expected test files 2024-05-25 19:40:37 +02:00
am0o0
14daf58767 update tests, add test cases for query with local sources 2024-05-25 18:17:56 +02:00
am0o0
8fde8c2db4 change test dir name 2024-05-25 13:54:31 +02:00
am0o0
0895f7d971 update qlref files 2024-05-21 22:48:17 +02:00
am0o0
c470c078dc move to experimental 2024-05-21 22:42:16 +02:00
amammad
102f09aa23 extend tests 2023-12-10 20:33:00 +01:00
amammad
18d0b28024 v1 2023-12-10 20:27:21 +01:00
Maiky
d661f7f482 Add Flow Labels 2023-11-22 19:50:16 +01:00
Maiky
acac534ed0 Forgot .js 2023-10-16 19:29:57 +02:00
Maiky
07ad596f77 Add coverage for express 2023-10-16 16:48:32 +02:00
Asger F
449ec72dbe JS: Port experimental queries 2023-10-13 13:15:03 +02:00
amammad
00b6e1f0b0 fix tests 2023-10-08 11:03:19 +02:00
Maiky
816eebbb51 Add .qhelp and apply some review changes 2023-10-02 18:05:39 +02:00
amammad
921198ed30 add separate query for sinks that accepts data: URL 2023-09-28 20:33:38 +10:00