copilot-swe-agent[bot] 50848834a8 Address reviewer feedback: fix sink modeling for shutil and subprocess ...

- Remove ShutilUnpackArchiveSource (should not be a source)
- Change ShutilUnpackArchiveSink to target getArg(0) (the filename arg, not the whole call); removes the now-redundant literal check
- Remove SubprocessTarExtractionSource (should not be a source)
- Change SubprocessTarExtractionSink to target the specific non-literal element in the command list (the filename), not the call itself
- Remove private isSubprocessTarExtraction predicate (inlined into the sink)
- Revert TarSlip.expected to its pre-PR state (the new sinks require proper source taint flow to fire)

Agent-Logs-Url: https://github.com/github/codeql/sessions/833673da-f868-4c3b-8bff-62364ee0ed19

Co-authored-by: hvitved <3667920+hvitved@users.noreply.github.com>

2026-04-16 10:11:37 +00:00

..

.vscode

Python: add debug based on location snippet

2022-10-20 21:20:24 +02:00

config/suites/lgtm

Python: move AlertSuppression.ql

2022-12-19 12:39:01 +01:00

downgrades

Python: Add QL support for lazy imports

2026-04-10 14:25:08 +00:00

extractor

Python: Add QL support for lazy imports

2026-04-10 14:25:08 +00:00

old-change-notes

python: modern change note

2022-01-31 11:27:55 +01:00

PoCs

spelling: retrieval

2022-10-13 11:21:09 -04:00

ql

Address reviewer feedback: fix sink modeling for shutil and subprocess

2026-04-16 10:11:37 +00:00

scripts

Python: Add create-extractor-pack.sh for Python

2026-04-09 13:06:45 +00:00

tools

All languages: account for paths and paths-ignore in XML and other ancillary extraction

2026-01-06 12:48:01 +00:00

BUILD.bazel

Autoformat

2025-02-20 19:31:00 +00:00

codeql-extractor.yml

Turn on overlay support in codeql-extractor.yml

2025-10-06 11:36:54 +02:00