hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-14 19:29:28 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
0b7133c4ce28c1dd46eca96b9fcc0bdc93165469
codeql/javascript/ql/test
History
BazookaMusic 0b7133c4ce JS: Add prompt injection detection (CWE-1427) for OpenAI, Anthropic, and Google GenAI SDKs 
Add experimental CodeQL query detecting prompt injection vulnerabilities
in JavaScript/TypeScript applications using AI SDK libraries.

Modeled frameworks:
- openai (OpenAI, AzureOpenAI): responses, chat.completions, completions,
  images, embeddings, beta.assistants, beta.threads, audio APIs
- @openai/agents: Agent instructions, handoffDescription, run/Runner.run,
  asTool, tool()
- @anthropic-ai/sdk: messages.create, beta.messages.create,
  beta.agents.create/update
- @google/genai (GoogleGenAI): generateContent, generateContentStream,
  generateImages, editImage, chats, live.connect

Includes role-based filtering (system/developer/assistant/model roles)
and constant-comparison sanitizer guard.
2026-04-30 17:39:09 +02:00
..
ApiGraphs
JS: Localize charpred of API::EntryPoint
2026-01-07 11:05:41 +01:00
experimental
JS: Add prompt injection detection (CWE-1427) for OpenAI, Anthropic, and Google GenAI SDKs
2026-04-30 17:39:09 +02:00
library-tests
Model res.json and res.jsonp as Vercel response sinks
2026-04-28 16:14:53 +00:00
query-tests
Regenerate DatabaseAccesses.expected for new vercel.ts fixture
2026-04-28 15:57:06 +00:00
tutorials
Use more flowTo.
2025-12-03 14:12:08 +01:00
.project
QL code and tests for C#/C++/JavaScript.
2018-08-02 17:53:23 +01:00
.qlpath
QL code and tests for C#/C++/JavaScript.
2018-08-02 17:53:23 +01:00
format.json
Allow mixed whitespace in JavaScript test sources
2018-11-08 11:06:42 -08:00
qlpack.lock.yml
Packaging: Rafactor Javascript core libraries
2021-08-25 12:15:56 -07:00
qlpack.yml
JS: Add InlineExpectationsTest
2024-01-30 13:20:57 +01:00