hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-12 13:11:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
e7a0fc71408cf53686fb81c8f74ff7f6cd265a3f
codeql/python/ql/src/experimental/Security
History
yoff e7a0fc7140 python: Add query for prompt injection 
This pull request introduces a new CodeQL query for detecting prompt injection vulnerabilities in Python code targeting AI prompting APIs such as agents and openai. The changes includes a new experimental query, new taint flow and type models, a customizable dataflow configuration, documentation, and comprehensive test coverage.
2026-01-29 23:47:52 +01:00
..
CWE-022
Python: Move experimental ZipSlip to new dataflow API
2023-08-28 15:31:07 +02:00
CWE-022bis
Python: Fix some Ql4Ql violations.
2025-09-01 15:16:25 +02:00
CWE-074/remoteCommandExecution
Remove experimental version + qhelp fixes
2024-12-09 19:56:18 +00:00
CWE-079
Python: Rename to EmailXss
2023-08-28 15:31:08 +02:00
CWE-091
Python: mass enable diff-informed data flow
2025-02-06 10:27:19 +01:00
CWE-094
Remove trailing periods from @name metadata in query files
2025-11-26 14:29:51 +00:00
CWE-176
Python: mass enable diff-informed data flow
2025-02-06 10:27:19 +01:00
CWE-208
[DIFF-INFORMED] Python: (Possible)TimingAttackAgainstHash
2025-07-17 14:40:31 +02:00
CWE-287
Python: Change all remaining occurrences of StrConst
2024-04-22 12:00:09 +00:00
CWE-287-ConstantSecretKey
Python: mass enable diff-informed data flow
2025-02-06 10:27:19 +01:00
CWE-327/Azure
Remove trailing periods from @name metadata in query files
2025-11-26 14:29:51 +00:00
CWE-338
Python: Autoformat
2023-08-28 15:31:08 +02:00
CWE-340
Python: mass enable diff-informed data flow
2025-02-06 10:27:19 +01:00
CWE-346
Python/CorsBypass
2025-10-28 09:40:32 +01:00
CWE-347
Tag all security queries in supported languages' experimental directories with an experimental tag
2022-12-14 17:15:50 +01:00
CWE-348
Python: mass enable diff-informed data flow
2025-02-06 10:27:19 +01:00
CWE-409
Fix QLDoc issues
2024-02-14 23:31:22 +04:00
CWE-522
Python: More style-guide renaming
2023-08-28 15:31:08 +02:00
CWE-611
Update SimpleXmlRpcServer.ql to avoid av detection
2023-04-20 11:59:18 +01:00
CWE-770
Python: mass enable diff-informed data flow
2025-02-06 10:27:19 +01:00
CWE-942
Python: Update CORS query tags and change note
2024-10-08 15:44:29 +00:00
CWE-1236
Python: Move experimental CsvInjection to new dataflow API
2023-08-28 15:31:08 +02:00
CWE-1427
python: Add query for prompt injection
2026-01-29 23:47:52 +01:00
UnsafeUnpackQuery.qll
Python/UnsafeUnpackQuery
2025-10-28 09:40:27 +01:00