hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-13 05:31:22 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
e7a0fc71408cf53686fb81c8f74ff7f6cd265a3f
codeql/python/ql/test/experimental/query-tests/Security
History
yoff e7a0fc7140 python: Add query for prompt injection 
This pull request introduces a new CodeQL query for detecting prompt injection vulnerabilities in Python code targeting AI prompting APIs such as agents and openai. The changes includes a new experimental query, new taint flow and type models, a customizable dataflow configuration, documentation, and comprehensive test coverage.
2026-01-29 23:47:52 +01:00
..
CWE-022-TarSlip
Python: use known sanitiser
2024-09-30 14:22:17 +02:00
CWE-022-UnsafeUnpacking
python: add machinery for MaD barriers
2026-01-22 17:30:24 +01:00
CWE-074-paramiko
fix conflict
2024-06-18 17:18:59 +02:00
CWE-074-RemoteCommandExecution
Python: Update all test util paths to point to the new location.
2024-12-12 13:54:30 +01:00
CWE-079
Python: Accept qltest .expected file changes.
2024-05-22 15:43:49 +02:00
CWE-091-XsltInjection
Python: Accept qltest .expected file changes.
2024-05-22 15:43:49 +02:00
CWE-094
Python: Fix .expected
2024-07-11 14:42:26 +02:00
CWE-176
Python: Accept qltest .expected file changes.
2024-05-22 15:43:49 +02:00
CWE-208
[DIFF-INFORMED] Python: (Possible)TimingAttackAgainstHash
2025-07-17 14:40:31 +02:00
CWE-287
fix some more style-guide violations in the alert-messages
2022-10-07 11:23:34 +02:00
CWE-287-ConstantSecretKey
Python: Update all .expected files
2024-04-22 12:00:09 +00:00
CWE-327-UnsafeUsageOfClientSideEncryptionVersion
Python: Accept qltest .expected file changes.
2024-05-22 15:43:49 +02:00
CWE-338
add tests
2021-12-04 00:52:15 +08:00
CWE-346
WIP: Python: CORS Bypass
2024-09-03 03:11:35 +05:30
CWE-347
Update .expected
2022-02-23 00:55:39 +01:00
CWE-348
Python: Add empty provenance column to expected files.
2024-02-09 11:32:08 +01:00
CWE-409
python: add machinery for MaD barriers
2026-01-22 17:30:24 +01:00
CWE-522
Python: Update expected output (uninteresting).
2024-04-12 09:20:30 +02:00
CWE-522-global-option
Python: More style-guide renaming
2023-08-28 15:31:08 +02:00
CWE-611-SimpleXmlRpcServer
fix some more style-guide violations in the alert-messages
2022-10-07 11:23:34 +02:00
CWE-770
Python: Update expected output (uninteresting).
2024-04-12 09:20:30 +02:00
CWE-1236
Python: Update expected output (uninteresting).
2024-04-12 09:20:30 +02:00
CWE-1427-PromptInjection
python: Add query for prompt injection
2026-01-29 23:47:52 +01:00