Skip to content

feat(taskflows): adopt codeql_ql_mcp toolbox and add ql-mcp guidance to JS/TS audit & triage flows #78

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
data-douser wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

feat(taskflows): adopt codeql_ql_mcp toolbox and add ql-mcp guidance to JS/TS audit & triage flows #78

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
ce13b5a
feat(taskflows): consolidate CodeQL access on ql-mcp
data-douser Apr 17, 2026
79fdd54
Revert changes for model_config_github_models
data-douser Apr 21, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion src/seclab_taskflows/personalities/web_application_security_expert.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,5 +19,5 @@ task: |
toolboxes:
- seclab_taskflow_agent.toolboxes.memcache
- seclab_taskflows.toolboxes.gh_file_viewer
- seclab_taskflow_agent.toolboxes.codeql
- seclab_taskflow_agent.toolboxes.codeql_ql_mcp
- seclab_taskflows.toolboxes.ghsa
9 changes: 9 additions & 0 deletions ...seclab_taskflows/taskflows/alert_triage_examples/triage_common/reachability_analysis.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,14 @@ taskflow:
Create a call graph to understand how the code flows from the entry point to the vulnerable code. Let's think step by step and go through the call graph.
Always try to find out whether the code is in use and reachable from the outside (e.g. via HTTP request).

Use the CodeQL Development MCP server to compute the call graph authoritatively rather than guessing from
text search. Use `list_codeql_databases` to find the database for {{ result.repo }}, then use `codeql_query_run`
with the bundled tools query `CallGraphTo.ql` to find callers of the function containing the alert location,
and `CallGraphFrom.ql` to find callees. Pass the alert file and line as the location. Iterate outward from the
alert location until you either reach a remote/HTTP entry point or exhaust the callers. If you need to inspect
the structure of a single function, use `PrintAST.ql` or `PrintCFG.ql`. Fall back to `gh_file_viewer` only when
the database is unavailable.

You should trace the calls where the data is passed through and in each call, check whether relevant sanitization is
applied to the data.

Expand Down Expand Up @@ -59,6 +67,7 @@ taskflow:
You must then update the alert results with your notes.
You should finish the task without changing the alert validity.
toolboxes:
- seclab_taskflow_agent.toolboxes.codeql_ql_mcp
- seclab_taskflows.toolboxes.gh_file_viewer
- seclab_taskflows.toolboxes.report_alert_state

Expand Down
13 changes: 12 additions & 1 deletion ...kflows/taskflows/alert_triage_examples/triage_taskflows/triage_js_ts_client_side_xss.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,12 @@ seclab-taskflow-agent:
version: "1.0"
model_config: seclab_taskflows.configs.model_config

# Required: pass the target repository on the command line, e.g.
# --global repo=has-ghas/juice-shop
# An empty default fetches alerts for no repository.
globals:
rule: js/xss
repo:
taskflow:
- task:
must_complete: true
Expand All @@ -18,7 +22,7 @@ taskflow:
name: create repo list
description: create repo list to fetch alerts from.
run: |
echo '[ {"repo": ""}]'
echo '[ {"repo": "{{ globals.repo }}"}]'
Comment on lines 12 to +25
Copy link

Copilot AI Apr 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

globals.repo is declared without a value, which makes it YAML null. When interpolated into the JSON repo list ("{{ globals.repo }}"), many templaters render null as the string "None"/"null" rather than an empty string, which would break fetch_code_scanning_alerts and contradict the comment claiming an empty default. Set repo to an explicit empty string default (or apply a template default filter) so the generated repo list is valid when --global repo=... isn’t provided.

Copilot uses AI. Check for mistakes.
- task:
headless: true
uses: seclab_taskflows.taskflows.alert_triage_examples.triage_common.fetch_code_scanning_alerts
Expand Down Expand Up @@ -50,6 +54,12 @@ taskflow:
In this task, restrict your analysis to the function that contains the alert location only. Do not trace the calls of the function. Just
perform a local analysis.

Use the CodeQL Development MCP server to get an authoritative view of that function: call `list_codeql_databases`
to find the database for {{ result.repo }}, then run the bundled `PrintAST.ql` tools query at the alert location
to get the exact AST of the enclosing function. This is more reliable than reading the file textually for
identifying real branches, sanitizer calls, and the syntactic context (HTML attribute, JS string, etc.) of the
sink. Fall back to `gh_file_viewer` only if the database is unavailable.

Exploitable means that a remote attacker would be able to inject a malicious script into the web application that would be executed in the context of a user visiting the page.
This could include a `javascript:` URL, a `<script>` tag, or any other way to inject JavaScript code into the page.
It also means that the XSS vulnerability is not mitigated by any other code in the repository, such as sanitization or validation of the input.
Expand Down Expand Up @@ -83,6 +93,7 @@ taskflow:
When you are done, set the `valid` field of the alert result to `true` using alert_id {{ result.alert_id }} and repo {{ result.repo }}
if the alert is a potential vulnerability, otherwise set it to `false`.
toolboxes:
- seclab_taskflow_agent.toolboxes.codeql_ql_mcp
- seclab_taskflows.toolboxes.gh_file_viewer
- seclab_taskflows.toolboxes.report_alert_state
- task:
Expand Down
18 changes: 15 additions & 3 deletions ...skflows/taskflows/alert_triage_examples/triage_taskflows/triage_js_ts_path_injection.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,11 @@ seclab-taskflow-agent:
version: "1.0"
model_config: seclab_taskflows.configs.model_config

# Required: pass the target repository on the command line, e.g.
# --global repo=has-ghas/juice-shop
# An empty default fetches alerts for no repository.
globals:
repo:
taskflow:
- task:
must_complete: true
Expand All @@ -15,7 +20,7 @@ taskflow:
name: create repo list
description: create repo list to fetch alerts from.
run: |
echo '[ {"repo": ""}]'
echo '[ {"repo": "{{ globals.repo }}"}]'
Comment on lines 11 to +23
Copy link

Copilot AI Apr 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

globals.repo is currently YAML null (no value provided). Because it is embedded inside a JSON string in the repo list, this can render as "None"/"null" instead of "" and lead to API calls against an invalid repo name. Use an explicit empty-string default for repo (or a template default filter) to match the documented behavior.

Copilot uses AI. Check for mistakes.
- task:
headless: true
uses: seclab_taskflows.taskflows.alert_triage_examples.triage_common.fetch_code_scanning_alerts
Expand Down Expand Up @@ -48,6 +53,13 @@ taskflow:
Also check if the given path fragment is checked against a whitelist of allowed paths.
Path validation can also take place at the location where the URL is registered in the web framework, e.g. as a validator middleware in Express.js.
Always note where the URL path is registered in the web framework and the HTTP method required to call it. Write the lines that register the URL path in the notes.

When inspecting the function that contains the alert, prefer the CodeQL Development MCP server for authoritative
code structure: use `list_codeql_databases` to find the database for {{ result.repo }} and run the bundled
`PrintAST.ql` tools query at the alert location to get the exact AST of the surrounding function (more reliable
than `gh_file_viewer` for distinguishing real branches/sanitizers from text). Use `CallGraphTo.ql` if you need
to confirm the function is actually called from a route handler.

Take notes while assessing the alert.
Update the results field of the alert result with your notes using `update_alert_result` with
{{ result.alert_id }} as alert_id and {{ result.repo }} as repo.
Expand All @@ -56,7 +68,7 @@ taskflow:
toolboxes:
- seclab_taskflows.toolboxes.gh_file_viewer
- seclab_taskflows.toolboxes.report_alert_state
- seclab_taskflow_agent.toolboxes.codeql
- seclab_taskflow_agent.toolboxes.codeql_ql_mcp
- task:
must_complete: true
repeat_prompt: true
Expand All @@ -74,5 +86,5 @@ taskflow:
toolboxes:
- seclab_taskflows.toolboxes.gh_file_viewer
- seclab_taskflows.toolboxes.report_alert_state
- seclab_taskflow_agent.toolboxes.codeql
- seclab_taskflow_agent.toolboxes.codeql_ql_mcp

20 changes: 15 additions & 5 deletions src/seclab_taskflows/taskflows/audit/js_ts_endpoint_access_checks.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,18 +22,21 @@ taskflow:
agents:
- seclab_taskflows.personalities.web_application_security_expert
inputs:
repo_nwo:
repo_nwo:
user_prompt: |
Fetch CodeQL database for the {{ inputs.repo_nwo }} repository for the
JavaScript language.
JavaScript language. Prefer the local CodeQL Development MCP server: call
`list_codeql_databases` to find a pre-built database for {{ inputs.repo_nwo }}
and use `register_database` if needed. Only fall back to the GitHub
Code Scanning APIs if no local database is available.

You are auditing code using the previously fetched
CodeQL database.

This database is built for a JavaScript web project.

## IMPORTANT: Vulnerability Pattern Details

Review the files specifying routes and endpoints for the security vulnerabilities
described as follows:

Expand All @@ -46,11 +49,18 @@ taskflow:
For each endpoint add how it's protected, or if it's unprotected. Make a note
of decorators or middleware that are used to protect the endpoint.

For each candidate route handler you identify, run the bundled `CallGraphTo.ql`
tools query against the handler to enumerate its callers (typically routing
registrations / middleware), and `PrintAST.ql` to inspect the structure of
any decorator or middleware chain. Use `read_database_source` to read the
exact source backing the CodeQL database rather than re-fetching files from
GitHub.

## IMPORTANT: General Guidance that ALWAYS applies

1. Do NOT ask the user for permission to perform next steps, continue your
analysis autonomously until it is complete.

2. Reflect on your analysis for accuracy before returning it to the user.
We are only interested in results that you can clearly explain and
motivate as potentially vulnerable based on code examples.
Expand All @@ -66,7 +76,7 @@ taskflow:
5. Make small and concise single line notes while you work. Update the
existing value for `notes` in memory as you work.
toolboxes:
- seclab_taskflow_agent.toolboxes.codeql
- seclab_taskflow_agent.toolboxes.codeql_ql_mcp
- seclab_taskflow_agent.toolboxes.memcache
- seclab_taskflows.toolboxes.gh_code_scanning
- task:
Expand Down
Loading