update-codeql-query-dataflow-python

What problem does it solve?

Migrate Python CodeQL queries from the legacy v1 dataflow API to the modern v2 shared dataflow API, ensuring compatibility by using DataFlow::ConfigSig modules and validating results with TDD.

Core Features & Use Cases

• Phase-based migration guidance to convert Python dataflow code from v1 to v2 using DataFlow::ConfigSig.
• Mechanisms for transforming Configuration-based predicates (DataFlow::Configuration, TaintTracking::Configuration) into modular DataFlow::ConfigSig implementations.
• Python-specific dataflow handling guidance, including CFG/AST node representations and API graph considerations, with test-driven validation to preserve query results.
• Renaming predicates and flow queries: isSanitizer -> isBarrier, isAdditionalTaintStep -> isAdditionalFlowStep, and replacing cfg.hasFlow(...) with module flow predicates.
• Clear migration workflow alignment, including test baselines, phase guidance, and equivalence verification.

Quick Start

Start by establishing a baseline with codeql_test_run to capture current results, then follow the mechanical migration steps to convert v1 dataflow patterns to v2 while validating results.