Fix google genai models

This commit is contained in:
Sotiris Dragonas
2026-07-02 15:42:18 +02:00
parent 018ba92b1e
commit 27d2a2b16e
9 changed files with 615 additions and 47 deletions

View File

@@ -16,7 +16,7 @@ private import semmle.python.ApiGraphs
module GoogleGenAI {
/** Gets a reference to a `google.genai.Client` instance. */
private API::Node clientRef() {
result = API::moduleImport("google.genai").getMember("Client").getReturn()
result = API::moduleImport("google").getMember("genai").getMember("Client").getReturn()
}
/** Gets the content dictionaries passed to `models.generate_content`/`generate_content_stream`. */

View File

@@ -4,10 +4,12 @@ extensions:
extensible: sinkModel
data:
# `system_instruction` on the generation config is a system-level prompt
- ['google.genai', 'Member[types].Member[GenerateContentConfig].Argument[system_instruction:]', 'system-prompt-injection']
- ['google', 'Member[genai].Member[types].Member[GenerateContentConfig].Argument[system_instruction:]', 'system-prompt-injection']
# The Live API connect config carries a system instruction
- ['google', 'Member[genai].Member[types].Member[LiveConnectConfig].Argument[system_instruction:]', 'system-prompt-injection']
# Cached content carries a system instruction and user content
- ['google.genai', 'Member[types].Member[CreateCachedContentConfig].Argument[system_instruction:]', 'system-prompt-injection']
- ['google.genai', 'Member[types].Member[CreateCachedContentConfig].Argument[contents:]', 'user-prompt-injection']
- ['google', 'Member[genai].Member[types].Member[CreateCachedContentConfig].Argument[system_instruction:]', 'system-prompt-injection']
- ['google', 'Member[genai].Member[types].Member[CreateCachedContentConfig].Argument[contents:]', 'user-prompt-injection']
# User-level content
- ['GoogleGenAI', 'Member[models].Member[generate_content,generate_content_stream].Argument[contents:]', 'user-prompt-injection']
- ['GoogleGenAI', 'Member[models].Member[generate_images,generate_videos,edit_image].Argument[prompt:]', 'user-prompt-injection']
@@ -18,4 +20,4 @@ extensions:
pack: codeql/python-all
extensible: typeModel
data:
- ['GoogleGenAI', 'google.genai', 'Member[Client].ReturnValue']
- ['GoogleGenAI', 'google', 'Member[genai].Member[Client].ReturnValue']

View File

@@ -5,17 +5,28 @@ extensions:
data:
# Message constructors. The first positional argument or the `content` keyword
# carries the message text.
- ['langchain_core.messages', 'Member[SystemMessage].Argument[0]', 'system-prompt-injection']
- ['langchain_core.messages', 'Member[SystemMessage].Argument[content:]', 'system-prompt-injection']
- ['langchain.schema', 'Member[SystemMessage].Argument[0]', 'system-prompt-injection']
- ['langchain.schema', 'Member[SystemMessage].Argument[content:]', 'system-prompt-injection']
- ['langchain_core.messages', 'Member[HumanMessage].Argument[0]', 'user-prompt-injection']
- ['langchain_core.messages', 'Member[HumanMessage].Argument[content:]', 'user-prompt-injection']
- ['langchain.schema', 'Member[HumanMessage].Argument[0]', 'user-prompt-injection']
- ['langchain.schema', 'Member[HumanMessage].Argument[content:]', 'user-prompt-injection']
- ['langchain_core', 'Member[messages].Member[SystemMessage].Argument[0]', 'system-prompt-injection']
- ['langchain_core', 'Member[messages].Member[SystemMessage].Argument[content:]', 'system-prompt-injection']
- ['langchain', 'Member[schema].Member[SystemMessage].Argument[0]', 'system-prompt-injection']
- ['langchain', 'Member[schema].Member[SystemMessage].Argument[content:]', 'system-prompt-injection']
- ['langchain_core', 'Member[messages].Member[HumanMessage].Argument[0]', 'user-prompt-injection']
- ['langchain_core', 'Member[messages].Member[HumanMessage].Argument[content:]', 'user-prompt-injection']
- ['langchain', 'Member[schema].Member[HumanMessage].Argument[0]', 'user-prompt-injection']
- ['langchain', 'Member[schema].Member[HumanMessage].Argument[content:]', 'user-prompt-injection']
# Invoking a chat model with user input.
- ['LangChainChatModel', 'Member[invoke,stream,predict,call].Argument[0]', 'user-prompt-injection']
- ['LangChainChatModel', 'Member[batch].Argument[0].ListElement', 'user-prompt-injection']
- ['LangChainChatModel', 'Member[generate].Argument[0].ListElement.ListElement', 'user-prompt-injection']
# Prompt templates. User input embedded directly into a template.
- ['langchain_core', 'Member[prompts].Member[PromptTemplate].Instance.Member[format].Argument[any-named]', 'user-prompt-injection']
# Legacy `LLMChain` and `AgentExecutor` take the user input in the `input` field.
- ['LangChainLLMChain', 'Member[invoke].Argument[0].DictionaryElement[input]', 'user-prompt-injection']
- ['LangChainLLMChain', 'Member[run].Argument[0]', 'user-prompt-injection']
- ['LangChainAgentExecutor', 'Member[invoke].Argument[0].DictionaryElement[input]', 'user-prompt-injection']
# The `system_prompt` passed to `create_agent` is a system-level prompt.
- ['langchain', 'Member[agents].Member[create_agent].Argument[system_prompt:]', 'system-prompt-injection']
# The messages passed to a `create_agent` graph are user-level content.
- ['LangChainAgent', 'Member[invoke,stream].Argument[0].DictionaryElement[messages].ListElement.DictionaryElement[content]', 'user-prompt-injection']
- addsTo:
pack: codeql/python-all
@@ -29,3 +40,14 @@ extensions:
- ['LangChainChatModel', 'langchain_cohere', 'Member[ChatCohere].ReturnValue']
- ['LangChainChatModel', 'langchain_ollama', 'Member[ChatOllama].ReturnValue']
- ['LangChainChatModel', 'langchain_aws', 'Member[ChatBedrock,ChatBedrockConverse].ReturnValue']
- ['LangChainChatModel', 'langchain_fireworks', 'Member[ChatFireworks].ReturnValue']
- ['LangChainChatModel', 'langchain_together', 'Member[ChatTogether].ReturnValue']
- ['LangChainChatModel', 'langchain_xai', 'Member[ChatXAI].ReturnValue']
- ['LangChainChatModel', 'langchain', 'Member[chat_models].Member[init_chat_model].ReturnValue']
- ['LangChainLLMChain', 'langchain', 'Member[chains].Member[LLMChain].ReturnValue']
- ['LangChainLLMChain', 'langchain_classic', 'Member[chains].Member[LLMChain].ReturnValue']
- ['LangChainAgentExecutor', 'langchain', 'Member[agents].Member[AgentExecutor].ReturnValue']
- ['LangChainAgentExecutor', 'langchain_classic', 'Member[agents].Member[AgentExecutor].ReturnValue']
- ['LangChainAgentExecutor', 'langchain', 'Member[agents].Member[AgentExecutor].Member[from_agent_and_tools].ReturnValue']
- ['LangChainAgentExecutor', 'langchain_classic', 'Member[agents].Member[AgentExecutor].Member[from_agent_and_tools].ReturnValue']
- ['LangChainAgent', 'langchain', 'Member[agents].Member[create_agent].ReturnValue']

View File

@@ -10,6 +10,12 @@
| anthropic_test.py:45:16:45:37 | ControlFlowNode for BinaryExpr | anthropic_test.py:2:26:2:32 | ControlFlowNode for ImportMember | anthropic_test.py:45:16:45:37 | ControlFlowNode for BinaryExpr | This system prompt depends on a $@. | anthropic_test.py:2:26:2:32 | ControlFlowNode for ImportMember | user-provided value |
| anthropic_test.py:57:16:57:37 | ControlFlowNode for BinaryExpr | anthropic_test.py:2:26:2:32 | ControlFlowNode for ImportMember | anthropic_test.py:57:16:57:37 | ControlFlowNode for BinaryExpr | This system prompt depends on a $@. | anthropic_test.py:2:26:2:32 | ControlFlowNode for ImportMember | user-provided value |
| anthropic_test.py:63:16:63:37 | ControlFlowNode for BinaryExpr | anthropic_test.py:2:26:2:32 | ControlFlowNode for ImportMember | anthropic_test.py:63:16:63:37 | ControlFlowNode for BinaryExpr | This system prompt depends on a $@. | anthropic_test.py:2:26:2:32 | ControlFlowNode for ImportMember | user-provided value |
| gemini_test.py:21:33:21:49 | ControlFlowNode for BinaryExpr | gemini_test.py:3:26:3:32 | ControlFlowNode for ImportMember | gemini_test.py:21:33:21:49 | ControlFlowNode for BinaryExpr | This system prompt depends on a $@. | gemini_test.py:3:26:3:32 | ControlFlowNode for ImportMember | user-provided value |
| gemini_test.py:35:32:35:53 | ControlFlowNode for BinaryExpr | gemini_test.py:3:26:3:32 | ControlFlowNode for ImportMember | gemini_test.py:35:32:35:53 | ControlFlowNode for BinaryExpr | This system prompt depends on a $@. | gemini_test.py:3:26:3:32 | ControlFlowNode for ImportMember | user-provided value |
| gemini_test.py:43:32:43:53 | ControlFlowNode for BinaryExpr | gemini_test.py:3:26:3:32 | ControlFlowNode for ImportMember | gemini_test.py:43:32:43:53 | ControlFlowNode for BinaryExpr | This system prompt depends on a $@. | gemini_test.py:3:26:3:32 | ControlFlowNode for ImportMember | user-provided value |
| gemini_test.py:56:32:56:53 | ControlFlowNode for BinaryExpr | gemini_test.py:3:26:3:32 | ControlFlowNode for ImportMember | gemini_test.py:56:32:56:53 | ControlFlowNode for BinaryExpr | This system prompt depends on a $@. | gemini_test.py:3:26:3:32 | ControlFlowNode for ImportMember | user-provided value |
| langchain_test.py:17:35:17:58 | ControlFlowNode for BinaryExpr | langchain_test.py:3:26:3:32 | ControlFlowNode for ImportMember | langchain_test.py:17:35:17:58 | ControlFlowNode for BinaryExpr | This system prompt depends on a $@. | langchain_test.py:3:26:3:32 | ControlFlowNode for ImportMember | user-provided value |
| langchain_test.py:30:43:30:66 | ControlFlowNode for BinaryExpr | langchain_test.py:3:26:3:32 | ControlFlowNode for ImportMember | langchain_test.py:30:43:30:66 | ControlFlowNode for BinaryExpr | This system prompt depends on a $@. | langchain_test.py:3:26:3:32 | ControlFlowNode for ImportMember | user-provided value |
| openai_test.py:17:22:17:46 | ControlFlowNode for BinaryExpr | openai_test.py:2:26:2:32 | ControlFlowNode for ImportMember | openai_test.py:17:22:17:46 | ControlFlowNode for BinaryExpr | This system prompt depends on a $@. | openai_test.py:2:26:2:32 | ControlFlowNode for ImportMember | user-provided value |
| openai_test.py:22:22:22:46 | ControlFlowNode for BinaryExpr | openai_test.py:2:26:2:32 | ControlFlowNode for ImportMember | openai_test.py:22:22:22:46 | ControlFlowNode for BinaryExpr | This system prompt depends on a $@. | openai_test.py:2:26:2:32 | ControlFlowNode for ImportMember | user-provided value |
| openai_test.py:26:28:26:51 | ControlFlowNode for BinaryExpr | openai_test.py:2:26:2:32 | ControlFlowNode for ImportMember | openai_test.py:26:28:26:51 | ControlFlowNode for BinaryExpr | This system prompt depends on a $@. | openai_test.py:2:26:2:32 | ControlFlowNode for ImportMember | user-provided value |
@@ -47,6 +53,30 @@ edges
| anthropic_test.py:11:15:11:21 | ControlFlowNode for request | anthropic_test.py:11:15:11:26 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep |
| anthropic_test.py:11:15:11:26 | ControlFlowNode for Attribute | anthropic_test.py:11:15:11:41 | ControlFlowNode for Attribute() | provenance | dict.get |
| anthropic_test.py:11:15:11:41 | ControlFlowNode for Attribute() | anthropic_test.py:11:5:11:11 | ControlFlowNode for persona | provenance | |
| gemini_test.py:3:26:3:32 | ControlFlowNode for ImportMember | gemini_test.py:3:26:3:32 | ControlFlowNode for request | provenance | |
| gemini_test.py:3:26:3:32 | ControlFlowNode for request | gemini_test.py:11:15:11:21 | ControlFlowNode for request | provenance | |
| gemini_test.py:3:26:3:32 | ControlFlowNode for request | gemini_test.py:51:15:51:21 | ControlFlowNode for request | provenance | |
| gemini_test.py:11:5:11:11 | ControlFlowNode for persona | gemini_test.py:21:33:21:49 | ControlFlowNode for BinaryExpr | provenance | |
| gemini_test.py:11:5:11:11 | ControlFlowNode for persona | gemini_test.py:35:32:35:53 | ControlFlowNode for BinaryExpr | provenance | Sink:MaD:13 |
| gemini_test.py:11:5:11:11 | ControlFlowNode for persona | gemini_test.py:43:32:43:53 | ControlFlowNode for BinaryExpr | provenance | Sink:MaD:12 |
| gemini_test.py:11:15:11:21 | ControlFlowNode for request | gemini_test.py:11:15:11:26 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep |
| gemini_test.py:11:15:11:26 | ControlFlowNode for Attribute | gemini_test.py:11:15:11:41 | ControlFlowNode for Attribute() | provenance | dict.get |
| gemini_test.py:11:15:11:41 | ControlFlowNode for Attribute() | gemini_test.py:11:5:11:11 | ControlFlowNode for persona | provenance | |
| gemini_test.py:51:5:51:11 | ControlFlowNode for persona | gemini_test.py:56:32:56:53 | ControlFlowNode for BinaryExpr | provenance | Sink:MaD:14 |
| gemini_test.py:51:15:51:21 | ControlFlowNode for request | gemini_test.py:51:15:51:26 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep |
| gemini_test.py:51:15:51:26 | ControlFlowNode for Attribute | gemini_test.py:51:15:51:41 | ControlFlowNode for Attribute() | provenance | dict.get |
| gemini_test.py:51:15:51:41 | ControlFlowNode for Attribute() | gemini_test.py:51:5:51:11 | ControlFlowNode for persona | provenance | |
| langchain_test.py:3:26:3:32 | ControlFlowNode for ImportMember | langchain_test.py:3:26:3:32 | ControlFlowNode for request | provenance | |
| langchain_test.py:3:26:3:32 | ControlFlowNode for request | langchain_test.py:10:15:10:21 | ControlFlowNode for request | provenance | |
| langchain_test.py:3:26:3:32 | ControlFlowNode for request | langchain_test.py:28:15:28:21 | ControlFlowNode for request | provenance | |
| langchain_test.py:10:5:10:11 | ControlFlowNode for persona | langchain_test.py:17:35:17:58 | ControlFlowNode for BinaryExpr | provenance | Sink:MaD:16 |
| langchain_test.py:10:15:10:21 | ControlFlowNode for request | langchain_test.py:10:15:10:26 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep |
| langchain_test.py:10:15:10:26 | ControlFlowNode for Attribute | langchain_test.py:10:15:10:41 | ControlFlowNode for Attribute() | provenance | dict.get |
| langchain_test.py:10:15:10:41 | ControlFlowNode for Attribute() | langchain_test.py:10:5:10:11 | ControlFlowNode for persona | provenance | |
| langchain_test.py:28:5:28:11 | ControlFlowNode for persona | langchain_test.py:30:43:30:66 | ControlFlowNode for BinaryExpr | provenance | Sink:MaD:15 |
| langchain_test.py:28:15:28:21 | ControlFlowNode for request | langchain_test.py:28:15:28:26 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep |
| langchain_test.py:28:15:28:26 | ControlFlowNode for Attribute | langchain_test.py:28:15:28:41 | ControlFlowNode for Attribute() | provenance | dict.get |
| langchain_test.py:28:15:28:41 | ControlFlowNode for Attribute() | langchain_test.py:28:5:28:11 | ControlFlowNode for persona | provenance | |
| openai_test.py:2:26:2:32 | ControlFlowNode for ImportMember | openai_test.py:2:26:2:32 | ControlFlowNode for request | provenance | |
| openai_test.py:2:26:2:32 | ControlFlowNode for request | openai_test.py:12:15:12:21 | ControlFlowNode for request | provenance | |
| openai_test.py:12:5:12:11 | ControlFlowNode for persona | openai_test.py:17:22:17:46 | ControlFlowNode for BinaryExpr | provenance | Sink:MaD:6 |
@@ -79,6 +109,11 @@ models
| 9 | Sink: agents; Member[Agent].Argument[instructions:]; system-prompt-injection |
| 10 | Sink: agents; Member[Agent].ReturnValue.Member[as_tool].Argument[1,tool_description:]; system-prompt-injection |
| 11 | Sink: agents; Member[FunctionTool].Argument[description:]; system-prompt-injection |
| 12 | Sink: google; Member[genai].Member[types].Member[CreateCachedContentConfig].Argument[system_instruction:]; system-prompt-injection |
| 13 | Sink: google; Member[genai].Member[types].Member[GenerateContentConfig].Argument[system_instruction:]; system-prompt-injection |
| 14 | Sink: google; Member[genai].Member[types].Member[LiveConnectConfig].Argument[system_instruction:]; system-prompt-injection |
| 15 | Sink: langchain; Member[agents].Member[create_agent].Argument[system_prompt:]; system-prompt-injection |
| 16 | Sink: langchain_core; Member[messages].Member[SystemMessage].Argument[content:]; system-prompt-injection |
nodes
| agent_test.py:2:26:2:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember |
| agent_test.py:2:26:2:32 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
@@ -107,6 +142,32 @@ nodes
| anthropic_test.py:45:16:45:37 | ControlFlowNode for BinaryExpr | semmle.label | ControlFlowNode for BinaryExpr |
| anthropic_test.py:57:16:57:37 | ControlFlowNode for BinaryExpr | semmle.label | ControlFlowNode for BinaryExpr |
| anthropic_test.py:63:16:63:37 | ControlFlowNode for BinaryExpr | semmle.label | ControlFlowNode for BinaryExpr |
| gemini_test.py:3:26:3:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember |
| gemini_test.py:3:26:3:32 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
| gemini_test.py:11:5:11:11 | ControlFlowNode for persona | semmle.label | ControlFlowNode for persona |
| gemini_test.py:11:15:11:21 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
| gemini_test.py:11:15:11:26 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
| gemini_test.py:11:15:11:41 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| gemini_test.py:21:33:21:49 | ControlFlowNode for BinaryExpr | semmle.label | ControlFlowNode for BinaryExpr |
| gemini_test.py:35:32:35:53 | ControlFlowNode for BinaryExpr | semmle.label | ControlFlowNode for BinaryExpr |
| gemini_test.py:43:32:43:53 | ControlFlowNode for BinaryExpr | semmle.label | ControlFlowNode for BinaryExpr |
| gemini_test.py:51:5:51:11 | ControlFlowNode for persona | semmle.label | ControlFlowNode for persona |
| gemini_test.py:51:15:51:21 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
| gemini_test.py:51:15:51:26 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
| gemini_test.py:51:15:51:41 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| gemini_test.py:56:32:56:53 | ControlFlowNode for BinaryExpr | semmle.label | ControlFlowNode for BinaryExpr |
| langchain_test.py:3:26:3:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember |
| langchain_test.py:3:26:3:32 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
| langchain_test.py:10:5:10:11 | ControlFlowNode for persona | semmle.label | ControlFlowNode for persona |
| langchain_test.py:10:15:10:21 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
| langchain_test.py:10:15:10:26 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
| langchain_test.py:10:15:10:41 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| langchain_test.py:17:35:17:58 | ControlFlowNode for BinaryExpr | semmle.label | ControlFlowNode for BinaryExpr |
| langchain_test.py:28:5:28:11 | ControlFlowNode for persona | semmle.label | ControlFlowNode for persona |
| langchain_test.py:28:15:28:21 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
| langchain_test.py:28:15:28:26 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
| langchain_test.py:28:15:28:41 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| langchain_test.py:30:43:30:66 | ControlFlowNode for BinaryExpr | semmle.label | ControlFlowNode for BinaryExpr |
| openai_test.py:2:26:2:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember |
| openai_test.py:2:26:2:32 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
| openai_test.py:12:5:12:11 | ControlFlowNode for persona | semmle.label | ControlFlowNode for persona |
@@ -130,10 +191,3 @@ nodes
| openrouter_test.py:18:28:18:51 | ControlFlowNode for BinaryExpr | semmle.label | ControlFlowNode for BinaryExpr |
| openrouter_test.py:29:22:29:45 | ControlFlowNode for BinaryExpr | semmle.label | ControlFlowNode for BinaryExpr |
subpaths
testFailures
| gemini_test.py:3:35:3:44 | Comment # $ Source | Missing result: Source |
| gemini_test.py:21:52:21:88 | Comment # $ Alert[py/system-prompt-injection] | Missing result: Alert[py/system-prompt-injection] |
| gemini_test.py:35:57:35:93 | Comment # $ Alert[py/system-prompt-injection] | Missing result: Alert[py/system-prompt-injection] |
| gemini_test.py:43:57:43:93 | Comment # $ Alert[py/system-prompt-injection] | Missing result: Alert[py/system-prompt-injection] |
| langchain_test.py:3:35:3:44 | Comment # $ Source | Missing result: Source |
| langchain_test.py:17:63:17:99 | Comment # $ Alert[py/system-prompt-injection] | Missing result: Alert[py/system-prompt-injection] |

View File

@@ -44,3 +44,16 @@ def get_input_gemini():
),
)
print(cache)
@app.route("/gemini-live")
async def get_input_gemini_live():
persona = request.args.get("persona")
async with client.aio.live.connect(
model="gemini-2.0-flash",
config=types.LiveConnectConfig(
system_instruction="Talk like " + persona, # $ Alert[py/system-prompt-injection]
),
) as session:
print(session)

View File

@@ -19,3 +19,12 @@ def get_input_langchain():
]
)
print(result)
@app.route("/langchain-create-agent")
def get_input_langchain_create_agent():
from langchain.agents import create_agent
persona = request.args.get("persona")
create_agent("gpt-4.1", system_prompt="Talk like a " + persona) # $ Alert[py/system-prompt-injection]

View File

@@ -4,7 +4,24 @@
| agent_test.py:20:28:20:32 | ControlFlowNode for query | agent_test.py:2:26:2:32 | ControlFlowNode for ImportMember | agent_test.py:20:28:20:32 | ControlFlowNode for query | This prompt construction depends on a $@. | agent_test.py:2:26:2:32 | ControlFlowNode for ImportMember | user-provided value |
| anthropic_test.py:20:28:20:32 | ControlFlowNode for query | anthropic_test.py:2:26:2:32 | ControlFlowNode for ImportMember | anthropic_test.py:20:28:20:32 | ControlFlowNode for query | This prompt construction depends on a $@. | anthropic_test.py:2:26:2:32 | ControlFlowNode for ImportMember | user-provided value |
| anthropic_test.py:29:16:29:55 | ControlFlowNode for BinaryExpr | anthropic_test.py:2:26:2:32 | ControlFlowNode for ImportMember | anthropic_test.py:29:16:29:55 | ControlFlowNode for BinaryExpr | This prompt construction depends on a $@. | anthropic_test.py:2:26:2:32 | ControlFlowNode for ImportMember | user-provided value |
| gemini_test.py:15:18:15:22 | ControlFlowNode for query | gemini_test.py:3:26:3:32 | ControlFlowNode for ImportMember | gemini_test.py:15:18:15:22 | ControlFlowNode for query | This prompt construction depends on a $@. | gemini_test.py:3:26:3:32 | ControlFlowNode for ImportMember | user-provided value |
| gemini_test.py:20:18:29:9 | ControlFlowNode for List | gemini_test.py:3:26:3:32 | ControlFlowNode for ImportMember | gemini_test.py:20:18:29:9 | ControlFlowNode for List | This prompt construction depends on a $@. | gemini_test.py:3:26:3:32 | ControlFlowNode for ImportMember | user-provided value |
| gemini_test.py:25:33:25:37 | ControlFlowNode for query | gemini_test.py:3:26:3:32 | ControlFlowNode for ImportMember | gemini_test.py:25:33:25:37 | ControlFlowNode for query | This prompt construction depends on a $@. | gemini_test.py:3:26:3:32 | ControlFlowNode for ImportMember | user-provided value |
| gemini_test.py:33:35:33:58 | ControlFlowNode for BinaryExpr | gemini_test.py:3:26:3:32 | ControlFlowNode for ImportMember | gemini_test.py:33:35:33:58 | ControlFlowNode for BinaryExpr | This prompt construction depends on a $@. | gemini_test.py:3:26:3:32 | ControlFlowNode for ImportMember | user-provided value |
| gemini_test.py:37:16:37:20 | ControlFlowNode for query | gemini_test.py:3:26:3:32 | ControlFlowNode for ImportMember | gemini_test.py:37:16:37:20 | ControlFlowNode for query | This prompt construction depends on a $@. | gemini_test.py:3:26:3:32 | ControlFlowNode for ImportMember | user-provided value |
| gemini_test.py:43:22:43:26 | ControlFlowNode for query | gemini_test.py:3:26:3:32 | ControlFlowNode for ImportMember | gemini_test.py:43:22:43:26 | ControlFlowNode for query | This prompt construction depends on a $@. | gemini_test.py:3:26:3:32 | ControlFlowNode for ImportMember | user-provided value |
| langchain_test.py:17:34:17:38 | ControlFlowNode for query | langchain_test.py:3:26:3:32 | ControlFlowNode for ImportMember | langchain_test.py:17:34:17:38 | ControlFlowNode for query | This prompt construction depends on a $@. | langchain_test.py:3:26:3:32 | ControlFlowNode for ImportMember | user-provided value |
| langchain_test.py:21:28:21:51 | ControlFlowNode for BinaryExpr | langchain_test.py:3:26:3:32 | ControlFlowNode for ImportMember | langchain_test.py:21:28:21:51 | ControlFlowNode for BinaryExpr | This prompt construction depends on a $@. | langchain_test.py:3:26:3:32 | ControlFlowNode for ImportMember | user-provided value |
| langchain_test.py:34:28:34:32 | ControlFlowNode for query | langchain_test.py:3:26:3:32 | ControlFlowNode for ImportMember | langchain_test.py:34:28:34:32 | ControlFlowNode for query | This prompt construction depends on a $@. | langchain_test.py:3:26:3:32 | ControlFlowNode for ImportMember | user-provided value |
| langchain_test.py:35:27:35:31 | ControlFlowNode for query | langchain_test.py:3:26:3:32 | ControlFlowNode for ImportMember | langchain_test.py:35:27:35:31 | ControlFlowNode for query | This prompt construction depends on a $@. | langchain_test.py:3:26:3:32 | ControlFlowNode for ImportMember | user-provided value |
| langchain_test.py:36:22:36:26 | ControlFlowNode for query | langchain_test.py:3:26:3:32 | ControlFlowNode for ImportMember | langchain_test.py:36:22:36:26 | ControlFlowNode for query | This prompt construction depends on a $@. | langchain_test.py:3:26:3:32 | ControlFlowNode for ImportMember | user-provided value |
| langchain_test.py:37:39:37:43 | ControlFlowNode for query | langchain_test.py:3:26:3:32 | ControlFlowNode for ImportMember | langchain_test.py:37:39:37:43 | ControlFlowNode for query | This prompt construction depends on a $@. | langchain_test.py:3:26:3:32 | ControlFlowNode for ImportMember | user-provided value |
| langchain_test.py:40:22:40:26 | ControlFlowNode for query | langchain_test.py:3:26:3:32 | ControlFlowNode for ImportMember | langchain_test.py:40:22:40:26 | ControlFlowNode for query | This prompt construction depends on a $@. | langchain_test.py:3:26:3:32 | ControlFlowNode for ImportMember | user-provided value |
| langchain_test.py:50:30:50:34 | ControlFlowNode for query | langchain_test.py:3:26:3:32 | ControlFlowNode for ImportMember | langchain_test.py:50:30:50:34 | ControlFlowNode for query | This prompt construction depends on a $@. | langchain_test.py:3:26:3:32 | ControlFlowNode for ImportMember | user-provided value |
| langchain_test.py:61:28:61:32 | ControlFlowNode for query | langchain_test.py:3:26:3:32 | ControlFlowNode for ImportMember | langchain_test.py:61:28:61:32 | ControlFlowNode for query | This prompt construction depends on a $@. | langchain_test.py:3:26:3:32 | ControlFlowNode for ImportMember | user-provided value |
| langchain_test.py:62:15:62:19 | ControlFlowNode for query | langchain_test.py:3:26:3:32 | ControlFlowNode for ImportMember | langchain_test.py:62:15:62:19 | ControlFlowNode for query | This prompt construction depends on a $@. | langchain_test.py:3:26:3:32 | ControlFlowNode for ImportMember | user-provided value |
| langchain_test.py:65:31:65:35 | ControlFlowNode for query | langchain_test.py:3:26:3:32 | ControlFlowNode for ImportMember | langchain_test.py:65:31:65:35 | ControlFlowNode for query | This prompt construction depends on a $@. | langchain_test.py:3:26:3:32 | ControlFlowNode for ImportMember | user-provided value |
| langchain_test.py:68:60:68:64 | ControlFlowNode for query | langchain_test.py:3:26:3:32 | ControlFlowNode for ImportMember | langchain_test.py:68:60:68:64 | ControlFlowNode for query | This prompt construction depends on a $@. | langchain_test.py:3:26:3:32 | ControlFlowNode for ImportMember | user-provided value |
| openai_test.py:16:15:16:19 | ControlFlowNode for query | openai_test.py:2:26:2:32 | ControlFlowNode for ImportMember | openai_test.py:16:15:16:19 | ControlFlowNode for query | This prompt construction depends on a $@. | openai_test.py:2:26:2:32 | ControlFlowNode for ImportMember | user-provided value |
| openai_test.py:20:15:29:9 | ControlFlowNode for List | openai_test.py:2:26:2:32 | ControlFlowNode for ImportMember | openai_test.py:20:15:29:9 | ControlFlowNode for List | This prompt construction depends on a $@. | openai_test.py:2:26:2:32 | ControlFlowNode for ImportMember | user-provided value |
| openai_test.py:27:28:27:32 | ControlFlowNode for query | openai_test.py:2:26:2:32 | ControlFlowNode for ImportMember | openai_test.py:27:28:27:32 | ControlFlowNode for query | This prompt construction depends on a $@. | openai_test.py:2:26:2:32 | ControlFlowNode for ImportMember | user-provided value |
@@ -20,13 +37,13 @@
edges
| agent_test.py:2:26:2:32 | ControlFlowNode for ImportMember | agent_test.py:2:26:2:32 | ControlFlowNode for request | provenance | |
| agent_test.py:2:26:2:32 | ControlFlowNode for request | agent_test.py:9:13:9:19 | ControlFlowNode for request | provenance | |
| agent_test.py:9:5:9:9 | ControlFlowNode for query | agent_test.py:13:38:13:42 | ControlFlowNode for query | provenance | Sink:MaD:9 |
| agent_test.py:9:5:9:9 | ControlFlowNode for query | agent_test.py:13:38:13:42 | ControlFlowNode for query | provenance | Sink:MaD:17 |
| agent_test.py:9:5:9:9 | ControlFlowNode for query | agent_test.py:20:28:20:32 | ControlFlowNode for query | provenance | |
| agent_test.py:9:5:9:9 | ControlFlowNode for query | agent_test.py:20:28:20:32 | ControlFlowNode for query | provenance | |
| agent_test.py:9:13:9:19 | ControlFlowNode for request | agent_test.py:9:13:9:24 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep |
| agent_test.py:9:13:9:24 | ControlFlowNode for Attribute | agent_test.py:9:13:9:37 | ControlFlowNode for Attribute() | provenance | dict.get |
| agent_test.py:9:13:9:37 | ControlFlowNode for Attribute() | agent_test.py:9:5:9:9 | ControlFlowNode for query | provenance | |
| agent_test.py:18:13:21:13 | ControlFlowNode for Dict [Dictionary element at key content] | agent_test.py:17:15:22:9 | ControlFlowNode for List | provenance | Sink:MaD:10 Sink:MaD:10 |
| agent_test.py:18:13:21:13 | ControlFlowNode for Dict [Dictionary element at key content] | agent_test.py:17:15:22:9 | ControlFlowNode for List | provenance | Sink:MaD:18 Sink:MaD:18 |
| agent_test.py:20:28:20:32 | ControlFlowNode for query | agent_test.py:18:13:21:13 | ControlFlowNode for Dict [Dictionary element at key content] | provenance | |
| anthropic_test.py:2:26:2:32 | ControlFlowNode for ImportMember | anthropic_test.py:2:26:2:32 | ControlFlowNode for request | provenance | |
| anthropic_test.py:2:26:2:32 | ControlFlowNode for request | anthropic_test.py:10:15:10:21 | ControlFlowNode for request | provenance | |
@@ -37,12 +54,52 @@ edges
| anthropic_test.py:11:13:11:19 | ControlFlowNode for request | anthropic_test.py:11:13:11:24 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep |
| anthropic_test.py:11:13:11:24 | ControlFlowNode for Attribute | anthropic_test.py:11:13:11:37 | ControlFlowNode for Attribute() | provenance | dict.get |
| anthropic_test.py:11:13:11:37 | ControlFlowNode for Attribute() | anthropic_test.py:11:5:11:9 | ControlFlowNode for query | provenance | |
| gemini_test.py:3:26:3:32 | ControlFlowNode for ImportMember | gemini_test.py:3:26:3:32 | ControlFlowNode for request | provenance | |
| gemini_test.py:3:26:3:32 | ControlFlowNode for request | gemini_test.py:11:13:11:19 | ControlFlowNode for request | provenance | |
| gemini_test.py:11:5:11:9 | ControlFlowNode for query | gemini_test.py:15:18:15:22 | ControlFlowNode for query | provenance | Sink:MaD:3 |
| gemini_test.py:11:5:11:9 | ControlFlowNode for query | gemini_test.py:25:33:25:37 | ControlFlowNode for query | provenance | |
| gemini_test.py:11:5:11:9 | ControlFlowNode for query | gemini_test.py:25:33:25:37 | ControlFlowNode for query | provenance | |
| gemini_test.py:11:5:11:9 | ControlFlowNode for query | gemini_test.py:33:35:33:58 | ControlFlowNode for BinaryExpr | provenance | Sink:MaD:2 |
| gemini_test.py:11:5:11:9 | ControlFlowNode for query | gemini_test.py:37:16:37:20 | ControlFlowNode for query | provenance | Sink:MaD:4 |
| gemini_test.py:11:5:11:9 | ControlFlowNode for query | gemini_test.py:43:22:43:26 | ControlFlowNode for query | provenance | Sink:MaD:19 |
| gemini_test.py:11:13:11:19 | ControlFlowNode for request | gemini_test.py:11:13:11:24 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep |
| gemini_test.py:11:13:11:24 | ControlFlowNode for Attribute | gemini_test.py:11:13:11:37 | ControlFlowNode for Attribute() | provenance | dict.get |
| gemini_test.py:11:13:11:37 | ControlFlowNode for Attribute() | gemini_test.py:11:5:11:9 | ControlFlowNode for query | provenance | |
| gemini_test.py:21:13:28:13 | ControlFlowNode for Dict [Dictionary element at key parts, List element, Dictionary element at key text] | gemini_test.py:20:18:29:9 | ControlFlowNode for List | provenance | Sink:MaD:3 Sink:MaD:3 |
| gemini_test.py:21:13:28:13 | ControlFlowNode for Dict [Dictionary element at key parts, List element, Dictionary element at key text] | gemini_test.py:20:18:29:9 | ControlFlowNode for List | provenance | Sink:MaD:3 Sink:MaD:3 Sink:MaD:3 |
| gemini_test.py:21:13:28:13 | ControlFlowNode for Dict [Dictionary element at key parts, List element, Dictionary element at key text] | gemini_test.py:20:18:29:9 | ControlFlowNode for List | provenance | Sink:MaD:3 Sink:MaD:3 Sink:MaD:3 Sink:MaD:3 |
| gemini_test.py:23:26:27:17 | ControlFlowNode for List [List element, Dictionary element at key text] | gemini_test.py:21:13:28:13 | ControlFlowNode for Dict [Dictionary element at key parts, List element, Dictionary element at key text] | provenance | |
| gemini_test.py:24:21:26:21 | ControlFlowNode for Dict [Dictionary element at key text] | gemini_test.py:23:26:27:17 | ControlFlowNode for List [List element, Dictionary element at key text] | provenance | |
| gemini_test.py:25:33:25:37 | ControlFlowNode for query | gemini_test.py:24:21:26:21 | ControlFlowNode for Dict [Dictionary element at key text] | provenance | |
| langchain_test.py:3:26:3:32 | ControlFlowNode for ImportMember | langchain_test.py:3:26:3:32 | ControlFlowNode for request | provenance | |
| langchain_test.py:3:26:3:32 | ControlFlowNode for request | langchain_test.py:10:13:10:19 | ControlFlowNode for request | provenance | |
| langchain_test.py:10:5:10:9 | ControlFlowNode for query | langchain_test.py:21:28:21:51 | ControlFlowNode for BinaryExpr | provenance | Sink:MaD:2 |
| langchain_test.py:3:26:3:32 | ControlFlowNode for request | langchain_test.py:32:13:32:19 | ControlFlowNode for request | provenance | |
| langchain_test.py:3:26:3:32 | ControlFlowNode for request | langchain_test.py:47:13:47:19 | ControlFlowNode for request | provenance | |
| langchain_test.py:3:26:3:32 | ControlFlowNode for request | langchain_test.py:58:13:58:19 | ControlFlowNode for request | provenance | |
| langchain_test.py:10:5:10:9 | ControlFlowNode for query | langchain_test.py:17:34:17:38 | ControlFlowNode for query | provenance | Sink:MaD:20 |
| langchain_test.py:10:5:10:9 | ControlFlowNode for query | langchain_test.py:21:28:21:51 | ControlFlowNode for BinaryExpr | provenance | Sink:MaD:8 |
| langchain_test.py:10:13:10:19 | ControlFlowNode for request | langchain_test.py:10:13:10:24 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep |
| langchain_test.py:10:13:10:24 | ControlFlowNode for Attribute | langchain_test.py:10:13:10:37 | ControlFlowNode for Attribute() | provenance | dict.get |
| langchain_test.py:10:13:10:37 | ControlFlowNode for Attribute() | langchain_test.py:10:5:10:9 | ControlFlowNode for query | provenance | |
| langchain_test.py:32:5:32:9 | ControlFlowNode for query | langchain_test.py:34:28:34:32 | ControlFlowNode for query | provenance | Sink:MaD:8 |
| langchain_test.py:32:5:32:9 | ControlFlowNode for query | langchain_test.py:35:27:35:31 | ControlFlowNode for query | provenance | Sink:MaD:8 |
| langchain_test.py:32:5:32:9 | ControlFlowNode for query | langchain_test.py:36:22:36:26 | ControlFlowNode for query | provenance | Sink:MaD:8 |
| langchain_test.py:32:5:32:9 | ControlFlowNode for query | langchain_test.py:37:39:37:43 | ControlFlowNode for query | provenance | Sink:MaD:8 |
| langchain_test.py:32:5:32:9 | ControlFlowNode for query | langchain_test.py:40:22:40:26 | ControlFlowNode for query | provenance | Sink:MaD:7 |
| langchain_test.py:32:13:32:19 | ControlFlowNode for request | langchain_test.py:32:13:32:24 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep |
| langchain_test.py:32:13:32:24 | ControlFlowNode for Attribute | langchain_test.py:32:13:32:37 | ControlFlowNode for Attribute() | provenance | dict.get |
| langchain_test.py:32:13:32:37 | ControlFlowNode for Attribute() | langchain_test.py:32:5:32:9 | ControlFlowNode for query | provenance | |
| langchain_test.py:47:5:47:9 | ControlFlowNode for query | langchain_test.py:50:30:50:34 | ControlFlowNode for query | provenance | Sink:MaD:21 |
| langchain_test.py:47:13:47:19 | ControlFlowNode for request | langchain_test.py:47:13:47:24 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep |
| langchain_test.py:47:13:47:24 | ControlFlowNode for Attribute | langchain_test.py:47:13:47:37 | ControlFlowNode for Attribute() | provenance | dict.get |
| langchain_test.py:47:13:47:37 | ControlFlowNode for Attribute() | langchain_test.py:47:5:47:9 | ControlFlowNode for query | provenance | |
| langchain_test.py:58:5:58:9 | ControlFlowNode for query | langchain_test.py:61:28:61:32 | ControlFlowNode for query | provenance | Sink:MaD:9 |
| langchain_test.py:58:5:58:9 | ControlFlowNode for query | langchain_test.py:62:15:62:19 | ControlFlowNode for query | provenance | Sink:MaD:10 |
| langchain_test.py:58:5:58:9 | ControlFlowNode for query | langchain_test.py:65:31:65:35 | ControlFlowNode for query | provenance | Sink:MaD:6 |
| langchain_test.py:58:5:58:9 | ControlFlowNode for query | langchain_test.py:68:60:68:64 | ControlFlowNode for query | provenance | Sink:MaD:5 |
| langchain_test.py:58:13:58:19 | ControlFlowNode for request | langchain_test.py:58:13:58:24 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep |
| langchain_test.py:58:13:58:24 | ControlFlowNode for Attribute | langchain_test.py:58:13:58:37 | ControlFlowNode for Attribute() | provenance | dict.get |
| langchain_test.py:58:13:58:37 | ControlFlowNode for Attribute() | langchain_test.py:58:5:58:9 | ControlFlowNode for query | provenance | |
| openai_test.py:2:26:2:32 | ControlFlowNode for ImportMember | openai_test.py:2:26:2:32 | ControlFlowNode for request | provenance | |
| openai_test.py:2:26:2:32 | ControlFlowNode for request | openai_test.py:10:15:10:21 | ControlFlowNode for request | provenance | |
| openai_test.py:2:26:2:32 | ControlFlowNode for request | openai_test.py:11:13:11:19 | ControlFlowNode for request | provenance | |
@@ -51,41 +108,52 @@ edges
| openai_test.py:10:15:10:21 | ControlFlowNode for request | openai_test.py:11:13:11:24 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep |
| openai_test.py:10:15:10:26 | ControlFlowNode for Attribute | openai_test.py:10:15:10:41 | ControlFlowNode for Attribute() | provenance | dict.get |
| openai_test.py:10:15:10:41 | ControlFlowNode for Attribute() | openai_test.py:10:5:10:11 | ControlFlowNode for persona | provenance | |
| openai_test.py:11:5:11:9 | ControlFlowNode for query | openai_test.py:16:15:16:19 | ControlFlowNode for query | provenance | Sink:MaD:5 |
| openai_test.py:11:5:11:9 | ControlFlowNode for query | openai_test.py:16:15:16:19 | ControlFlowNode for query | provenance | Sink:MaD:13 |
| openai_test.py:11:5:11:9 | ControlFlowNode for query | openai_test.py:27:28:27:32 | ControlFlowNode for query | provenance | |
| openai_test.py:11:5:11:9 | ControlFlowNode for query | openai_test.py:27:28:27:32 | ControlFlowNode for query | provenance | |
| openai_test.py:11:5:11:9 | ControlFlowNode for query | openai_test.py:40:28:40:32 | ControlFlowNode for query | provenance | |
| openai_test.py:11:5:11:9 | ControlFlowNode for query | openai_test.py:44:28:44:32 | ControlFlowNode for query | provenance | |
| openai_test.py:11:5:11:9 | ControlFlowNode for query | openai_test.py:51:16:51:36 | ControlFlowNode for BinaryExpr | provenance | Sink:MaD:3 |
| openai_test.py:11:5:11:9 | ControlFlowNode for query | openai_test.py:55:16:55:38 | ControlFlowNode for BinaryExpr | provenance | Sink:MaD:4 |
| openai_test.py:11:5:11:9 | ControlFlowNode for query | openai_test.py:60:16:60:36 | ControlFlowNode for BinaryExpr | provenance | Sink:MaD:6 |
| openai_test.py:11:5:11:9 | ControlFlowNode for query | openai_test.py:51:16:51:36 | ControlFlowNode for BinaryExpr | provenance | Sink:MaD:11 |
| openai_test.py:11:5:11:9 | ControlFlowNode for query | openai_test.py:55:16:55:38 | ControlFlowNode for BinaryExpr | provenance | Sink:MaD:12 |
| openai_test.py:11:5:11:9 | ControlFlowNode for query | openai_test.py:60:16:60:36 | ControlFlowNode for BinaryExpr | provenance | Sink:MaD:14 |
| openai_test.py:11:5:11:9 | ControlFlowNode for query | openai_test.py:66:17:66:43 | ControlFlowNode for BinaryExpr | provenance | |
| openai_test.py:11:13:11:19 | ControlFlowNode for request | openai_test.py:11:13:11:24 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep |
| openai_test.py:11:13:11:24 | ControlFlowNode for Attribute | openai_test.py:11:13:11:37 | ControlFlowNode for Attribute() | provenance | dict.get |
| openai_test.py:11:13:11:37 | ControlFlowNode for Attribute() | openai_test.py:11:5:11:9 | ControlFlowNode for query | provenance | |
| openai_test.py:21:13:24:13 | ControlFlowNode for Dict [Dictionary element at key content] | openai_test.py:20:15:29:9 | ControlFlowNode for List | provenance | Sink:MaD:5 Sink:MaD:5 |
| openai_test.py:21:13:24:13 | ControlFlowNode for Dict [Dictionary element at key content] | openai_test.py:20:15:29:9 | ControlFlowNode for List | provenance | Sink:MaD:13 Sink:MaD:13 |
| openai_test.py:23:28:23:51 | ControlFlowNode for BinaryExpr | openai_test.py:21:13:24:13 | ControlFlowNode for Dict [Dictionary element at key content] | provenance | |
| openai_test.py:25:13:28:13 | ControlFlowNode for Dict [Dictionary element at key content] | openai_test.py:20:15:29:9 | ControlFlowNode for List | provenance | Sink:MaD:5 Sink:MaD:5 |
| openai_test.py:25:13:28:13 | ControlFlowNode for Dict [Dictionary element at key content] | openai_test.py:20:15:29:9 | ControlFlowNode for List | provenance | Sink:MaD:13 Sink:MaD:13 |
| openai_test.py:27:28:27:32 | ControlFlowNode for query | openai_test.py:25:13:28:13 | ControlFlowNode for Dict [Dictionary element at key content] | provenance | |
| openrouter_test.py:2:26:2:32 | ControlFlowNode for ImportMember | openrouter_test.py:2:26:2:32 | ControlFlowNode for request | provenance | |
| openrouter_test.py:2:26:2:32 | ControlFlowNode for request | openrouter_test.py:10:13:10:19 | ControlFlowNode for request | provenance | |
| openrouter_test.py:10:5:10:9 | ControlFlowNode for query | openrouter_test.py:21:28:21:32 | ControlFlowNode for query | provenance | |
| openrouter_test.py:10:5:10:9 | ControlFlowNode for query | openrouter_test.py:29:15:29:19 | ControlFlowNode for query | provenance | Sink:MaD:8 |
| openrouter_test.py:10:5:10:9 | ControlFlowNode for query | openrouter_test.py:34:15:34:19 | ControlFlowNode for query | provenance | Sink:MaD:7 |
| openrouter_test.py:10:5:10:9 | ControlFlowNode for query | openrouter_test.py:29:15:29:19 | ControlFlowNode for query | provenance | Sink:MaD:16 |
| openrouter_test.py:10:5:10:9 | ControlFlowNode for query | openrouter_test.py:34:15:34:19 | ControlFlowNode for query | provenance | Sink:MaD:15 |
| openrouter_test.py:10:13:10:19 | ControlFlowNode for request | openrouter_test.py:10:13:10:24 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep |
| openrouter_test.py:10:13:10:24 | ControlFlowNode for Attribute | openrouter_test.py:10:13:10:37 | ControlFlowNode for Attribute() | provenance | dict.get |
| openrouter_test.py:10:13:10:37 | ControlFlowNode for Attribute() | openrouter_test.py:10:5:10:9 | ControlFlowNode for query | provenance | |
models
| 1 | Sink: Anthropic; Member[completions].Member[create].Argument[prompt:]; user-prompt-injection |
| 2 | Sink: LangChainChatModel; Member[invoke,stream,predict,call].Argument[0]; user-prompt-injection |
| 3 | Sink: OpenAI; Member[completions].Member[create].Argument[prompt:]; user-prompt-injection |
| 4 | Sink: OpenAI; Member[images].Member[generate,edit].Argument[prompt:]; user-prompt-injection |
| 5 | Sink: OpenAI; Member[responses].Member[create].Argument[input:]; user-prompt-injection |
| 6 | Sink: OpenAI; Member[videos].Member[create,create_and_poll,edit,remix,extend].Argument[prompt:]; user-prompt-injection |
| 7 | Sink: OpenRouter; Member[embeddings].Member[generate].Argument[input:]; user-prompt-injection |
| 8 | Sink: OpenRouter; Member[responses].Member[send].Argument[input:]; user-prompt-injection |
| 9 | Sink: agents; Member[Runner].Member[run,run_sync,run_streamed].Argument[1]; user-prompt-injection |
| 10 | Sink: agents; Member[Runner].Member[run,run_sync,run_streamed].Argument[input:]; user-prompt-injection |
| 2 | Sink: GoogleGenAI; Member[chats].Member[create].ReturnValue.Member[send_message,send_message_stream].Argument[0]; user-prompt-injection |
| 3 | Sink: GoogleGenAI; Member[models].Member[generate_content,generate_content_stream].Argument[contents:]; user-prompt-injection |
| 4 | Sink: GoogleGenAI; Member[models].Member[generate_images,generate_videos,edit_image].Argument[prompt:]; user-prompt-injection |
| 5 | Sink: LangChainAgent; Member[invoke,stream].Argument[0].DictionaryElement[messages].ListElement.DictionaryElement[content]; user-prompt-injection |
| 6 | Sink: LangChainAgentExecutor; Member[invoke].Argument[0].DictionaryElement[input]; user-prompt-injection |
| 7 | Sink: LangChainChatModel; Member[generate].Argument[0].ListElement.ListElement; user-prompt-injection |
| 8 | Sink: LangChainChatModel; Member[invoke,stream,predict,call].Argument[0]; user-prompt-injection |
| 9 | Sink: LangChainLLMChain; Member[invoke].Argument[0].DictionaryElement[input]; user-prompt-injection |
| 10 | Sink: LangChainLLMChain; Member[run].Argument[0]; user-prompt-injection |
| 11 | Sink: OpenAI; Member[completions].Member[create].Argument[prompt:]; user-prompt-injection |
| 12 | Sink: OpenAI; Member[images].Member[generate,edit].Argument[prompt:]; user-prompt-injection |
| 13 | Sink: OpenAI; Member[responses].Member[create].Argument[input:]; user-prompt-injection |
| 14 | Sink: OpenAI; Member[videos].Member[create,create_and_poll,edit,remix,extend].Argument[prompt:]; user-prompt-injection |
| 15 | Sink: OpenRouter; Member[embeddings].Member[generate].Argument[input:]; user-prompt-injection |
| 16 | Sink: OpenRouter; Member[responses].Member[send].Argument[input:]; user-prompt-injection |
| 17 | Sink: agents; Member[Runner].Member[run,run_sync,run_streamed].Argument[1]; user-prompt-injection |
| 18 | Sink: agents; Member[Runner].Member[run,run_sync,run_streamed].Argument[input:]; user-prompt-injection |
| 19 | Sink: google; Member[genai].Member[types].Member[CreateCachedContentConfig].Argument[contents:]; user-prompt-injection |
| 20 | Sink: langchain_core; Member[messages].Member[HumanMessage].Argument[content:]; user-prompt-injection |
| 21 | Sink: langchain_core; Member[prompts].Member[PromptTemplate].Instance.Member[format].Argument[any-named]; user-prompt-injection |
nodes
| agent_test.py:2:26:2:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember |
| agent_test.py:2:26:2:32 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
@@ -107,13 +175,52 @@ nodes
| anthropic_test.py:11:13:11:37 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| anthropic_test.py:20:28:20:32 | ControlFlowNode for query | semmle.label | ControlFlowNode for query |
| anthropic_test.py:29:16:29:55 | ControlFlowNode for BinaryExpr | semmle.label | ControlFlowNode for BinaryExpr |
| gemini_test.py:3:26:3:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember |
| gemini_test.py:3:26:3:32 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
| gemini_test.py:11:5:11:9 | ControlFlowNode for query | semmle.label | ControlFlowNode for query |
| gemini_test.py:11:13:11:19 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
| gemini_test.py:11:13:11:24 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
| gemini_test.py:11:13:11:37 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| gemini_test.py:15:18:15:22 | ControlFlowNode for query | semmle.label | ControlFlowNode for query |
| gemini_test.py:20:18:29:9 | ControlFlowNode for List | semmle.label | ControlFlowNode for List |
| gemini_test.py:21:13:28:13 | ControlFlowNode for Dict [Dictionary element at key parts, List element, Dictionary element at key text] | semmle.label | ControlFlowNode for Dict [Dictionary element at key parts, List element, Dictionary element at key text] |
| gemini_test.py:23:26:27:17 | ControlFlowNode for List [List element, Dictionary element at key text] | semmle.label | ControlFlowNode for List [List element, Dictionary element at key text] |
| gemini_test.py:24:21:26:21 | ControlFlowNode for Dict [Dictionary element at key text] | semmle.label | ControlFlowNode for Dict [Dictionary element at key text] |
| gemini_test.py:25:33:25:37 | ControlFlowNode for query | semmle.label | ControlFlowNode for query |
| gemini_test.py:25:33:25:37 | ControlFlowNode for query | semmle.label | ControlFlowNode for query |
| gemini_test.py:33:35:33:58 | ControlFlowNode for BinaryExpr | semmle.label | ControlFlowNode for BinaryExpr |
| gemini_test.py:37:16:37:20 | ControlFlowNode for query | semmle.label | ControlFlowNode for query |
| gemini_test.py:43:22:43:26 | ControlFlowNode for query | semmle.label | ControlFlowNode for query |
| langchain_test.py:3:26:3:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember |
| langchain_test.py:3:26:3:32 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
| langchain_test.py:10:5:10:9 | ControlFlowNode for query | semmle.label | ControlFlowNode for query |
| langchain_test.py:10:13:10:19 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
| langchain_test.py:10:13:10:24 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
| langchain_test.py:10:13:10:37 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| langchain_test.py:17:34:17:38 | ControlFlowNode for query | semmle.label | ControlFlowNode for query |
| langchain_test.py:21:28:21:51 | ControlFlowNode for BinaryExpr | semmle.label | ControlFlowNode for BinaryExpr |
| langchain_test.py:32:5:32:9 | ControlFlowNode for query | semmle.label | ControlFlowNode for query |
| langchain_test.py:32:13:32:19 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
| langchain_test.py:32:13:32:24 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
| langchain_test.py:32:13:32:37 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| langchain_test.py:34:28:34:32 | ControlFlowNode for query | semmle.label | ControlFlowNode for query |
| langchain_test.py:35:27:35:31 | ControlFlowNode for query | semmle.label | ControlFlowNode for query |
| langchain_test.py:36:22:36:26 | ControlFlowNode for query | semmle.label | ControlFlowNode for query |
| langchain_test.py:37:39:37:43 | ControlFlowNode for query | semmle.label | ControlFlowNode for query |
| langchain_test.py:40:22:40:26 | ControlFlowNode for query | semmle.label | ControlFlowNode for query |
| langchain_test.py:47:5:47:9 | ControlFlowNode for query | semmle.label | ControlFlowNode for query |
| langchain_test.py:47:13:47:19 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
| langchain_test.py:47:13:47:24 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
| langchain_test.py:47:13:47:37 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| langchain_test.py:50:30:50:34 | ControlFlowNode for query | semmle.label | ControlFlowNode for query |
| langchain_test.py:58:5:58:9 | ControlFlowNode for query | semmle.label | ControlFlowNode for query |
| langchain_test.py:58:13:58:19 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
| langchain_test.py:58:13:58:24 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
| langchain_test.py:58:13:58:37 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| langchain_test.py:61:28:61:32 | ControlFlowNode for query | semmle.label | ControlFlowNode for query |
| langchain_test.py:62:15:62:19 | ControlFlowNode for query | semmle.label | ControlFlowNode for query |
| langchain_test.py:65:31:65:35 | ControlFlowNode for query | semmle.label | ControlFlowNode for query |
| langchain_test.py:68:60:68:64 | ControlFlowNode for query | semmle.label | ControlFlowNode for query |
| openai_test.py:2:26:2:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember |
| openai_test.py:2:26:2:32 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
| openai_test.py:10:5:10:11 | ControlFlowNode for persona | semmle.label | ControlFlowNode for persona |
@@ -149,11 +256,5 @@ nodes
subpaths
testFailures
| agent_test.py:17:15:22:9 | ControlFlowNode for List | Unexpected result: Alert |
| gemini_test.py:3:35:3:44 | Comment # $ Source | Missing result: Source |
| gemini_test.py:15:26:15:60 | Comment # $ Alert[py/user-prompt-injection] | Missing result: Alert[py/user-prompt-injection] |
| gemini_test.py:25:40:25:74 | Comment # $ Alert[py/user-prompt-injection] | Missing result: Alert[py/user-prompt-injection] |
| gemini_test.py:33:62:33:96 | Comment # $ Alert[py/user-prompt-injection] | Missing result: Alert[py/user-prompt-injection] |
| gemini_test.py:37:24:37:58 | Comment # $ Alert[py/user-prompt-injection] | Missing result: Alert[py/user-prompt-injection] |
| gemini_test.py:43:30:43:64 | Comment # $ Alert[py/user-prompt-injection] | Missing result: Alert[py/user-prompt-injection] |
| langchain_test.py:17:43:17:77 | Comment # $ Alert[py/user-prompt-injection] | Missing result: Alert[py/user-prompt-injection] |
| gemini_test.py:20:18:29:9 | ControlFlowNode for List | Unexpected result: Alert |
| openai_test.py:20:15:29:9 | ControlFlowNode for List | Unexpected result: Alert |

View File

@@ -20,3 +20,49 @@ def get_input_langchain():
result2 = model.invoke("Tell me about " + query) # $ Alert[py/user-prompt-injection]
print(result1, result2)
@app.route("/langchain-providers")
def get_input_langchain_providers():
from langchain_fireworks import ChatFireworks
from langchain_together import ChatTogether
from langchain_xai import ChatXAI
from langchain.chat_models import init_chat_model
query = request.args.get("query")
ChatFireworks().invoke(query) # $ Alert[py/user-prompt-injection]
ChatTogether().invoke(query) # $ Alert[py/user-prompt-injection]
ChatXAI().invoke(query) # $ Alert[py/user-prompt-injection]
init_chat_model("gpt-4.1").invoke(query) # $ Alert[py/user-prompt-injection]
model = ChatOpenAI(model="gpt-4.1")
model.generate([[query]]) # $ Alert[py/user-prompt-injection]
@app.route("/langchain-prompts")
def get_input_langchain_prompts():
from langchain_core.prompts import PromptTemplate
query = request.args.get("query")
template = PromptTemplate(template="Answer: {question}", input_variables=["question"])
template.format(question=query) # $ Alert[py/user-prompt-injection]
@app.route("/langchain-chains")
def get_input_langchain_chains():
from langchain.chains import LLMChain
from langchain.agents import AgentExecutor, create_agent
query = request.args.get("query")
chain = LLMChain()
chain.invoke({"input": query}) # $ Alert[py/user-prompt-injection]
chain.run(query) # $ Alert[py/user-prompt-injection]
executor = AgentExecutor()
executor.invoke({"input": query}) # $ Alert[py/user-prompt-injection]
agent = create_agent("gpt-4.1")
agent.invoke({"messages": [{"role": "user", "content": query}]}) # $ Alert[py/user-prompt-injection]