mirror of
https://github.com/github/codeql.git
synced 2026-07-03 10:35:29 +02:00
Fix google genai models
This commit is contained in:
@@ -16,7 +16,7 @@ private import semmle.python.ApiGraphs
|
||||
module GoogleGenAI {
|
||||
/** Gets a reference to a `google.genai.Client` instance. */
|
||||
private API::Node clientRef() {
|
||||
result = API::moduleImport("google.genai").getMember("Client").getReturn()
|
||||
result = API::moduleImport("google").getMember("genai").getMember("Client").getReturn()
|
||||
}
|
||||
|
||||
/** Gets the content dictionaries passed to `models.generate_content`/`generate_content_stream`. */
|
||||
|
||||
@@ -4,10 +4,12 @@ extensions:
|
||||
extensible: sinkModel
|
||||
data:
|
||||
# `system_instruction` on the generation config is a system-level prompt
|
||||
- ['google.genai', 'Member[types].Member[GenerateContentConfig].Argument[system_instruction:]', 'system-prompt-injection']
|
||||
- ['google', 'Member[genai].Member[types].Member[GenerateContentConfig].Argument[system_instruction:]', 'system-prompt-injection']
|
||||
# The Live API connect config carries a system instruction
|
||||
- ['google', 'Member[genai].Member[types].Member[LiveConnectConfig].Argument[system_instruction:]', 'system-prompt-injection']
|
||||
# Cached content carries a system instruction and user content
|
||||
- ['google.genai', 'Member[types].Member[CreateCachedContentConfig].Argument[system_instruction:]', 'system-prompt-injection']
|
||||
- ['google.genai', 'Member[types].Member[CreateCachedContentConfig].Argument[contents:]', 'user-prompt-injection']
|
||||
- ['google', 'Member[genai].Member[types].Member[CreateCachedContentConfig].Argument[system_instruction:]', 'system-prompt-injection']
|
||||
- ['google', 'Member[genai].Member[types].Member[CreateCachedContentConfig].Argument[contents:]', 'user-prompt-injection']
|
||||
# User-level content
|
||||
- ['GoogleGenAI', 'Member[models].Member[generate_content,generate_content_stream].Argument[contents:]', 'user-prompt-injection']
|
||||
- ['GoogleGenAI', 'Member[models].Member[generate_images,generate_videos,edit_image].Argument[prompt:]', 'user-prompt-injection']
|
||||
@@ -18,4 +20,4 @@ extensions:
|
||||
pack: codeql/python-all
|
||||
extensible: typeModel
|
||||
data:
|
||||
- ['GoogleGenAI', 'google.genai', 'Member[Client].ReturnValue']
|
||||
- ['GoogleGenAI', 'google', 'Member[genai].Member[Client].ReturnValue']
|
||||
|
||||
@@ -5,17 +5,28 @@ extensions:
|
||||
data:
|
||||
# Message constructors. The first positional argument or the `content` keyword
|
||||
# carries the message text.
|
||||
- ['langchain_core.messages', 'Member[SystemMessage].Argument[0]', 'system-prompt-injection']
|
||||
- ['langchain_core.messages', 'Member[SystemMessage].Argument[content:]', 'system-prompt-injection']
|
||||
- ['langchain.schema', 'Member[SystemMessage].Argument[0]', 'system-prompt-injection']
|
||||
- ['langchain.schema', 'Member[SystemMessage].Argument[content:]', 'system-prompt-injection']
|
||||
- ['langchain_core.messages', 'Member[HumanMessage].Argument[0]', 'user-prompt-injection']
|
||||
- ['langchain_core.messages', 'Member[HumanMessage].Argument[content:]', 'user-prompt-injection']
|
||||
- ['langchain.schema', 'Member[HumanMessage].Argument[0]', 'user-prompt-injection']
|
||||
- ['langchain.schema', 'Member[HumanMessage].Argument[content:]', 'user-prompt-injection']
|
||||
- ['langchain_core', 'Member[messages].Member[SystemMessage].Argument[0]', 'system-prompt-injection']
|
||||
- ['langchain_core', 'Member[messages].Member[SystemMessage].Argument[content:]', 'system-prompt-injection']
|
||||
- ['langchain', 'Member[schema].Member[SystemMessage].Argument[0]', 'system-prompt-injection']
|
||||
- ['langchain', 'Member[schema].Member[SystemMessage].Argument[content:]', 'system-prompt-injection']
|
||||
- ['langchain_core', 'Member[messages].Member[HumanMessage].Argument[0]', 'user-prompt-injection']
|
||||
- ['langchain_core', 'Member[messages].Member[HumanMessage].Argument[content:]', 'user-prompt-injection']
|
||||
- ['langchain', 'Member[schema].Member[HumanMessage].Argument[0]', 'user-prompt-injection']
|
||||
- ['langchain', 'Member[schema].Member[HumanMessage].Argument[content:]', 'user-prompt-injection']
|
||||
# Invoking a chat model with user input.
|
||||
- ['LangChainChatModel', 'Member[invoke,stream,predict,call].Argument[0]', 'user-prompt-injection']
|
||||
- ['LangChainChatModel', 'Member[batch].Argument[0].ListElement', 'user-prompt-injection']
|
||||
- ['LangChainChatModel', 'Member[generate].Argument[0].ListElement.ListElement', 'user-prompt-injection']
|
||||
# Prompt templates. User input embedded directly into a template.
|
||||
- ['langchain_core', 'Member[prompts].Member[PromptTemplate].Instance.Member[format].Argument[any-named]', 'user-prompt-injection']
|
||||
# Legacy `LLMChain` and `AgentExecutor` take the user input in the `input` field.
|
||||
- ['LangChainLLMChain', 'Member[invoke].Argument[0].DictionaryElement[input]', 'user-prompt-injection']
|
||||
- ['LangChainLLMChain', 'Member[run].Argument[0]', 'user-prompt-injection']
|
||||
- ['LangChainAgentExecutor', 'Member[invoke].Argument[0].DictionaryElement[input]', 'user-prompt-injection']
|
||||
# The `system_prompt` passed to `create_agent` is a system-level prompt.
|
||||
- ['langchain', 'Member[agents].Member[create_agent].Argument[system_prompt:]', 'system-prompt-injection']
|
||||
# The messages passed to a `create_agent` graph are user-level content.
|
||||
- ['LangChainAgent', 'Member[invoke,stream].Argument[0].DictionaryElement[messages].ListElement.DictionaryElement[content]', 'user-prompt-injection']
|
||||
|
||||
- addsTo:
|
||||
pack: codeql/python-all
|
||||
@@ -29,3 +40,14 @@ extensions:
|
||||
- ['LangChainChatModel', 'langchain_cohere', 'Member[ChatCohere].ReturnValue']
|
||||
- ['LangChainChatModel', 'langchain_ollama', 'Member[ChatOllama].ReturnValue']
|
||||
- ['LangChainChatModel', 'langchain_aws', 'Member[ChatBedrock,ChatBedrockConverse].ReturnValue']
|
||||
- ['LangChainChatModel', 'langchain_fireworks', 'Member[ChatFireworks].ReturnValue']
|
||||
- ['LangChainChatModel', 'langchain_together', 'Member[ChatTogether].ReturnValue']
|
||||
- ['LangChainChatModel', 'langchain_xai', 'Member[ChatXAI].ReturnValue']
|
||||
- ['LangChainChatModel', 'langchain', 'Member[chat_models].Member[init_chat_model].ReturnValue']
|
||||
- ['LangChainLLMChain', 'langchain', 'Member[chains].Member[LLMChain].ReturnValue']
|
||||
- ['LangChainLLMChain', 'langchain_classic', 'Member[chains].Member[LLMChain].ReturnValue']
|
||||
- ['LangChainAgentExecutor', 'langchain', 'Member[agents].Member[AgentExecutor].ReturnValue']
|
||||
- ['LangChainAgentExecutor', 'langchain_classic', 'Member[agents].Member[AgentExecutor].ReturnValue']
|
||||
- ['LangChainAgentExecutor', 'langchain', 'Member[agents].Member[AgentExecutor].Member[from_agent_and_tools].ReturnValue']
|
||||
- ['LangChainAgentExecutor', 'langchain_classic', 'Member[agents].Member[AgentExecutor].Member[from_agent_and_tools].ReturnValue']
|
||||
- ['LangChainAgent', 'langchain', 'Member[agents].Member[create_agent].ReturnValue']
|
||||
|
||||
Reference in New Issue
Block a user