Give more explicit instructions in the codex prompt, but don't solicit rare sink types.

2026-05-24 08:07:07 +02:00 · 2022-12-19 09:31:15 -08:00
parent 01979aeb62
commit 459050151a
1 changed files with 1 additions and 1 deletions
--- a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/ModelPrompt.qll
+++ b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/ModelPrompt.qll
@@ -16,7 +16,7 @@ module ModelPrompt {
   */
  private string getTrainingSetPrompt() {
    result =
-      "# Make a markdown table that expertly classifies JavaScript code snippets as sinks or non-sinks. Include uncommon sinks and sinks from less-used libraries. Classify each snippet as a nosql injection sink, sql injection sink, xss sink, path injection sink, or non-sink.\n|Code snippet|Neighborhood|Classification|\n|---|---|---|\n|`WPUrls.ajaxurl`|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`|"
+      "# Make a markdown table that expertly classifies JavaScript code snippets as sinks or non-sinks for potential security vulnerabilities. Classify each snippet as a nosql injection sink, sql injection sink, xss sink, path injection sink, or non-sink.\n|Code snippet|Neighborhood|Classification|\n|---|---|---|\n|`WPUrls.ajaxurl`|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`|"
        + any(EndpointTypes::NegativeType endpointType).getDescription() +
        "|\n|`[ handlebars ]`|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`|"
        + any(EndpointTypes::TaintedPathSinkType endpointType).getDescription() +