mirror of
https://github.com/github/codeql.git
synced 2026-05-21 06:37:10 +02:00
add barrier when data flows into user messages for system prompt detection, remove embeddings from user prompt injection query
This commit is contained in:
BazookaMusic
@@ -19,5 +19,4 @@ extensions:
|
||||
- ["google-genai.Client", "Member[models].Member[generateVideos].Argument[0].Member[prompt]", "user-prompt-injection"]
|
||||
- ["google-genai.Client", "Member[chats].Member[create].ReturnValue.Member[sendMessage,sendMessageStream].Argument[0].Member[message]", "user-prompt-injection"]
|
||||
- ["google-genai.Client", "Member[chats].Member[create].ReturnValue.Member[sendMessage,sendMessageStream].Argument[0].Member[content]", "user-prompt-injection"]
|
||||
- ["google-genai.Client", "Member[models].Member[embedContent].Argument[0].Member[content]", "user-prompt-injection"]
|
||||
- ["google-genai.Client", "Member[interactions].Member[create].Argument[0].Member[input]", "user-prompt-injection"]
|
||||
|
||||
@@ -33,7 +33,7 @@ module Anthropic {
|
||||
// messages: [{ role: "assistant", content: "..." }]
|
||||
exists(API::Node msg |
|
||||
msg = messagesCreateParams().getMember("messages").getArrayElement() and
|
||||
msg.getMember("role").asSink().mayHaveStringValue("assistant")
|
||||
msg.getMember("role").asSink().mayHaveStringValue(["system", "assistant"])
|
||||
|
|
||||
result = msg.getMember("content")
|
||||
)
|
||||
@@ -47,7 +47,7 @@ module Anthropic {
|
||||
// messages: [{ role: "user", content: "..." }]
|
||||
exists(API::Node msg |
|
||||
msg = messagesCreateParams().getMember("messages").getArrayElement() and
|
||||
not msg.getMember("role").asSink().mayHaveStringValue("assistant")
|
||||
not msg.getMember("role").asSink().mayHaveStringValue(["system", "assistant"])
|
||||
|
|
||||
result = msg.getMember("content")
|
||||
)
|
||||
|
||||
@@ -33,7 +33,7 @@ module GoogleGenAI {
|
||||
.getParameter(0)
|
||||
.getMember("contents")
|
||||
.getArrayElement() and
|
||||
msg.getMember("role").asSink().mayHaveStringValue("model")
|
||||
msg.getMember("role").asSink().mayHaveStringValue(["system", "model"])
|
||||
|
|
||||
result = msg.getMember("parts").getArrayElement().getMember("text")
|
||||
)
|
||||
@@ -53,7 +53,7 @@ module GoogleGenAI {
|
||||
.getParameter(0)
|
||||
.getMember("contents")
|
||||
.getArrayElement() and
|
||||
not msg.getMember("role").asSink().mayHaveStringValue("model")
|
||||
not msg.getMember("role").asSink().mayHaveStringValue(["system", "model"])
|
||||
|
|
||||
result = msg.getMember("parts").getArrayElement().getMember("text")
|
||||
)
|
||||
|
||||
@@ -171,14 +171,6 @@ module OpenAI {
|
||||
.getParameter(0)
|
||||
.getMember("prompt")
|
||||
or
|
||||
// embeddings.create({ input: ... })
|
||||
result =
|
||||
clientsNoGuardrails()
|
||||
.getMember("embeddings")
|
||||
.getMember("create")
|
||||
.getParameter(0)
|
||||
.getMember("input")
|
||||
or
|
||||
// beta.threads.messages.create(threadId, { role: "user", content: ... })
|
||||
exists(API::Node msg |
|
||||
msg =
|
||||
|
||||
@@ -74,6 +74,24 @@ module SystemPromptInjection {
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Content placed in a message with `role: "user"` is not a system prompt
|
||||
* injection vector; it is intended user-role content.
|
||||
*
|
||||
* This prevents false positives when user input and system prompts are
|
||||
* combined in the same message array (e.g. `[{role:"system", content: ...},
|
||||
* {role:"user", content: tainted}]`) and taint would otherwise propagate
|
||||
* through array operations to the system message.
|
||||
*/
|
||||
private class UserRoleMessageContentBarrier extends Sanitizer {
|
||||
UserRoleMessageContentBarrier() {
|
||||
exists(DataFlow::SourceNode obj |
|
||||
obj.getAPropertySource("role").mayHaveStringValue("user") and
|
||||
this = obj.getAPropertyWrite("content").getRhs()
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* A comparison with a constant, considered as a sanitizer-guard.
|
||||
*/
|
||||
|
||||
@@ -33,6 +33,7 @@ edges
|
||||
| anthropic_test.js:8:9:8:15 | persona | anthropic_test.js:99:35:99:41 | persona | provenance | |
|
||||
| anthropic_test.js:8:9:8:15 | persona | anthropic_test.js:110:30:110:36 | persona | provenance | |
|
||||
| anthropic_test.js:8:9:8:15 | persona | anthropic_test.js:117:30:117:36 | persona | provenance | |
|
||||
| anthropic_test.js:8:9:8:15 | persona | anthropic_test.js:141:49:141:55 | persona | provenance | |
|
||||
| anthropic_test.js:8:19:8:35 | req.query.persona | anthropic_test.js:8:9:8:15 | persona | provenance | |
|
||||
| anthropic_test.js:17:30:17:36 | persona | anthropic_test.js:17:13:17:36 | "Talk l ... persona | provenance | |
|
||||
| anthropic_test.js:30:32:30:38 | persona | anthropic_test.js:30:15:30:38 | "Talk l ... persona | provenance | |
|
||||
@@ -42,6 +43,15 @@ edges
|
||||
| anthropic_test.js:99:35:99:41 | persona | anthropic_test.js:99:18:99:41 | "Talk l ... persona | provenance | |
|
||||
| anthropic_test.js:110:30:110:36 | persona | anthropic_test.js:110:13:110:36 | "Talk l ... persona | provenance | |
|
||||
| anthropic_test.js:117:30:117:36 | persona | anthropic_test.js:117:13:117:36 | "Talk l ... persona | provenance | |
|
||||
| anthropic_test.js:140:9:140:17 | messages2 [0, content] | anthropic_test.js:144:22:144:30 | messages2 [0, content] | provenance | |
|
||||
| anthropic_test.js:140:21:143:3 | [\\n { ... },\\n ] [0, content] | anthropic_test.js:140:9:140:17 | messages2 [0, content] | provenance | |
|
||||
| anthropic_test.js:141:5:141:57 | { role: ... rsona } [content] | anthropic_test.js:140:21:143:3 | [\\n { ... },\\n ] [0, content] | provenance | |
|
||||
| anthropic_test.js:141:32:141:55 | "Talk l ... persona | anthropic_test.js:141:5:141:57 | { role: ... rsona } [content] | provenance | |
|
||||
| anthropic_test.js:141:49:141:55 | persona | anthropic_test.js:141:32:141:55 | "Talk l ... persona | provenance | |
|
||||
| anthropic_test.js:144:9:144:18 | systemMsg2 [content] | anthropic_test.js:148:13:148:22 | systemMsg2 [content] | provenance | |
|
||||
| anthropic_test.js:144:22:144:30 | messages2 [0, content] | anthropic_test.js:144:22:144:63 | message ... ystem") [content] | provenance | |
|
||||
| anthropic_test.js:144:22:144:63 | message ... ystem") [content] | anthropic_test.js:144:9:144:18 | systemMsg2 [content] | provenance | |
|
||||
| anthropic_test.js:148:13:148:22 | systemMsg2 [content] | anthropic_test.js:148:13:148:30 | systemMsg2.content | provenance | |
|
||||
| gemini_test.js:8:9:8:15 | persona | gemini_test.js:18:43:18:49 | persona | provenance | |
|
||||
| gemini_test.js:8:9:8:15 | persona | gemini_test.js:30:42:30:48 | persona | provenance | |
|
||||
| gemini_test.js:8:9:8:15 | persona | gemini_test.js:59:43:59:49 | persona | provenance | |
|
||||
@@ -62,11 +72,11 @@ edges
|
||||
| openai_test.js:11:9:11:15 | persona | openai_test.js:83:35:83:41 | persona | provenance | |
|
||||
| openai_test.js:11:9:11:15 | persona | openai_test.js:97:36:97:42 | persona | provenance | |
|
||||
| openai_test.js:11:9:11:15 | persona | openai_test.js:110:35:110:41 | persona | provenance | |
|
||||
| openai_test.js:11:9:11:15 | persona | openai_test.js:149:36:149:42 | persona | provenance | |
|
||||
| openai_test.js:11:9:11:15 | persona | openai_test.js:160:36:160:42 | persona | provenance | |
|
||||
| openai_test.js:11:9:11:15 | persona | openai_test.js:166:52:166:58 | persona | provenance | |
|
||||
| openai_test.js:11:9:11:15 | persona | openai_test.js:172:31:172:37 | persona | provenance | |
|
||||
| openai_test.js:11:9:11:15 | persona | openai_test.js:200:49:200:55 | persona | provenance | |
|
||||
| openai_test.js:11:9:11:15 | persona | openai_test.js:141:36:141:42 | persona | provenance | |
|
||||
| openai_test.js:11:9:11:15 | persona | openai_test.js:152:36:152:42 | persona | provenance | |
|
||||
| openai_test.js:11:9:11:15 | persona | openai_test.js:158:52:158:58 | persona | provenance | |
|
||||
| openai_test.js:11:9:11:15 | persona | openai_test.js:164:31:164:37 | persona | provenance | |
|
||||
| openai_test.js:11:9:11:15 | persona | openai_test.js:192:49:192:55 | persona | provenance | |
|
||||
| openai_test.js:11:19:11:35 | req.query.persona | openai_test.js:11:9:11:15 | persona | provenance | |
|
||||
| openai_test.js:19:36:19:42 | persona | openai_test.js:19:19:19:42 | "Talk l ... persona | provenance | |
|
||||
| openai_test.js:29:35:29:41 | persona | openai_test.js:29:18:29:41 | "Talk l ... persona | provenance | |
|
||||
@@ -75,11 +85,11 @@ edges
|
||||
| openai_test.js:83:35:83:41 | persona | openai_test.js:83:18:83:41 | "Talk l ... persona | provenance | |
|
||||
| openai_test.js:97:36:97:42 | persona | openai_test.js:97:19:97:42 | "Talk l ... persona | provenance | |
|
||||
| openai_test.js:110:35:110:41 | persona | openai_test.js:110:18:110:41 | "Talk l ... persona | provenance | |
|
||||
| openai_test.js:149:36:149:42 | persona | openai_test.js:149:19:149:42 | "Talk l ... persona | provenance | |
|
||||
| openai_test.js:160:36:160:42 | persona | openai_test.js:160:19:160:42 | "Talk l ... persona | provenance | |
|
||||
| openai_test.js:166:52:166:58 | persona | openai_test.js:166:30:166:58 | "Also t ... persona | provenance | |
|
||||
| openai_test.js:172:31:172:37 | persona | openai_test.js:172:14:172:37 | "Talk l ... persona | provenance | |
|
||||
| openai_test.js:200:49:200:55 | persona | openai_test.js:200:32:200:55 | "Talk l ... persona | provenance | |
|
||||
| openai_test.js:141:36:141:42 | persona | openai_test.js:141:19:141:42 | "Talk l ... persona | provenance | |
|
||||
| openai_test.js:152:36:152:42 | persona | openai_test.js:152:19:152:42 | "Talk l ... persona | provenance | |
|
||||
| openai_test.js:158:52:158:58 | persona | openai_test.js:158:30:158:58 | "Also t ... persona | provenance | |
|
||||
| openai_test.js:164:31:164:37 | persona | openai_test.js:164:14:164:37 | "Talk l ... persona | provenance | |
|
||||
| openai_test.js:192:49:192:55 | persona | openai_test.js:192:32:192:55 | "Talk l ... persona | provenance | |
|
||||
nodes
|
||||
| agents_test.js:8:9:8:15 | persona | semmle.label | persona |
|
||||
| agents_test.js:8:19:8:35 | req.query.persona | semmle.label | req.query.persona |
|
||||
@@ -120,6 +130,16 @@ nodes
|
||||
| anthropic_test.js:110:30:110:36 | persona | semmle.label | persona |
|
||||
| anthropic_test.js:117:13:117:36 | "Talk l ... persona | semmle.label | "Talk l ... persona |
|
||||
| anthropic_test.js:117:30:117:36 | persona | semmle.label | persona |
|
||||
| anthropic_test.js:140:9:140:17 | messages2 [0, content] | semmle.label | messages2 [0, content] |
|
||||
| anthropic_test.js:140:21:143:3 | [\\n { ... },\\n ] [0, content] | semmle.label | [\\n { ... },\\n ] [0, content] |
|
||||
| anthropic_test.js:141:5:141:57 | { role: ... rsona } [content] | semmle.label | { role: ... rsona } [content] |
|
||||
| anthropic_test.js:141:32:141:55 | "Talk l ... persona | semmle.label | "Talk l ... persona |
|
||||
| anthropic_test.js:141:49:141:55 | persona | semmle.label | persona |
|
||||
| anthropic_test.js:144:9:144:18 | systemMsg2 [content] | semmle.label | systemMsg2 [content] |
|
||||
| anthropic_test.js:144:22:144:30 | messages2 [0, content] | semmle.label | messages2 [0, content] |
|
||||
| anthropic_test.js:144:22:144:63 | message ... ystem") [content] | semmle.label | message ... ystem") [content] |
|
||||
| anthropic_test.js:148:13:148:22 | systemMsg2 [content] | semmle.label | systemMsg2 [content] |
|
||||
| anthropic_test.js:148:13:148:30 | systemMsg2.content | semmle.label | systemMsg2.content |
|
||||
| gemini_test.js:8:9:8:15 | persona | semmle.label | persona |
|
||||
| gemini_test.js:8:19:8:35 | req.query.persona | semmle.label | req.query.persona |
|
||||
| gemini_test.js:18:26:18:49 | "Talk l ... persona | semmle.label | "Talk l ... persona |
|
||||
@@ -150,16 +170,16 @@ nodes
|
||||
| openai_test.js:97:36:97:42 | persona | semmle.label | persona |
|
||||
| openai_test.js:110:18:110:41 | "Talk l ... persona | semmle.label | "Talk l ... persona |
|
||||
| openai_test.js:110:35:110:41 | persona | semmle.label | persona |
|
||||
| openai_test.js:149:19:149:42 | "Talk l ... persona | semmle.label | "Talk l ... persona |
|
||||
| openai_test.js:149:36:149:42 | persona | semmle.label | persona |
|
||||
| openai_test.js:160:19:160:42 | "Talk l ... persona | semmle.label | "Talk l ... persona |
|
||||
| openai_test.js:160:36:160:42 | persona | semmle.label | persona |
|
||||
| openai_test.js:166:30:166:58 | "Also t ... persona | semmle.label | "Also t ... persona |
|
||||
| openai_test.js:166:52:166:58 | persona | semmle.label | persona |
|
||||
| openai_test.js:172:14:172:37 | "Talk l ... persona | semmle.label | "Talk l ... persona |
|
||||
| openai_test.js:172:31:172:37 | persona | semmle.label | persona |
|
||||
| openai_test.js:200:32:200:55 | "Talk l ... persona | semmle.label | "Talk l ... persona |
|
||||
| openai_test.js:200:49:200:55 | persona | semmle.label | persona |
|
||||
| openai_test.js:141:19:141:42 | "Talk l ... persona | semmle.label | "Talk l ... persona |
|
||||
| openai_test.js:141:36:141:42 | persona | semmle.label | persona |
|
||||
| openai_test.js:152:19:152:42 | "Talk l ... persona | semmle.label | "Talk l ... persona |
|
||||
| openai_test.js:152:36:152:42 | persona | semmle.label | persona |
|
||||
| openai_test.js:158:30:158:58 | "Also t ... persona | semmle.label | "Also t ... persona |
|
||||
| openai_test.js:158:52:158:58 | persona | semmle.label | persona |
|
||||
| openai_test.js:164:14:164:37 | "Talk l ... persona | semmle.label | "Talk l ... persona |
|
||||
| openai_test.js:164:31:164:37 | persona | semmle.label | persona |
|
||||
| openai_test.js:192:32:192:55 | "Talk l ... persona | semmle.label | "Talk l ... persona |
|
||||
| openai_test.js:192:49:192:55 | persona | semmle.label | persona |
|
||||
subpaths
|
||||
#select
|
||||
| agents_test.js:16:19:16:42 | "Talk l ... persona | agents_test.js:8:19:8:35 | req.query.persona | agents_test.js:16:19:16:42 | "Talk l ... persona | This prompt construction depends on a $@. | agents_test.js:8:19:8:35 | req.query.persona | user-provided value |
|
||||
@@ -179,6 +199,7 @@ subpaths
|
||||
| anthropic_test.js:99:18:99:41 | "Talk l ... persona | anthropic_test.js:8:19:8:35 | req.query.persona | anthropic_test.js:99:18:99:41 | "Talk l ... persona | This prompt construction depends on a $@. | anthropic_test.js:8:19:8:35 | req.query.persona | user-provided value |
|
||||
| anthropic_test.js:110:13:110:36 | "Talk l ... persona | anthropic_test.js:8:19:8:35 | req.query.persona | anthropic_test.js:110:13:110:36 | "Talk l ... persona | This prompt construction depends on a $@. | anthropic_test.js:8:19:8:35 | req.query.persona | user-provided value |
|
||||
| anthropic_test.js:117:13:117:36 | "Talk l ... persona | anthropic_test.js:8:19:8:35 | req.query.persona | anthropic_test.js:117:13:117:36 | "Talk l ... persona | This prompt construction depends on a $@. | anthropic_test.js:8:19:8:35 | req.query.persona | user-provided value |
|
||||
| anthropic_test.js:148:13:148:30 | systemMsg2.content | anthropic_test.js:8:19:8:35 | req.query.persona | anthropic_test.js:148:13:148:30 | systemMsg2.content | This prompt construction depends on a $@. | anthropic_test.js:8:19:8:35 | req.query.persona | user-provided value |
|
||||
| gemini_test.js:18:26:18:49 | "Talk l ... persona | gemini_test.js:8:19:8:35 | req.query.persona | gemini_test.js:18:26:18:49 | "Talk l ... persona | This prompt construction depends on a $@. | gemini_test.js:8:19:8:35 | req.query.persona | user-provided value |
|
||||
| gemini_test.js:30:25:30:48 | "Talk l ... persona | gemini_test.js:8:19:8:35 | req.query.persona | gemini_test.js:30:25:30:48 | "Talk l ... persona | This prompt construction depends on a $@. | gemini_test.js:8:19:8:35 | req.query.persona | user-provided value |
|
||||
| gemini_test.js:59:26:59:49 | "Talk l ... persona | gemini_test.js:8:19:8:35 | req.query.persona | gemini_test.js:59:26:59:49 | "Talk l ... persona | This prompt construction depends on a $@. | gemini_test.js:8:19:8:35 | req.query.persona | user-provided value |
|
||||
@@ -192,8 +213,8 @@ subpaths
|
||||
| openai_test.js:83:18:83:41 | "Talk l ... persona | openai_test.js:11:19:11:35 | req.query.persona | openai_test.js:83:18:83:41 | "Talk l ... persona | This prompt construction depends on a $@. | openai_test.js:11:19:11:35 | req.query.persona | user-provided value |
|
||||
| openai_test.js:97:19:97:42 | "Talk l ... persona | openai_test.js:11:19:11:35 | req.query.persona | openai_test.js:97:19:97:42 | "Talk l ... persona | This prompt construction depends on a $@. | openai_test.js:11:19:11:35 | req.query.persona | user-provided value |
|
||||
| openai_test.js:110:18:110:41 | "Talk l ... persona | openai_test.js:11:19:11:35 | req.query.persona | openai_test.js:110:18:110:41 | "Talk l ... persona | This prompt construction depends on a $@. | openai_test.js:11:19:11:35 | req.query.persona | user-provided value |
|
||||
| openai_test.js:149:19:149:42 | "Talk l ... persona | openai_test.js:11:19:11:35 | req.query.persona | openai_test.js:149:19:149:42 | "Talk l ... persona | This prompt construction depends on a $@. | openai_test.js:11:19:11:35 | req.query.persona | user-provided value |
|
||||
| openai_test.js:160:19:160:42 | "Talk l ... persona | openai_test.js:11:19:11:35 | req.query.persona | openai_test.js:160:19:160:42 | "Talk l ... persona | This prompt construction depends on a $@. | openai_test.js:11:19:11:35 | req.query.persona | user-provided value |
|
||||
| openai_test.js:166:30:166:58 | "Also t ... persona | openai_test.js:11:19:11:35 | req.query.persona | openai_test.js:166:30:166:58 | "Also t ... persona | This prompt construction depends on a $@. | openai_test.js:11:19:11:35 | req.query.persona | user-provided value |
|
||||
| openai_test.js:172:14:172:37 | "Talk l ... persona | openai_test.js:11:19:11:35 | req.query.persona | openai_test.js:172:14:172:37 | "Talk l ... persona | This prompt construction depends on a $@. | openai_test.js:11:19:11:35 | req.query.persona | user-provided value |
|
||||
| openai_test.js:200:32:200:55 | "Talk l ... persona | openai_test.js:11:19:11:35 | req.query.persona | openai_test.js:200:32:200:55 | "Talk l ... persona | This prompt construction depends on a $@. | openai_test.js:11:19:11:35 | req.query.persona | user-provided value |
|
||||
| openai_test.js:141:19:141:42 | "Talk l ... persona | openai_test.js:11:19:11:35 | req.query.persona | openai_test.js:141:19:141:42 | "Talk l ... persona | This prompt construction depends on a $@. | openai_test.js:11:19:11:35 | req.query.persona | user-provided value |
|
||||
| openai_test.js:152:19:152:42 | "Talk l ... persona | openai_test.js:11:19:11:35 | req.query.persona | openai_test.js:152:19:152:42 | "Talk l ... persona | This prompt construction depends on a $@. | openai_test.js:11:19:11:35 | req.query.persona | user-provided value |
|
||||
| openai_test.js:158:30:158:58 | "Also t ... persona | openai_test.js:11:19:11:35 | req.query.persona | openai_test.js:158:30:158:58 | "Also t ... persona | This prompt construction depends on a $@. | openai_test.js:11:19:11:35 | req.query.persona | user-provided value |
|
||||
| openai_test.js:164:14:164:37 | "Talk l ... persona | openai_test.js:11:19:11:35 | req.query.persona | openai_test.js:164:14:164:37 | "Talk l ... persona | This prompt construction depends on a $@. | openai_test.js:11:19:11:35 | req.query.persona | user-provided value |
|
||||
| openai_test.js:192:32:192:55 | "Talk l ... persona | openai_test.js:11:19:11:35 | req.query.persona | openai_test.js:192:32:192:55 | "Talk l ... persona | This prompt construction depends on a $@. | openai_test.js:11:19:11:35 | req.query.persona | user-provided value |
|
||||
|
||||
@@ -117,6 +117,38 @@ app.get("/test", async (req, res) => {
|
||||
system: "Talk like a " + persona, // $ Alert[js/prompt-injection]
|
||||
});
|
||||
|
||||
// === Barrier: user-role content in shared message array ===
|
||||
|
||||
// SHOULD NOT ALERT — user input placed in { role: "user" } should not
|
||||
// taint system messages extracted from the same array.
|
||||
const messages = [
|
||||
{ role: "system", content: "You are a helpful assistant" },
|
||||
{ role: "user", content: query }, // OK - user role barrier
|
||||
];
|
||||
const systemMsg = messages.find((m) => m.role === "system");
|
||||
const m6 = await client.messages.create({
|
||||
model: "claude-sonnet-4-20250514",
|
||||
max_tokens: 1024,
|
||||
system: systemMsg.content,
|
||||
messages: [{ role: "user", content: query }],
|
||||
});
|
||||
|
||||
// === Barrier does NOT suppress: tainted value in system role ===
|
||||
|
||||
// SHOULD ALERT — tainted data goes into system role; barrier on user role
|
||||
// must not suppress the system-role taint path.
|
||||
const messages2 = [
|
||||
{ role: "system", content: "Talk like a " + persona }, // $ Alert[js/prompt-injection]
|
||||
{ role: "user", content: query },
|
||||
];
|
||||
const systemMsg2 = messages2.find((m) => m.role === "system");
|
||||
const m7 = await client.messages.create({
|
||||
model: "claude-sonnet-4-20250514",
|
||||
max_tokens: 1024,
|
||||
system: systemMsg2.content,
|
||||
messages: [{ role: "user", content: query }],
|
||||
});
|
||||
|
||||
// === Sanitizer: constant comparison ===
|
||||
|
||||
// SHOULD NOT ALERT
|
||||
|
||||
@@ -132,14 +132,6 @@ app.get("/test", async (req, res) => {
|
||||
prompt: "Edit to look like " + persona, // $ Alert[js/prompt-injection]
|
||||
});
|
||||
|
||||
// === Embeddings API ===
|
||||
|
||||
// embeddings.create (SHOULD ALERT)
|
||||
const e1 = await client.embeddings.create({
|
||||
model: "text-embedding-3-small",
|
||||
input: "Embed this: " + persona, // $ Alert[js/prompt-injection]
|
||||
});
|
||||
|
||||
// === Assistants API (beta) ===
|
||||
|
||||
// assistants.create (SHOULD ALERT)
|
||||
|
||||
@@ -16,12 +16,11 @@ edges
|
||||
| openai_user_test.js:14:9:14:17 | userInput | openai_user_test.js:66:13:66:21 | userInput | provenance | |
|
||||
| openai_user_test.js:14:9:14:17 | userInput | openai_user_test.js:71:13:71:21 | userInput | provenance | |
|
||||
| openai_user_test.js:14:9:14:17 | userInput | openai_user_test.js:75:13:75:21 | userInput | provenance | |
|
||||
| openai_user_test.js:14:9:14:17 | userInput | openai_user_test.js:81:12:81:20 | userInput | provenance | |
|
||||
| openai_user_test.js:14:9:14:17 | userInput | openai_user_test.js:82:13:82:21 | userInput | provenance | |
|
||||
| openai_user_test.js:14:9:14:17 | userInput | openai_user_test.js:88:13:88:21 | userInput | provenance | |
|
||||
| openai_user_test.js:14:9:14:17 | userInput | openai_user_test.js:94:13:94:21 | userInput | provenance | |
|
||||
| openai_user_test.js:14:9:14:17 | userInput | openai_user_test.js:100:14:100:22 | userInput | provenance | |
|
||||
| openai_user_test.js:14:9:14:17 | userInput | openai_user_test.js:106:12:106:20 | userInput | provenance | |
|
||||
| openai_user_test.js:14:9:14:17 | userInput | openai_user_test.js:153:12:153:20 | userInput | provenance | |
|
||||
| openai_user_test.js:14:9:14:17 | userInput | openai_user_test.js:94:14:94:22 | userInput | provenance | |
|
||||
| openai_user_test.js:14:9:14:17 | userInput | openai_user_test.js:100:12:100:20 | userInput | provenance | |
|
||||
| openai_user_test.js:14:9:14:17 | userInput | openai_user_test.js:147:12:147:20 | userInput | provenance | |
|
||||
| openai_user_test.js:14:21:14:39 | req.query.userInput | openai_user_test.js:14:9:14:17 | userInput | provenance | |
|
||||
nodes
|
||||
| anthropic_user_test.js:8:9:8:17 | userInput | semmle.label | userInput |
|
||||
@@ -45,12 +44,11 @@ nodes
|
||||
| openai_user_test.js:66:13:66:21 | userInput | semmle.label | userInput |
|
||||
| openai_user_test.js:71:13:71:21 | userInput | semmle.label | userInput |
|
||||
| openai_user_test.js:75:13:75:21 | userInput | semmle.label | userInput |
|
||||
| openai_user_test.js:81:12:81:20 | userInput | semmle.label | userInput |
|
||||
| openai_user_test.js:82:13:82:21 | userInput | semmle.label | userInput |
|
||||
| openai_user_test.js:88:13:88:21 | userInput | semmle.label | userInput |
|
||||
| openai_user_test.js:94:13:94:21 | userInput | semmle.label | userInput |
|
||||
| openai_user_test.js:100:14:100:22 | userInput | semmle.label | userInput |
|
||||
| openai_user_test.js:106:12:106:20 | userInput | semmle.label | userInput |
|
||||
| openai_user_test.js:153:12:153:20 | userInput | semmle.label | userInput |
|
||||
| openai_user_test.js:94:14:94:22 | userInput | semmle.label | userInput |
|
||||
| openai_user_test.js:100:12:100:20 | userInput | semmle.label | userInput |
|
||||
| openai_user_test.js:147:12:147:20 | userInput | semmle.label | userInput |
|
||||
subpaths
|
||||
#select
|
||||
| anthropic_user_test.js:18:18:18:26 | userInput | anthropic_user_test.js:8:21:8:39 | req.query.userInput | anthropic_user_test.js:18:18:18:26 | userInput | This prompt construction depends on a $@. | anthropic_user_test.js:8:21:8:39 | req.query.userInput | user-provided value |
|
||||
@@ -68,9 +66,8 @@ subpaths
|
||||
| openai_user_test.js:66:13:66:21 | userInput | openai_user_test.js:14:21:14:39 | req.query.userInput | openai_user_test.js:66:13:66:21 | userInput | This prompt construction depends on a $@. | openai_user_test.js:14:21:14:39 | req.query.userInput | user-provided value |
|
||||
| openai_user_test.js:71:13:71:21 | userInput | openai_user_test.js:14:21:14:39 | req.query.userInput | openai_user_test.js:71:13:71:21 | userInput | This prompt construction depends on a $@. | openai_user_test.js:14:21:14:39 | req.query.userInput | user-provided value |
|
||||
| openai_user_test.js:75:13:75:21 | userInput | openai_user_test.js:14:21:14:39 | req.query.userInput | openai_user_test.js:75:13:75:21 | userInput | This prompt construction depends on a $@. | openai_user_test.js:14:21:14:39 | req.query.userInput | user-provided value |
|
||||
| openai_user_test.js:81:12:81:20 | userInput | openai_user_test.js:14:21:14:39 | req.query.userInput | openai_user_test.js:81:12:81:20 | userInput | This prompt construction depends on a $@. | openai_user_test.js:14:21:14:39 | req.query.userInput | user-provided value |
|
||||
| openai_user_test.js:82:13:82:21 | userInput | openai_user_test.js:14:21:14:39 | req.query.userInput | openai_user_test.js:82:13:82:21 | userInput | This prompt construction depends on a $@. | openai_user_test.js:14:21:14:39 | req.query.userInput | user-provided value |
|
||||
| openai_user_test.js:88:13:88:21 | userInput | openai_user_test.js:14:21:14:39 | req.query.userInput | openai_user_test.js:88:13:88:21 | userInput | This prompt construction depends on a $@. | openai_user_test.js:14:21:14:39 | req.query.userInput | user-provided value |
|
||||
| openai_user_test.js:94:13:94:21 | userInput | openai_user_test.js:14:21:14:39 | req.query.userInput | openai_user_test.js:94:13:94:21 | userInput | This prompt construction depends on a $@. | openai_user_test.js:14:21:14:39 | req.query.userInput | user-provided value |
|
||||
| openai_user_test.js:100:14:100:22 | userInput | openai_user_test.js:14:21:14:39 | req.query.userInput | openai_user_test.js:100:14:100:22 | userInput | This prompt construction depends on a $@. | openai_user_test.js:14:21:14:39 | req.query.userInput | user-provided value |
|
||||
| openai_user_test.js:106:12:106:20 | userInput | openai_user_test.js:14:21:14:39 | req.query.userInput | openai_user_test.js:106:12:106:20 | userInput | This prompt construction depends on a $@. | openai_user_test.js:14:21:14:39 | req.query.userInput | user-provided value |
|
||||
| openai_user_test.js:153:12:153:20 | userInput | openai_user_test.js:14:21:14:39 | req.query.userInput | openai_user_test.js:153:12:153:20 | userInput | This prompt construction depends on a $@. | openai_user_test.js:14:21:14:39 | req.query.userInput | user-provided value |
|
||||
| openai_user_test.js:94:14:94:22 | userInput | openai_user_test.js:14:21:14:39 | req.query.userInput | openai_user_test.js:94:14:94:22 | userInput | This prompt construction depends on a $@. | openai_user_test.js:14:21:14:39 | req.query.userInput | user-provided value |
|
||||
| openai_user_test.js:100:12:100:20 | userInput | openai_user_test.js:14:21:14:39 | req.query.userInput | openai_user_test.js:100:12:100:20 | userInput | This prompt construction depends on a $@. | openai_user_test.js:14:21:14:39 | req.query.userInput | user-provided value |
|
||||
| openai_user_test.js:147:12:147:20 | userInput | openai_user_test.js:14:21:14:39 | req.query.userInput | openai_user_test.js:147:12:147:20 | userInput | This prompt construction depends on a $@. | openai_user_test.js:14:21:14:39 | req.query.userInput | user-provided value |
|
||||
|
||||
@@ -75,12 +75,6 @@ app.get("/test", async (req, res) => {
|
||||
prompt: userInput, // $ Alert[js/user-prompt-injection]
|
||||
});
|
||||
|
||||
// Embeddings API
|
||||
await client.embeddings.create({
|
||||
model: "text-embedding-3-small",
|
||||
input: userInput, // $ Alert[js/user-prompt-injection]
|
||||
});
|
||||
|
||||
// Audio API
|
||||
await client.audio.transcriptions.create({
|
||||
file: "audio.mp3",
|
||||
|
||||
Reference in New Issue
Block a user