From 61be37d718bcd30500ccb5570507087e6f64cee9 Mon Sep 17 00:00:00 2001
From: BazookaMusic <bazookamusic@github.com>
Date: Mon, 8 Jun 2026 12:15:50 +0200
Subject: [PATCH] Formatting

---
 .../javascript/frameworks/Anthropic.qll       |  9 +++-----
 .../javascript/frameworks/GoogleGenAI.qll     |  3 +--
 .../semmle/javascript/frameworks/OpenAI.qll   | 23 ++++---------------
 .../javascript/frameworks/OpenRouter.qll      |  3 ++-
 .../SystemPromptInjectionCustomizations.qll   | 19 ++++-----------
 .../UserPromptInjectionCustomizations.qll     | 21 +++++------------
 6 files changed, 22 insertions(+), 56 deletions(-)

diff --git a/javascript/ql/lib/semmle/javascript/frameworks/Anthropic.qll b/javascript/ql/lib/semmle/javascript/frameworks/Anthropic.qll
index 30e5f2e91b1..51bc6a74dc7 100644
--- a/javascript/ql/lib/semmle/javascript/frameworks/Anthropic.qll
+++ b/javascript/ql/lib/semmle/javascript/frameworks/Anthropic.qll
@@ -13,16 +13,13 @@ private import javascript
 
 module Anthropic {
   /** Gets a reference to the `Anthropic` client instance. */
-  private API::Node classRef() {
-    result = API::moduleImport("@anthropic-ai/sdk").getInstance()
-  }
+  private API::Node classRef() { result = API::moduleImport("@anthropic-ai/sdk").getInstance() }
 
   /** Gets a reference to the messages.create params (both stable and beta). */
   private API::Node messagesCreateParams() {
     result = classRef().getMember("messages").getMember("create").getParameter(0)
     or
-    result =
-      classRef().getMember("beta").getMember("messages").getMember("create").getParameter(0)
+    result = classRef().getMember("beta").getMember("messages").getMember("create").getParameter(0)
   }
 
   /**
@@ -52,4 +49,4 @@ module Anthropic {
       result = msg.getMember("content")
     )
   }
-}
\ No newline at end of file
+}
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/GoogleGenAI.qll b/javascript/ql/lib/semmle/javascript/frameworks/GoogleGenAI.qll
index 83f470f2e23..aed244d6a86 100644
--- a/javascript/ql/lib/semmle/javascript/frameworks/GoogleGenAI.qll
+++ b/javascript/ql/lib/semmle/javascript/frameworks/GoogleGenAI.qll
@@ -14,8 +14,7 @@ private import javascript
 module GoogleGenAI {
   /** Gets a reference to the `GoogleGenAI` client instance. */
   private API::Node clientRef() {
-    result =
-      API::moduleImport("@google/genai").getMember("GoogleGenAI").getInstance()
+    result = API::moduleImport("@google/genai").getMember("GoogleGenAI").getInstance()
   }
 
   /**
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/OpenAI.qll b/javascript/ql/lib/semmle/javascript/frameworks/OpenAI.qll
index b544ced00ab..999fae24b79 100644
--- a/javascript/ql/lib/semmle/javascript/frameworks/OpenAI.qll
+++ b/javascript/ql/lib/semmle/javascript/frameworks/OpenAI.qll
@@ -225,17 +225,11 @@ module AgentSDK {
    */
   API::Node getSystemOrAssistantPromptNode() {
     // Agent({ instructions: (runContext) => returnValue }) — callback form
-    result = moduleRef()
-        .getMember("Agent")
-        .getParameter(0)
-        .getMember("instructions")
-        .getReturn()
+    result = moduleRef().getMember("Agent").getParameter(0).getMember("instructions").getReturn()
     or
     // run(agent, [{ role: "system"/"developer", content: ... }])
     exists(API::Node msg |
-      msg = run()
-          .getParameter(1)
-          .getArrayElement() and
+      msg = run().getParameter(1).getArrayElement() and
       isSystemOrDevMessage(msg)
     |
       result = msg.getMember("content")
@@ -270,18 +264,11 @@ module AgentSDK {
     or
     // GuardrailAgent.create(config, ...) without input/pre_flight guardrails
     exists(API::Node createCall |
-      createCall =
-        moduleRef()
-            .getMember("GuardrailAgent")
-            .getMember("create") and
+      createCall = moduleRef().getMember("GuardrailAgent").getMember("create") and
       result = createCall.getParameter(0) and
       exists(result.getMember("version")) and
-      not exists(
-        result.getMember("input").getMember("guardrails").getArrayElement()
-      ) and
-      not exists(
-        result.getMember("pre_flight").getMember("guardrails").getArrayElement()
-      )
+      not exists(result.getMember("input").getMember("guardrails").getArrayElement()) and
+      not exists(result.getMember("pre_flight").getMember("guardrails").getArrayElement())
     )
   }
 }
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/OpenRouter.qll b/javascript/ql/lib/semmle/javascript/frameworks/OpenRouter.qll
index b6d37b768d5..ec84e718a00 100644
--- a/javascript/ql/lib/semmle/javascript/frameworks/OpenRouter.qll
+++ b/javascript/ql/lib/semmle/javascript/frameworks/OpenRouter.qll
@@ -91,7 +91,8 @@ module OpenRouterAgent {
     result = moduleRef().getMember("callModel").getParameter(0)
     or
     // import { OpenRouter } from '@openrouter/agent'; new OpenRouter(...).callModel({ ... })
-    result = moduleRef().getMember("OpenRouter").getInstance().getMember("callModel").getParameter(0)
+    result =
+      moduleRef().getMember("OpenRouter").getInstance().getMember("callModel").getParameter(0)
   }
 
   /**
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/SystemPromptInjectionCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/SystemPromptInjectionCustomizations.qll
index f0a16673b54..e714b82715a 100644
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/SystemPromptInjectionCustomizations.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/SystemPromptInjectionCustomizations.qll
@@ -5,7 +5,6 @@
  */
 
 import javascript
-
 private import semmle.javascript.dataflow.DataFlow
 private import semmle.javascript.Concepts
 private import semmle.javascript.security.dataflow.RemoteFlowSources
@@ -40,8 +39,7 @@ module SystemPromptInjection {
   /**
    * An active threat-model source, considered as a flow source.
    */
-  private class ActiveThreatModelSourceAsSource extends Source, ActiveThreatModelSource {
-  }
+  private class ActiveThreatModelSourceAsSource extends Source, ActiveThreatModelSource { }
 
   /**
    * A prompt to an AI model, considered as a flow sink.
@@ -51,9 +49,7 @@ module SystemPromptInjection {
   }
 
   private class SinkFromModel extends Sink {
-    SinkFromModel() {
-      this = ModelOutput::getASinkNode("system-prompt-injection").asSink()
-    }
+    SinkFromModel() { this = ModelOutput::getASinkNode("system-prompt-injection").asSink() }
   }
 
   private class PromptContentSink extends Sink {
@@ -73,8 +69,7 @@ module SystemPromptInjection {
   }
 
   private class ConstCompareAsSanitizerGuard extends Sanitizer {
-    ConstCompareAsSanitizerGuard()
-    {
+    ConstCompareAsSanitizerGuard() {
       this = DataFlow::MakeBarrierGuard<ConstCompareBarrierGuard>::getABarrierNode()
     }
   }
@@ -100,14 +95,10 @@ module SystemPromptInjection {
   /**
    * A comparison with a constant, considered as a sanitizer-guard.
    */
-  private class ConstCompareBarrierGuard extends DataFlow::ValueNode
-  {
+  private class ConstCompareBarrierGuard extends DataFlow::ValueNode {
     override EqualityTest astNode;
 
-    ConstCompareBarrierGuard()
-    {
-      astNode.hasOperands(_, any(ConstantString cs))
-    }
+    ConstCompareBarrierGuard() { astNode.hasOperands(_, any(ConstantString cs)) }
 
     predicate blocksExpr(boolean outcome, Expr e) {
       outcome = astNode.getPolarity() and
diff --git a/javascript/ql/src/experimental/semmle/javascript/security/PromptInjection/UserPromptInjectionCustomizations.qll b/javascript/ql/src/experimental/semmle/javascript/security/PromptInjection/UserPromptInjectionCustomizations.qll
index f6ecfb22477..b0ba9375009 100644
--- a/javascript/ql/src/experimental/semmle/javascript/security/PromptInjection/UserPromptInjectionCustomizations.qll
+++ b/javascript/ql/src/experimental/semmle/javascript/security/PromptInjection/UserPromptInjectionCustomizations.qll
@@ -5,7 +5,6 @@
  */
 
 import javascript
-
 private import semmle.javascript.dataflow.DataFlow
 private import semmle.javascript.Concepts
 private import semmle.javascript.security.dataflow.RemoteFlowSources
@@ -30,8 +29,7 @@ module UserPromptInjection {
   /**
    * A data flow sink for "user prompt injection" vulnerabilities.
    */
-  abstract class Sink extends DataFlow::Node { 
-  }
+  abstract class Sink extends DataFlow::Node { }
 
   /**
    * A sanitizer for "user prompt injection" vulnerabilities.
@@ -41,8 +39,7 @@ module UserPromptInjection {
   /**
    * An active threat-model source, considered as a flow source.
    */
-  private class ActiveThreatModelSourceAsSource extends Source, ActiveThreatModelSource {
-  }
+  private class ActiveThreatModelSourceAsSource extends Source, ActiveThreatModelSource { }
 
   /**
    * A prompt to an AI model, considered as a flow sink.
@@ -52,9 +49,7 @@ module UserPromptInjection {
   }
 
   private class SinkFromModel extends Sink {
-    SinkFromModel() {
-      this = ModelOutput::getASinkNode("user-prompt-injection").asSink()
-    }
+    SinkFromModel() { this = ModelOutput::getASinkNode("user-prompt-injection").asSink() }
   }
 
   private class PromptContentSink extends Sink {
@@ -76,14 +71,10 @@ module UserPromptInjection {
   /**
    * A comparison with a constant, considered as a sanitizer-guard.
    */
-  private class ConstCompareBarrierGuard extends DataFlow::ValueNode
-  {
+  private class ConstCompareBarrierGuard extends DataFlow::ValueNode {
     override EqualityTest astNode;
 
-    ConstCompareBarrierGuard()
-    {
-      astNode.hasOperands(_, any(ConstantString cs))
-    }
+    ConstCompareBarrierGuard() { astNode.hasOperands(_, any(ConstantString cs)) }
 
     predicate blocksExpr(boolean outcome, Expr e) {
       outcome = astNode.getPolarity() and
@@ -92,4 +83,4 @@ module UserPromptInjection {
       not e instanceof ConstantString
     }
   }
-}
\ No newline at end of file
+}