mirror of
https://github.com/github/codeql.git
synced 2026-06-19 20:01:09 +02:00
Merge pull request #22012 from github/bazookamusic/js-prompt-injection-sinks
JS Prompt Injection - Add some more sinks and reclassify legacy API
This commit is contained in:
Sotiris Dragonas
@@ -0,0 +1,5 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added more prompt-injection sinks for the OpenAI, Anthropic, and Google GenAI SDKs: OpenAI `videos.create`/`edit`/`extend`/`remix` (Sora) prompts and `beta.realtime.sessions.create` instructions, Anthropic legacy `completions.create` prompts, and Google GenAI `caches.create` cached contents and system instructions.
|
||||
* The OpenAI legacy `completions.create` prompt is now treated as a user-prompt-injection sink instead of a system-prompt-injection sink, since the legacy `/v1/completions` endpoint takes a single free-form prompt with no role separation.
|
||||
@@ -10,6 +10,7 @@ extensions:
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- ["anthropic.Client", "Member[messages].Member[create].Argument[0].Member[system]", "system-prompt-injection"]
|
||||
- ["anthropic.Client", "Member[completions].Member[create].Argument[0].Member[prompt]", "user-prompt-injection"]
|
||||
- ["anthropic.Client", "Member[messages].Member[create].Argument[0].Member[system].ArrayElement.Member[text]", "system-prompt-injection"]
|
||||
- ["anthropic.Client", "Member[beta].Member[messages].Member[create].Argument[0].Member[system]", "system-prompt-injection"]
|
||||
- ["anthropic.Client", "Member[beta].Member[messages].Member[create].Argument[0].Member[system].ArrayElement.Member[text]", "system-prompt-injection"]
|
||||
|
||||
@@ -13,6 +13,7 @@ extensions:
|
||||
- ["google-genai.Client", "Member[chats].Member[create].Argument[0].Member[config].Member[systemInstruction]", "system-prompt-injection"]
|
||||
- ["google-genai.Client", "Member[chats].Member[create].ReturnValue.Member[sendMessage].Argument[0].Member[config].Member[systemInstruction]", "system-prompt-injection"]
|
||||
- ["google-genai.Client", "Member[live].Member[connect].Argument[0].Member[config].Member[systemInstruction]", "system-prompt-injection"]
|
||||
- ["google-genai.Client", "Member[caches].Member[create].Argument[0].Member[config].Member[systemInstruction]", "system-prompt-injection"]
|
||||
- ["google-genai.Client", "Member[models].Member[generateContent,generateContentStream].Argument[0].Member[contents]", "user-prompt-injection"]
|
||||
- ["google-genai.Client", "Member[models].Member[generateImages].Argument[0].Member[prompt]", "user-prompt-injection"]
|
||||
- ["google-genai.Client", "Member[models].Member[editImage].Argument[0].Member[prompt]", "user-prompt-injection"]
|
||||
@@ -20,3 +21,4 @@ extensions:
|
||||
- ["google-genai.Client", "Member[chats].Member[create].ReturnValue.Member[sendMessage,sendMessageStream].Argument[0].Member[message]", "user-prompt-injection"]
|
||||
- ["google-genai.Client", "Member[chats].Member[create].ReturnValue.Member[sendMessage,sendMessageStream].Argument[0].Member[content]", "user-prompt-injection"]
|
||||
- ["google-genai.Client", "Member[interactions].Member[create].Argument[0].Member[input]", "user-prompt-injection"]
|
||||
- ["google-genai.Client", "Member[caches].Member[create].Argument[0].Member[config].Member[contents]", "user-prompt-injection"]
|
||||
|
||||
@@ -12,7 +12,7 @@ extensions:
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- ["openai.Client", "Member[responses].Member[create].Argument[0].Member[instructions]", "system-prompt-injection"]
|
||||
- ["openai.Client", "Member[completions].Member[create].Argument[0].Member[prompt]", "system-prompt-injection"]
|
||||
- ["openai.Client", "Member[beta].Member[realtime].Member[sessions].Member[create].Argument[0].Member[instructions]", "system-prompt-injection"]
|
||||
- ["openai.Client", "Member[beta].Member[assistants].Member[create].Argument[0].Member[instructions]", "system-prompt-injection"]
|
||||
- ["openai.Client", "Member[beta].Member[assistants].Member[update].Argument[1].Member[instructions]", "system-prompt-injection"]
|
||||
- ["openai.Client", "Member[beta].Member[threads].Member[runs].Member[create].Argument[1].Member[instructions,additional_instructions]", "system-prompt-injection"]
|
||||
@@ -25,3 +25,5 @@ extensions:
|
||||
- ["@openai/guardrails", "Member[GuardrailAgent].Member[create].Argument[2]", "system-prompt-injection"]
|
||||
- ["@openai/agents", "Member[run].Argument[1]", "user-prompt-injection"]
|
||||
- ["@openai/agents", "Member[Runner].Instance.Member[run].Argument[1]", "user-prompt-injection"]
|
||||
- ["openai.Client", "Member[videos].Member[create,edit,extend].Argument[0].Member[prompt]", "user-prompt-injection"]
|
||||
- ["openai.Client", "Member[videos].Member[remix].Argument[1].Member[prompt]", "user-prompt-injection"]
|
||||
|
||||
@@ -23,6 +23,7 @@
|
||||
| gemini_test.js:85:26:85:49 | "Talk l ... persona | gemini_test.js:8:19:8:35 | req.query.persona | gemini_test.js:85:26:85:49 | "Talk l ... persona | This system prompt depends on a $@. | gemini_test.js:8:19:8:35 | req.query.persona | user-provided value |
|
||||
| gemini_test.js:95:26:95:49 | "Talk l ... persona | gemini_test.js:8:19:8:35 | req.query.persona | gemini_test.js:95:26:95:49 | "Talk l ... persona | This system prompt depends on a $@. | gemini_test.js:8:19:8:35 | req.query.persona | user-provided value |
|
||||
| gemini_test.js:105:26:105:49 | "Talk l ... persona | gemini_test.js:8:19:8:35 | req.query.persona | gemini_test.js:105:26:105:49 | "Talk l ... persona | This system prompt depends on a $@. | gemini_test.js:8:19:8:35 | req.query.persona | user-provided value |
|
||||
| gemini_test.js:119:26:119:49 | "Talk l ... persona | gemini_test.js:8:19:8:35 | req.query.persona | gemini_test.js:119:26:119:49 | "Talk l ... persona | This system prompt depends on a $@. | gemini_test.js:8:19:8:35 | req.query.persona | user-provided value |
|
||||
| langchain_test.js:16:37:16:60 | "Talk l ... persona | langchain_test.js:9:19:9:35 | req.query.persona | langchain_test.js:16:37:16:60 | "Talk l ... persona | This system prompt depends on a $@. | langchain_test.js:9:19:9:35 | req.query.persona | user-provided value |
|
||||
| langchain_test.js:19:14:19:37 | "Talk l ... persona | langchain_test.js:9:19:9:35 | req.query.persona | langchain_test.js:19:14:19:37 | "Talk l ... persona | This system prompt depends on a $@. | langchain_test.js:9:19:9:35 | req.query.persona | user-provided value |
|
||||
| langchain_test.js:25:19:25:42 | "Talk l ... persona | langchain_test.js:9:19:9:35 | req.query.persona | langchain_test.js:25:19:25:42 | "Talk l ... persona | This system prompt depends on a $@. | langchain_test.js:9:19:9:35 | req.query.persona | user-provided value |
|
||||
@@ -33,13 +34,13 @@
|
||||
| openai_test.js:83:18:83:41 | "Talk l ... persona | openai_test.js:11:19:11:35 | req.query.persona | openai_test.js:83:18:83:41 | "Talk l ... persona | This system prompt depends on a $@. | openai_test.js:11:19:11:35 | req.query.persona | user-provided value |
|
||||
| openai_test.js:97:19:97:42 | "Talk l ... persona | openai_test.js:11:19:11:35 | req.query.persona | openai_test.js:97:19:97:42 | "Talk l ... persona | This system prompt depends on a $@. | openai_test.js:11:19:11:35 | req.query.persona | user-provided value |
|
||||
| openai_test.js:110:18:110:41 | "Talk l ... persona | openai_test.js:11:19:11:35 | req.query.persona | openai_test.js:110:18:110:41 | "Talk l ... persona | This system prompt depends on a $@. | openai_test.js:11:19:11:35 | req.query.persona | user-provided value |
|
||||
| openai_test.js:120:13:120:36 | "Talk l ... persona | openai_test.js:11:19:11:35 | req.query.persona | openai_test.js:120:13:120:36 | "Talk l ... persona | This system prompt depends on a $@. | openai_test.js:11:19:11:35 | req.query.persona | user-provided value |
|
||||
| openai_test.js:129:19:129:42 | "Talk l ... persona | openai_test.js:11:19:11:35 | req.query.persona | openai_test.js:129:19:129:42 | "Talk l ... persona | This system prompt depends on a $@. | openai_test.js:11:19:11:35 | req.query.persona | user-provided value |
|
||||
| openai_test.js:134:19:134:42 | "Talk l ... persona | openai_test.js:11:19:11:35 | req.query.persona | openai_test.js:134:19:134:42 | "Talk l ... persona | This system prompt depends on a $@. | openai_test.js:11:19:11:35 | req.query.persona | user-provided value |
|
||||
| openai_test.js:140:19:140:42 | "Talk l ... persona | openai_test.js:11:19:11:35 | req.query.persona | openai_test.js:140:19:140:42 | "Talk l ... persona | This system prompt depends on a $@. | openai_test.js:11:19:11:35 | req.query.persona | user-provided value |
|
||||
| openai_test.js:146:30:146:58 | "Also t ... persona | openai_test.js:11:19:11:35 | req.query.persona | openai_test.js:146:30:146:58 | "Also t ... persona | This system prompt depends on a $@. | openai_test.js:11:19:11:35 | req.query.persona | user-provided value |
|
||||
| openai_test.js:152:14:152:37 | "Talk l ... persona | openai_test.js:11:19:11:35 | req.query.persona | openai_test.js:152:14:152:37 | "Talk l ... persona | This system prompt depends on a $@. | openai_test.js:11:19:11:35 | req.query.persona | user-provided value |
|
||||
| openai_test.js:164:32:164:55 | "Talk l ... persona | openai_test.js:11:19:11:35 | req.query.persona | openai_test.js:164:32:164:55 | "Talk l ... persona | This system prompt depends on a $@. | openai_test.js:11:19:11:35 | req.query.persona | user-provided value |
|
||||
| openai_test.js:128:19:128:42 | "Talk l ... persona | openai_test.js:11:19:11:35 | req.query.persona | openai_test.js:128:19:128:42 | "Talk l ... persona | This system prompt depends on a $@. | openai_test.js:11:19:11:35 | req.query.persona | user-provided value |
|
||||
| openai_test.js:137:19:137:42 | "Talk l ... persona | openai_test.js:11:19:11:35 | req.query.persona | openai_test.js:137:19:137:42 | "Talk l ... persona | This system prompt depends on a $@. | openai_test.js:11:19:11:35 | req.query.persona | user-provided value |
|
||||
| openai_test.js:142:19:142:42 | "Talk l ... persona | openai_test.js:11:19:11:35 | req.query.persona | openai_test.js:142:19:142:42 | "Talk l ... persona | This system prompt depends on a $@. | openai_test.js:11:19:11:35 | req.query.persona | user-provided value |
|
||||
| openai_test.js:148:19:148:42 | "Talk l ... persona | openai_test.js:11:19:11:35 | req.query.persona | openai_test.js:148:19:148:42 | "Talk l ... persona | This system prompt depends on a $@. | openai_test.js:11:19:11:35 | req.query.persona | user-provided value |
|
||||
| openai_test.js:154:30:154:58 | "Also t ... persona | openai_test.js:11:19:11:35 | req.query.persona | openai_test.js:154:30:154:58 | "Also t ... persona | This system prompt depends on a $@. | openai_test.js:11:19:11:35 | req.query.persona | user-provided value |
|
||||
| openai_test.js:160:14:160:37 | "Talk l ... persona | openai_test.js:11:19:11:35 | req.query.persona | openai_test.js:160:14:160:37 | "Talk l ... persona | This system prompt depends on a $@. | openai_test.js:11:19:11:35 | req.query.persona | user-provided value |
|
||||
| openai_test.js:172:32:172:55 | "Talk l ... persona | openai_test.js:11:19:11:35 | req.query.persona | openai_test.js:172:32:172:55 | "Talk l ... persona | This system prompt depends on a $@. | openai_test.js:11:19:11:35 | req.query.persona | user-provided value |
|
||||
| openrouter_test.js:23:18:23:41 | "Talk l ... persona | openrouter_test.js:12:19:12:35 | req.query.persona | openrouter_test.js:23:18:23:41 | "Talk l ... persona | This system prompt depends on a $@. | openrouter_test.js:12:19:12:35 | req.query.persona | user-provided value |
|
||||
| openrouter_test.js:38:18:38:41 | "Talk l ... persona | openrouter_test.js:12:19:12:35 | req.query.persona | openrouter_test.js:38:18:38:41 | "Talk l ... persona | This system prompt depends on a $@. | openrouter_test.js:12:19:12:35 | req.query.persona | user-provided value |
|
||||
| openrouter_test.js:52:19:52:42 | "Talk l ... persona | openrouter_test.js:12:19:12:35 | req.query.persona | openrouter_test.js:52:19:52:42 | "Talk l ... persona | This system prompt depends on a $@. | openrouter_test.js:12:19:12:35 | req.query.persona | user-provided value |
|
||||
@@ -109,6 +110,7 @@ edges
|
||||
| gemini_test.js:8:9:8:15 | persona | gemini_test.js:85:43:85:49 | persona | provenance | |
|
||||
| gemini_test.js:8:9:8:15 | persona | gemini_test.js:95:43:95:49 | persona | provenance | |
|
||||
| gemini_test.js:8:9:8:15 | persona | gemini_test.js:105:43:105:49 | persona | provenance | |
|
||||
| gemini_test.js:8:9:8:15 | persona | gemini_test.js:119:43:119:49 | persona | provenance | |
|
||||
| gemini_test.js:8:19:8:35 | req.query.persona | gemini_test.js:8:9:8:15 | persona | provenance | |
|
||||
| gemini_test.js:18:43:18:49 | persona | gemini_test.js:18:26:18:49 | "Talk l ... persona | provenance | |
|
||||
| gemini_test.js:30:42:30:48 | persona | gemini_test.js:30:25:30:48 | "Talk l ... persona | provenance | |
|
||||
@@ -116,6 +118,7 @@ edges
|
||||
| gemini_test.js:85:43:85:49 | persona | gemini_test.js:85:26:85:49 | "Talk l ... persona | provenance | |
|
||||
| gemini_test.js:95:43:95:49 | persona | gemini_test.js:95:26:95:49 | "Talk l ... persona | provenance | |
|
||||
| gemini_test.js:105:43:105:49 | persona | gemini_test.js:105:26:105:49 | "Talk l ... persona | provenance | |
|
||||
| gemini_test.js:119:43:119:49 | persona | gemini_test.js:119:26:119:49 | "Talk l ... persona | provenance | |
|
||||
| langchain_test.js:9:9:9:15 | persona | langchain_test.js:16:54:16:60 | persona | provenance | |
|
||||
| langchain_test.js:9:9:9:15 | persona | langchain_test.js:19:31:19:37 | persona | provenance | |
|
||||
| langchain_test.js:9:9:9:15 | persona | langchain_test.js:25:36:25:42 | persona | provenance | |
|
||||
@@ -130,13 +133,13 @@ edges
|
||||
| openai_test.js:11:9:11:15 | persona | openai_test.js:83:35:83:41 | persona | provenance | |
|
||||
| openai_test.js:11:9:11:15 | persona | openai_test.js:97:36:97:42 | persona | provenance | |
|
||||
| openai_test.js:11:9:11:15 | persona | openai_test.js:110:35:110:41 | persona | provenance | |
|
||||
| openai_test.js:11:9:11:15 | persona | openai_test.js:120:30:120:36 | persona | provenance | |
|
||||
| openai_test.js:11:9:11:15 | persona | openai_test.js:129:36:129:42 | persona | provenance | |
|
||||
| openai_test.js:11:9:11:15 | persona | openai_test.js:134:36:134:42 | persona | provenance | |
|
||||
| openai_test.js:11:9:11:15 | persona | openai_test.js:140:36:140:42 | persona | provenance | |
|
||||
| openai_test.js:11:9:11:15 | persona | openai_test.js:146:52:146:58 | persona | provenance | |
|
||||
| openai_test.js:11:9:11:15 | persona | openai_test.js:152:31:152:37 | persona | provenance | |
|
||||
| openai_test.js:11:9:11:15 | persona | openai_test.js:164:49:164:55 | persona | provenance | |
|
||||
| openai_test.js:11:9:11:15 | persona | openai_test.js:128:36:128:42 | persona | provenance | |
|
||||
| openai_test.js:11:9:11:15 | persona | openai_test.js:137:36:137:42 | persona | provenance | |
|
||||
| openai_test.js:11:9:11:15 | persona | openai_test.js:142:36:142:42 | persona | provenance | |
|
||||
| openai_test.js:11:9:11:15 | persona | openai_test.js:148:36:148:42 | persona | provenance | |
|
||||
| openai_test.js:11:9:11:15 | persona | openai_test.js:154:52:154:58 | persona | provenance | |
|
||||
| openai_test.js:11:9:11:15 | persona | openai_test.js:160:31:160:37 | persona | provenance | |
|
||||
| openai_test.js:11:9:11:15 | persona | openai_test.js:172:49:172:55 | persona | provenance | |
|
||||
| openai_test.js:11:19:11:35 | req.query.persona | openai_test.js:11:9:11:15 | persona | provenance | |
|
||||
| openai_test.js:19:36:19:42 | persona | openai_test.js:19:19:19:42 | "Talk l ... persona | provenance | |
|
||||
| openai_test.js:29:35:29:41 | persona | openai_test.js:29:18:29:41 | "Talk l ... persona | provenance | |
|
||||
@@ -145,13 +148,13 @@ edges
|
||||
| openai_test.js:83:35:83:41 | persona | openai_test.js:83:18:83:41 | "Talk l ... persona | provenance | |
|
||||
| openai_test.js:97:36:97:42 | persona | openai_test.js:97:19:97:42 | "Talk l ... persona | provenance | |
|
||||
| openai_test.js:110:35:110:41 | persona | openai_test.js:110:18:110:41 | "Talk l ... persona | provenance | |
|
||||
| openai_test.js:120:30:120:36 | persona | openai_test.js:120:13:120:36 | "Talk l ... persona | provenance | |
|
||||
| openai_test.js:129:36:129:42 | persona | openai_test.js:129:19:129:42 | "Talk l ... persona | provenance | |
|
||||
| openai_test.js:134:36:134:42 | persona | openai_test.js:134:19:134:42 | "Talk l ... persona | provenance | |
|
||||
| openai_test.js:140:36:140:42 | persona | openai_test.js:140:19:140:42 | "Talk l ... persona | provenance | |
|
||||
| openai_test.js:146:52:146:58 | persona | openai_test.js:146:30:146:58 | "Also t ... persona | provenance | |
|
||||
| openai_test.js:152:31:152:37 | persona | openai_test.js:152:14:152:37 | "Talk l ... persona | provenance | |
|
||||
| openai_test.js:164:49:164:55 | persona | openai_test.js:164:32:164:55 | "Talk l ... persona | provenance | |
|
||||
| openai_test.js:128:36:128:42 | persona | openai_test.js:128:19:128:42 | "Talk l ... persona | provenance | |
|
||||
| openai_test.js:137:36:137:42 | persona | openai_test.js:137:19:137:42 | "Talk l ... persona | provenance | |
|
||||
| openai_test.js:142:36:142:42 | persona | openai_test.js:142:19:142:42 | "Talk l ... persona | provenance | |
|
||||
| openai_test.js:148:36:148:42 | persona | openai_test.js:148:19:148:42 | "Talk l ... persona | provenance | |
|
||||
| openai_test.js:154:52:154:58 | persona | openai_test.js:154:30:154:58 | "Also t ... persona | provenance | |
|
||||
| openai_test.js:160:31:160:37 | persona | openai_test.js:160:14:160:37 | "Talk l ... persona | provenance | |
|
||||
| openai_test.js:172:49:172:55 | persona | openai_test.js:172:32:172:55 | "Talk l ... persona | provenance | |
|
||||
| openrouter_test.js:12:9:12:15 | persona | openrouter_test.js:23:35:23:41 | persona | provenance | |
|
||||
| openrouter_test.js:12:9:12:15 | persona | openrouter_test.js:38:35:38:41 | persona | provenance | |
|
||||
| openrouter_test.js:12:9:12:15 | persona | openrouter_test.js:52:36:52:42 | persona | provenance | |
|
||||
@@ -235,6 +238,8 @@ nodes
|
||||
| gemini_test.js:95:43:95:49 | persona | semmle.label | persona |
|
||||
| gemini_test.js:105:26:105:49 | "Talk l ... persona | semmle.label | "Talk l ... persona |
|
||||
| gemini_test.js:105:43:105:49 | persona | semmle.label | persona |
|
||||
| gemini_test.js:119:26:119:49 | "Talk l ... persona | semmle.label | "Talk l ... persona |
|
||||
| gemini_test.js:119:43:119:49 | persona | semmle.label | persona |
|
||||
| langchain_test.js:9:9:9:15 | persona | semmle.label | persona |
|
||||
| langchain_test.js:9:19:9:35 | req.query.persona | semmle.label | req.query.persona |
|
||||
| langchain_test.js:16:37:16:60 | "Talk l ... persona | semmle.label | "Talk l ... persona |
|
||||
@@ -259,20 +264,20 @@ nodes
|
||||
| openai_test.js:97:36:97:42 | persona | semmle.label | persona |
|
||||
| openai_test.js:110:18:110:41 | "Talk l ... persona | semmle.label | "Talk l ... persona |
|
||||
| openai_test.js:110:35:110:41 | persona | semmle.label | persona |
|
||||
| openai_test.js:120:13:120:36 | "Talk l ... persona | semmle.label | "Talk l ... persona |
|
||||
| openai_test.js:120:30:120:36 | persona | semmle.label | persona |
|
||||
| openai_test.js:129:19:129:42 | "Talk l ... persona | semmle.label | "Talk l ... persona |
|
||||
| openai_test.js:129:36:129:42 | persona | semmle.label | persona |
|
||||
| openai_test.js:134:19:134:42 | "Talk l ... persona | semmle.label | "Talk l ... persona |
|
||||
| openai_test.js:134:36:134:42 | persona | semmle.label | persona |
|
||||
| openai_test.js:140:19:140:42 | "Talk l ... persona | semmle.label | "Talk l ... persona |
|
||||
| openai_test.js:140:36:140:42 | persona | semmle.label | persona |
|
||||
| openai_test.js:146:30:146:58 | "Also t ... persona | semmle.label | "Also t ... persona |
|
||||
| openai_test.js:146:52:146:58 | persona | semmle.label | persona |
|
||||
| openai_test.js:152:14:152:37 | "Talk l ... persona | semmle.label | "Talk l ... persona |
|
||||
| openai_test.js:152:31:152:37 | persona | semmle.label | persona |
|
||||
| openai_test.js:164:32:164:55 | "Talk l ... persona | semmle.label | "Talk l ... persona |
|
||||
| openai_test.js:164:49:164:55 | persona | semmle.label | persona |
|
||||
| openai_test.js:128:19:128:42 | "Talk l ... persona | semmle.label | "Talk l ... persona |
|
||||
| openai_test.js:128:36:128:42 | persona | semmle.label | persona |
|
||||
| openai_test.js:137:19:137:42 | "Talk l ... persona | semmle.label | "Talk l ... persona |
|
||||
| openai_test.js:137:36:137:42 | persona | semmle.label | persona |
|
||||
| openai_test.js:142:19:142:42 | "Talk l ... persona | semmle.label | "Talk l ... persona |
|
||||
| openai_test.js:142:36:142:42 | persona | semmle.label | persona |
|
||||
| openai_test.js:148:19:148:42 | "Talk l ... persona | semmle.label | "Talk l ... persona |
|
||||
| openai_test.js:148:36:148:42 | persona | semmle.label | persona |
|
||||
| openai_test.js:154:30:154:58 | "Also t ... persona | semmle.label | "Also t ... persona |
|
||||
| openai_test.js:154:52:154:58 | persona | semmle.label | persona |
|
||||
| openai_test.js:160:14:160:37 | "Talk l ... persona | semmle.label | "Talk l ... persona |
|
||||
| openai_test.js:160:31:160:37 | persona | semmle.label | persona |
|
||||
| openai_test.js:172:32:172:55 | "Talk l ... persona | semmle.label | "Talk l ... persona |
|
||||
| openai_test.js:172:49:172:55 | persona | semmle.label | persona |
|
||||
| openrouter_test.js:12:9:12:15 | persona | semmle.label | persona |
|
||||
| openrouter_test.js:12:19:12:35 | req.query.persona | semmle.label | req.query.persona |
|
||||
| openrouter_test.js:23:18:23:41 | "Talk l ... persona | semmle.label | "Talk l ... persona |
|
||||
|
||||
@@ -109,6 +109,17 @@ app.get("/test", async (req, res) => {
|
||||
},
|
||||
});
|
||||
|
||||
// === caches.create: config.systemInstruction ===
|
||||
|
||||
// SHOULD ALERT
|
||||
const cache = await ai.caches.create({
|
||||
model: "gemini-2.0-flash",
|
||||
config: {
|
||||
contents: "Some document to cache",
|
||||
systemInstruction: "Talk like a " + persona, // $ Alert[js/system-prompt-injection]
|
||||
},
|
||||
});
|
||||
|
||||
// === Sanitizer: constant comparison ===
|
||||
|
||||
// SHOULD NOT ALERT
|
||||
|
||||
@@ -114,10 +114,18 @@ app.get("/test", async (req, res) => {
|
||||
|
||||
// === Legacy Completions API ===
|
||||
|
||||
// prompt (SHOULD ALERT)
|
||||
// prompt (SHOULD NOT ALERT for system - reclassified as user-prompt-injection)
|
||||
const l1 = await client.completions.create({
|
||||
model: "gpt-3.5-turbo-instruct",
|
||||
prompt: "Talk like a " + persona, // $ Alert[js/system-prompt-injection]
|
||||
prompt: "Talk like a " + persona, // OK - legacy completions prompt is a user-prompt-injection sink
|
||||
});
|
||||
|
||||
// === Realtime API (beta) ===
|
||||
|
||||
// beta.realtime.sessions.create instructions (SHOULD ALERT)
|
||||
const rt1 = await client.beta.realtime.sessions.create({
|
||||
model: "gpt-4o-realtime-preview",
|
||||
instructions: "Talk like a " + persona, // $ Alert[js/system-prompt-injection]
|
||||
});
|
||||
|
||||
// === Assistants API (beta) ===
|
||||
|
||||
@@ -1,12 +1,14 @@
|
||||
#select
|
||||
| anthropic_user_test.js:18:18:18:26 | userInput | anthropic_user_test.js:8:21:8:39 | req.query.userInput | anthropic_user_test.js:18:18:18:26 | userInput | This prompt construction depends on a $@. | anthropic_user_test.js:8:21:8:39 | req.query.userInput | user-provided value |
|
||||
| anthropic_user_test.js:31:18:31:26 | userInput | anthropic_user_test.js:8:21:8:39 | req.query.userInput | anthropic_user_test.js:31:18:31:26 | userInput | This prompt construction depends on a $@. | anthropic_user_test.js:8:21:8:39 | req.query.userInput | user-provided value |
|
||||
| anthropic_user_test.js:41:13:41:51 | `\\n\\nHu ... stant:` | anthropic_user_test.js:8:21:8:39 | req.query.userInput | anthropic_user_test.js:41:13:41:51 | `\\n\\nHu ... stant:` | This prompt construction depends on a $@. | anthropic_user_test.js:8:21:8:39 | req.query.userInput | user-provided value |
|
||||
| gemini_user_test.js:14:15:14:23 | userInput | gemini_user_test.js:8:21:8:39 | req.query.userInput | gemini_user_test.js:14:15:14:23 | userInput | This prompt construction depends on a $@. | gemini_user_test.js:8:21:8:39 | req.query.userInput | user-provided value |
|
||||
| gemini_user_test.js:26:19:26:27 | userInput | gemini_user_test.js:8:21:8:39 | req.query.userInput | gemini_user_test.js:26:19:26:27 | userInput | This prompt construction depends on a $@. | gemini_user_test.js:8:21:8:39 | req.query.userInput | user-provided value |
|
||||
| gemini_user_test.js:37:15:37:23 | userInput | gemini_user_test.js:8:21:8:39 | req.query.userInput | gemini_user_test.js:37:15:37:23 | userInput | This prompt construction depends on a $@. | gemini_user_test.js:8:21:8:39 | req.query.userInput | user-provided value |
|
||||
| gemini_user_test.js:44:13:44:21 | userInput | gemini_user_test.js:8:21:8:39 | req.query.userInput | gemini_user_test.js:44:13:44:21 | userInput | This prompt construction depends on a $@. | gemini_user_test.js:8:21:8:39 | req.query.userInput | user-provided value |
|
||||
| gemini_user_test.js:51:13:51:21 | userInput | gemini_user_test.js:8:21:8:39 | req.query.userInput | gemini_user_test.js:51:13:51:21 | userInput | This prompt construction depends on a $@. | gemini_user_test.js:8:21:8:39 | req.query.userInput | user-provided value |
|
||||
| gemini_user_test.js:58:13:58:21 | userInput | gemini_user_test.js:8:21:8:39 | req.query.userInput | gemini_user_test.js:58:13:58:21 | userInput | This prompt construction depends on a $@. | gemini_user_test.js:8:21:8:39 | req.query.userInput | user-provided value |
|
||||
| gemini_user_test.js:66:17:66:25 | userInput | gemini_user_test.js:8:21:8:39 | req.query.userInput | gemini_user_test.js:66:17:66:25 | userInput | This prompt construction depends on a $@. | gemini_user_test.js:8:21:8:39 | req.query.userInput | user-provided value |
|
||||
| langchain_user_test.js:18:26:18:34 | userInput | langchain_user_test.js:13:21:13:39 | req.query.userInput | langchain_user_test.js:18:26:18:34 | userInput | This prompt construction depends on a $@. | langchain_user_test.js:13:21:13:39 | req.query.userInput | user-provided value |
|
||||
| langchain_user_test.js:22:26:22:34 | userInput | langchain_user_test.js:13:21:13:39 | req.query.userInput | langchain_user_test.js:22:26:22:34 | userInput | This prompt construction depends on a $@. | langchain_user_test.js:13:21:13:39 | req.query.userInput | user-provided value |
|
||||
| langchain_user_test.js:26:24:26:32 | userInput | langchain_user_test.js:13:21:13:39 | req.query.userInput | langchain_user_test.js:26:24:26:32 | userInput | This prompt construction depends on a $@. | langchain_user_test.js:13:21:13:39 | req.query.userInput | user-provided value |
|
||||
@@ -31,15 +33,19 @@
|
||||
| openai_user_test.js:67:13:67:21 | userInput | openai_user_test.js:15:21:15:39 | req.query.userInput | openai_user_test.js:67:13:67:21 | userInput | This prompt construction depends on a $@. | openai_user_test.js:15:21:15:39 | req.query.userInput | user-provided value |
|
||||
| openai_user_test.js:72:13:72:21 | userInput | openai_user_test.js:15:21:15:39 | req.query.userInput | openai_user_test.js:72:13:72:21 | userInput | This prompt construction depends on a $@. | openai_user_test.js:15:21:15:39 | req.query.userInput | user-provided value |
|
||||
| openai_user_test.js:76:13:76:21 | userInput | openai_user_test.js:15:21:15:39 | req.query.userInput | openai_user_test.js:76:13:76:21 | userInput | This prompt construction depends on a $@. | openai_user_test.js:15:21:15:39 | req.query.userInput | user-provided value |
|
||||
| openai_user_test.js:83:13:83:21 | userInput | openai_user_test.js:15:21:15:39 | req.query.userInput | openai_user_test.js:83:13:83:21 | userInput | This prompt construction depends on a $@. | openai_user_test.js:15:21:15:39 | req.query.userInput | user-provided value |
|
||||
| openai_user_test.js:89:13:89:21 | userInput | openai_user_test.js:15:21:15:39 | req.query.userInput | openai_user_test.js:89:13:89:21 | userInput | This prompt construction depends on a $@. | openai_user_test.js:15:21:15:39 | req.query.userInput | user-provided value |
|
||||
| openai_user_test.js:95:14:95:22 | userInput | openai_user_test.js:15:21:15:39 | req.query.userInput | openai_user_test.js:95:14:95:22 | userInput | This prompt construction depends on a $@. | openai_user_test.js:15:21:15:39 | req.query.userInput | user-provided value |
|
||||
| openai_user_test.js:101:12:101:20 | userInput | openai_user_test.js:15:21:15:39 | req.query.userInput | openai_user_test.js:101:12:101:20 | userInput | This prompt construction depends on a $@. | openai_user_test.js:15:21:15:39 | req.query.userInput | user-provided value |
|
||||
| openai_user_test.js:148:12:148:20 | userInput | openai_user_test.js:15:21:15:39 | req.query.userInput | openai_user_test.js:148:12:148:20 | userInput | This prompt construction depends on a $@. | openai_user_test.js:15:21:15:39 | req.query.userInput | user-provided value |
|
||||
| openai_user_test.js:192:20:192:28 | userInput | openai_user_test.js:15:21:15:39 | req.query.userInput | openai_user_test.js:192:20:192:28 | userInput | This prompt construction depends on a $@. | openai_user_test.js:15:21:15:39 | req.query.userInput | user-provided value |
|
||||
| openai_user_test.js:196:30:196:38 | userInput | openai_user_test.js:15:21:15:39 | req.query.userInput | openai_user_test.js:196:30:196:38 | userInput | This prompt construction depends on a $@. | openai_user_test.js:15:21:15:39 | req.query.userInput | user-provided value |
|
||||
| openai_user_test.js:201:27:201:35 | userInput | openai_user_test.js:15:21:15:39 | req.query.userInput | openai_user_test.js:201:27:201:35 | userInput | This prompt construction depends on a $@. | openai_user_test.js:15:21:15:39 | req.query.userInput | user-provided value |
|
||||
| openai_user_test.js:205:30:205:38 | userInput | openai_user_test.js:15:21:15:39 | req.query.userInput | openai_user_test.js:205:30:205:38 | userInput | This prompt construction depends on a $@. | openai_user_test.js:15:21:15:39 | req.query.userInput | user-provided value |
|
||||
| openai_user_test.js:82:13:82:21 | userInput | openai_user_test.js:15:21:15:39 | req.query.userInput | openai_user_test.js:82:13:82:21 | userInput | This prompt construction depends on a $@. | openai_user_test.js:15:21:15:39 | req.query.userInput | user-provided value |
|
||||
| openai_user_test.js:86:13:86:21 | userInput | openai_user_test.js:15:21:15:39 | req.query.userInput | openai_user_test.js:86:13:86:21 | userInput | This prompt construction depends on a $@. | openai_user_test.js:15:21:15:39 | req.query.userInput | user-provided value |
|
||||
| openai_user_test.js:90:13:90:21 | userInput | openai_user_test.js:15:21:15:39 | req.query.userInput | openai_user_test.js:90:13:90:21 | userInput | This prompt construction depends on a $@. | openai_user_test.js:15:21:15:39 | req.query.userInput | user-provided value |
|
||||
| openai_user_test.js:96:13:96:21 | userInput | openai_user_test.js:15:21:15:39 | req.query.userInput | openai_user_test.js:96:13:96:21 | userInput | This prompt construction depends on a $@. | openai_user_test.js:15:21:15:39 | req.query.userInput | user-provided value |
|
||||
| openai_user_test.js:103:13:103:21 | userInput | openai_user_test.js:15:21:15:39 | req.query.userInput | openai_user_test.js:103:13:103:21 | userInput | This prompt construction depends on a $@. | openai_user_test.js:15:21:15:39 | req.query.userInput | user-provided value |
|
||||
| openai_user_test.js:109:13:109:21 | userInput | openai_user_test.js:15:21:15:39 | req.query.userInput | openai_user_test.js:109:13:109:21 | userInput | This prompt construction depends on a $@. | openai_user_test.js:15:21:15:39 | req.query.userInput | user-provided value |
|
||||
| openai_user_test.js:115:14:115:22 | userInput | openai_user_test.js:15:21:15:39 | req.query.userInput | openai_user_test.js:115:14:115:22 | userInput | This prompt construction depends on a $@. | openai_user_test.js:15:21:15:39 | req.query.userInput | user-provided value |
|
||||
| openai_user_test.js:121:12:121:20 | userInput | openai_user_test.js:15:21:15:39 | req.query.userInput | openai_user_test.js:121:12:121:20 | userInput | This prompt construction depends on a $@. | openai_user_test.js:15:21:15:39 | req.query.userInput | user-provided value |
|
||||
| openai_user_test.js:168:12:168:20 | userInput | openai_user_test.js:15:21:15:39 | req.query.userInput | openai_user_test.js:168:12:168:20 | userInput | This prompt construction depends on a $@. | openai_user_test.js:15:21:15:39 | req.query.userInput | user-provided value |
|
||||
| openai_user_test.js:212:20:212:28 | userInput | openai_user_test.js:15:21:15:39 | req.query.userInput | openai_user_test.js:212:20:212:28 | userInput | This prompt construction depends on a $@. | openai_user_test.js:15:21:15:39 | req.query.userInput | user-provided value |
|
||||
| openai_user_test.js:216:30:216:38 | userInput | openai_user_test.js:15:21:15:39 | req.query.userInput | openai_user_test.js:216:30:216:38 | userInput | This prompt construction depends on a $@. | openai_user_test.js:15:21:15:39 | req.query.userInput | user-provided value |
|
||||
| openai_user_test.js:221:27:221:35 | userInput | openai_user_test.js:15:21:15:39 | req.query.userInput | openai_user_test.js:221:27:221:35 | userInput | This prompt construction depends on a $@. | openai_user_test.js:15:21:15:39 | req.query.userInput | user-provided value |
|
||||
| openai_user_test.js:225:30:225:38 | userInput | openai_user_test.js:15:21:15:39 | req.query.userInput | openai_user_test.js:225:30:225:38 | userInput | This prompt construction depends on a $@. | openai_user_test.js:15:21:15:39 | req.query.userInput | user-provided value |
|
||||
| openrouter_user_test.js:22:18:22:26 | userInput | openrouter_user_test.js:12:21:12:39 | req.query.userInput | openrouter_user_test.js:22:18:22:26 | userInput | This prompt construction depends on a $@. | openrouter_user_test.js:12:21:12:39 | req.query.userInput | user-provided value |
|
||||
| openrouter_user_test.js:36:19:36:27 | userInput | openrouter_user_test.js:12:21:12:39 | req.query.userInput | openrouter_user_test.js:36:19:36:27 | userInput | This prompt construction depends on a $@. | openrouter_user_test.js:12:21:12:39 | req.query.userInput | user-provided value |
|
||||
| openrouter_user_test.js:50:18:50:26 | userInput | openrouter_user_test.js:12:21:12:39 | req.query.userInput | openrouter_user_test.js:50:18:50:26 | userInput | This prompt construction depends on a $@. | openrouter_user_test.js:12:21:12:39 | req.query.userInput | user-provided value |
|
||||
@@ -51,13 +57,16 @@
|
||||
edges
|
||||
| anthropic_user_test.js:8:9:8:17 | userInput | anthropic_user_test.js:18:18:18:26 | userInput | provenance | |
|
||||
| anthropic_user_test.js:8:9:8:17 | userInput | anthropic_user_test.js:31:18:31:26 | userInput | provenance | |
|
||||
| anthropic_user_test.js:8:9:8:17 | userInput | anthropic_user_test.js:41:27:41:35 | userInput | provenance | |
|
||||
| anthropic_user_test.js:8:21:8:39 | req.query.userInput | anthropic_user_test.js:8:9:8:17 | userInput | provenance | |
|
||||
| anthropic_user_test.js:41:27:41:35 | userInput | anthropic_user_test.js:41:13:41:51 | `\\n\\nHu ... stant:` | provenance | |
|
||||
| gemini_user_test.js:8:9:8:17 | userInput | gemini_user_test.js:14:15:14:23 | userInput | provenance | |
|
||||
| gemini_user_test.js:8:9:8:17 | userInput | gemini_user_test.js:26:19:26:27 | userInput | provenance | |
|
||||
| gemini_user_test.js:8:9:8:17 | userInput | gemini_user_test.js:37:15:37:23 | userInput | provenance | |
|
||||
| gemini_user_test.js:8:9:8:17 | userInput | gemini_user_test.js:44:13:44:21 | userInput | provenance | |
|
||||
| gemini_user_test.js:8:9:8:17 | userInput | gemini_user_test.js:51:13:51:21 | userInput | provenance | |
|
||||
| gemini_user_test.js:8:9:8:17 | userInput | gemini_user_test.js:58:13:58:21 | userInput | provenance | |
|
||||
| gemini_user_test.js:8:9:8:17 | userInput | gemini_user_test.js:66:17:66:25 | userInput | provenance | |
|
||||
| gemini_user_test.js:8:21:8:39 | req.query.userInput | gemini_user_test.js:8:9:8:17 | userInput | provenance | |
|
||||
| langchain_user_test.js:13:9:13:17 | userInput | langchain_user_test.js:18:26:18:34 | userInput | provenance | |
|
||||
| langchain_user_test.js:13:9:13:17 | userInput | langchain_user_test.js:22:26:22:34 | userInput | provenance | |
|
||||
@@ -84,15 +93,19 @@ edges
|
||||
| openai_user_test.js:15:9:15:17 | userInput | openai_user_test.js:67:13:67:21 | userInput | provenance | |
|
||||
| openai_user_test.js:15:9:15:17 | userInput | openai_user_test.js:72:13:72:21 | userInput | provenance | |
|
||||
| openai_user_test.js:15:9:15:17 | userInput | openai_user_test.js:76:13:76:21 | userInput | provenance | |
|
||||
| openai_user_test.js:15:9:15:17 | userInput | openai_user_test.js:83:13:83:21 | userInput | provenance | |
|
||||
| openai_user_test.js:15:9:15:17 | userInput | openai_user_test.js:89:13:89:21 | userInput | provenance | |
|
||||
| openai_user_test.js:15:9:15:17 | userInput | openai_user_test.js:95:14:95:22 | userInput | provenance | |
|
||||
| openai_user_test.js:15:9:15:17 | userInput | openai_user_test.js:101:12:101:20 | userInput | provenance | |
|
||||
| openai_user_test.js:15:9:15:17 | userInput | openai_user_test.js:148:12:148:20 | userInput | provenance | |
|
||||
| openai_user_test.js:15:9:15:17 | userInput | openai_user_test.js:192:20:192:28 | userInput | provenance | |
|
||||
| openai_user_test.js:15:9:15:17 | userInput | openai_user_test.js:196:30:196:38 | userInput | provenance | |
|
||||
| openai_user_test.js:15:9:15:17 | userInput | openai_user_test.js:201:27:201:35 | userInput | provenance | |
|
||||
| openai_user_test.js:15:9:15:17 | userInput | openai_user_test.js:205:30:205:38 | userInput | provenance | |
|
||||
| openai_user_test.js:15:9:15:17 | userInput | openai_user_test.js:82:13:82:21 | userInput | provenance | |
|
||||
| openai_user_test.js:15:9:15:17 | userInput | openai_user_test.js:86:13:86:21 | userInput | provenance | |
|
||||
| openai_user_test.js:15:9:15:17 | userInput | openai_user_test.js:90:13:90:21 | userInput | provenance | |
|
||||
| openai_user_test.js:15:9:15:17 | userInput | openai_user_test.js:96:13:96:21 | userInput | provenance | |
|
||||
| openai_user_test.js:15:9:15:17 | userInput | openai_user_test.js:103:13:103:21 | userInput | provenance | |
|
||||
| openai_user_test.js:15:9:15:17 | userInput | openai_user_test.js:109:13:109:21 | userInput | provenance | |
|
||||
| openai_user_test.js:15:9:15:17 | userInput | openai_user_test.js:115:14:115:22 | userInput | provenance | |
|
||||
| openai_user_test.js:15:9:15:17 | userInput | openai_user_test.js:121:12:121:20 | userInput | provenance | |
|
||||
| openai_user_test.js:15:9:15:17 | userInput | openai_user_test.js:168:12:168:20 | userInput | provenance | |
|
||||
| openai_user_test.js:15:9:15:17 | userInput | openai_user_test.js:212:20:212:28 | userInput | provenance | |
|
||||
| openai_user_test.js:15:9:15:17 | userInput | openai_user_test.js:216:30:216:38 | userInput | provenance | |
|
||||
| openai_user_test.js:15:9:15:17 | userInput | openai_user_test.js:221:27:221:35 | userInput | provenance | |
|
||||
| openai_user_test.js:15:9:15:17 | userInput | openai_user_test.js:225:30:225:38 | userInput | provenance | |
|
||||
| openai_user_test.js:15:21:15:39 | req.query.userInput | openai_user_test.js:15:9:15:17 | userInput | provenance | |
|
||||
| openrouter_user_test.js:12:9:12:17 | userInput | openrouter_user_test.js:22:18:22:26 | userInput | provenance | |
|
||||
| openrouter_user_test.js:12:9:12:17 | userInput | openrouter_user_test.js:36:19:36:27 | userInput | provenance | |
|
||||
@@ -108,6 +121,8 @@ nodes
|
||||
| anthropic_user_test.js:8:21:8:39 | req.query.userInput | semmle.label | req.query.userInput |
|
||||
| anthropic_user_test.js:18:18:18:26 | userInput | semmle.label | userInput |
|
||||
| anthropic_user_test.js:31:18:31:26 | userInput | semmle.label | userInput |
|
||||
| anthropic_user_test.js:41:13:41:51 | `\\n\\nHu ... stant:` | semmle.label | `\\n\\nHu ... stant:` |
|
||||
| anthropic_user_test.js:41:27:41:35 | userInput | semmle.label | userInput |
|
||||
| gemini_user_test.js:8:9:8:17 | userInput | semmle.label | userInput |
|
||||
| gemini_user_test.js:8:21:8:39 | req.query.userInput | semmle.label | req.query.userInput |
|
||||
| gemini_user_test.js:14:15:14:23 | userInput | semmle.label | userInput |
|
||||
@@ -116,6 +131,7 @@ nodes
|
||||
| gemini_user_test.js:44:13:44:21 | userInput | semmle.label | userInput |
|
||||
| gemini_user_test.js:51:13:51:21 | userInput | semmle.label | userInput |
|
||||
| gemini_user_test.js:58:13:58:21 | userInput | semmle.label | userInput |
|
||||
| gemini_user_test.js:66:17:66:25 | userInput | semmle.label | userInput |
|
||||
| langchain_user_test.js:13:9:13:17 | userInput | semmle.label | userInput |
|
||||
| langchain_user_test.js:13:21:13:39 | req.query.userInput | semmle.label | req.query.userInput |
|
||||
| langchain_user_test.js:18:26:18:34 | userInput | semmle.label | userInput |
|
||||
@@ -144,15 +160,19 @@ nodes
|
||||
| openai_user_test.js:67:13:67:21 | userInput | semmle.label | userInput |
|
||||
| openai_user_test.js:72:13:72:21 | userInput | semmle.label | userInput |
|
||||
| openai_user_test.js:76:13:76:21 | userInput | semmle.label | userInput |
|
||||
| openai_user_test.js:83:13:83:21 | userInput | semmle.label | userInput |
|
||||
| openai_user_test.js:89:13:89:21 | userInput | semmle.label | userInput |
|
||||
| openai_user_test.js:95:14:95:22 | userInput | semmle.label | userInput |
|
||||
| openai_user_test.js:101:12:101:20 | userInput | semmle.label | userInput |
|
||||
| openai_user_test.js:148:12:148:20 | userInput | semmle.label | userInput |
|
||||
| openai_user_test.js:192:20:192:28 | userInput | semmle.label | userInput |
|
||||
| openai_user_test.js:196:30:196:38 | userInput | semmle.label | userInput |
|
||||
| openai_user_test.js:201:27:201:35 | userInput | semmle.label | userInput |
|
||||
| openai_user_test.js:205:30:205:38 | userInput | semmle.label | userInput |
|
||||
| openai_user_test.js:82:13:82:21 | userInput | semmle.label | userInput |
|
||||
| openai_user_test.js:86:13:86:21 | userInput | semmle.label | userInput |
|
||||
| openai_user_test.js:90:13:90:21 | userInput | semmle.label | userInput |
|
||||
| openai_user_test.js:96:13:96:21 | userInput | semmle.label | userInput |
|
||||
| openai_user_test.js:103:13:103:21 | userInput | semmle.label | userInput |
|
||||
| openai_user_test.js:109:13:109:21 | userInput | semmle.label | userInput |
|
||||
| openai_user_test.js:115:14:115:22 | userInput | semmle.label | userInput |
|
||||
| openai_user_test.js:121:12:121:20 | userInput | semmle.label | userInput |
|
||||
| openai_user_test.js:168:12:168:20 | userInput | semmle.label | userInput |
|
||||
| openai_user_test.js:212:20:212:28 | userInput | semmle.label | userInput |
|
||||
| openai_user_test.js:216:30:216:38 | userInput | semmle.label | userInput |
|
||||
| openai_user_test.js:221:27:221:35 | userInput | semmle.label | userInput |
|
||||
| openai_user_test.js:225:30:225:38 | userInput | semmle.label | userInput |
|
||||
| openrouter_user_test.js:12:9:12:17 | userInput | semmle.label | userInput |
|
||||
| openrouter_user_test.js:12:21:12:39 | req.query.userInput | semmle.label | req.query.userInput |
|
||||
| openrouter_user_test.js:22:18:22:26 | userInput | semmle.label | userInput |
|
||||
|
||||
@@ -33,6 +33,14 @@ app.get("/test", async (req, res) => {
|
||||
],
|
||||
});
|
||||
|
||||
// === Legacy Text Completions API (SHOULD ALERT) ===
|
||||
|
||||
await client.completions.create({
|
||||
model: "claude-2.1",
|
||||
max_tokens_to_sample: 1024,
|
||||
prompt: `\n\nHuman: ${userInput}\n\nAssistant:`, // $ Alert[js/user-prompt-injection]
|
||||
});
|
||||
|
||||
// === Constant comparison sanitizer (SHOULD NOT ALERT) ===
|
||||
|
||||
const userInput2 = req.query.userInput2;
|
||||
|
||||
@@ -58,6 +58,15 @@ app.get("/test", async (req, res) => {
|
||||
prompt: userInput, // $ Alert[js/user-prompt-injection]
|
||||
});
|
||||
|
||||
// === caches.create: config.contents (SHOULD ALERT) ===
|
||||
|
||||
await ai.caches.create({
|
||||
model: "gemini-2.0-flash",
|
||||
config: {
|
||||
contents: userInput, // $ Alert[js/user-prompt-injection]
|
||||
},
|
||||
});
|
||||
|
||||
// === Constant comparison sanitizer (SHOULD NOT ALERT) ===
|
||||
|
||||
const userInput2 = req.query.userInput2;
|
||||
|
||||
@@ -76,6 +76,26 @@ app.get("/test", async (req, res) => {
|
||||
prompt: userInput, // $ Alert[js/user-prompt-injection]
|
||||
});
|
||||
|
||||
// Videos API (Sora)
|
||||
await client.videos.create({
|
||||
model: "sora-2",
|
||||
prompt: userInput, // $ Alert[js/user-prompt-injection]
|
||||
});
|
||||
|
||||
await client.videos.edit({
|
||||
prompt: userInput, // $ Alert[js/user-prompt-injection]
|
||||
});
|
||||
|
||||
await client.videos.remix("video_123", {
|
||||
prompt: userInput, // $ Alert[js/user-prompt-injection]
|
||||
});
|
||||
|
||||
await client.videos.extend({
|
||||
video: { id: "video_123" },
|
||||
seconds: 4,
|
||||
prompt: userInput, // $ Alert[js/user-prompt-injection]
|
||||
});
|
||||
|
||||
// Audio API
|
||||
await client.audio.transcriptions.create({
|
||||
file: "audio.mp3",
|
||||
|
||||
Reference in New Issue
Block a user