hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-12 16:31:10 +02:00
Code Issues Packages Projects Releases Wiki Activity

Promote user prompt injection query to stable security

Browse Source 
Move UserPromptInjection out of experimental into stable JavaScript security locations.

Set js/user-prompt-injection precision to low and remove experimental tagging.

Move supporting dataflow libraries, qhelp/examples, and tests to stable paths and update references.
This commit is contained in:
BazookaMusic
2026-06-11 11:28:14 +02:00
parent d0ffde8c45
commit e612db2ec9
14 changed files with 6 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
javascript/ql/src/experimental/semmle/javascript/security/PromptInjection/UserPromptInjectionCustomizations.qll → javascript/ql/lib/semmle/javascript/security/dataflow/UserPromptInjectionCustomizations.qll
View File

4
javascript/ql/src/experimental/semmle/javascript/security/PromptInjection/UserPromptinjectionQuery.qll → javascript/ql/lib/semmle/javascript/security/dataflow/UserPromptInjectionQuery.qll
View File

@@ -2,8 +2,8 @@
* Provides a taint-tracking configuration for detecting "prompt injection" vulnerabilities.
*
* Note, for performance reasons: only import this file if
* `PromptInjection::Configuration` is needed, otherwise
* `PromptInjectionCustomizations` should be imported instead.
* `UserPromptInjectionFlow::Configuration` is needed, otherwise
* `UserPromptInjectionCustomizations` should be imported instead.
*/
private import javascript

2
javascript/ql/src/experimental/Security/CWE-1427/UserPromptInjection.qhelp → javascript/ql/src/Security/CWE-1427/UserPromptInjection.qhelp
View File

@@ -20,7 +20,7 @@ context, or trigger unintended tool calls.</p>
<ul>
<li>Ensure that all data flowing into user-input is intended and necessary for the purpose of the AI system.</li>
<li>Ensure the system prompt clearly describes the purpose, scope and boundaries of the AI system. Instruct the system to deny input that falls outside these boundaries.</li>
<li>If creating a prompt out of multiple user-controlled values, assume that each of them can be malicious. Ensure the range of possible values is restricted and validated.
<li>If creating a prompt out of multiple user-controlled values, assume that each of them can be malicious. Ensure the range of possible values is restricted and validated.
For example, if a prompt includes a question and the intended language to respond in, validate that the language is one of the supported options.</li>
<li>Consider using guardrails on the input like the OpenAI guardrails library to enforce constraints and prevent malicious content from being processed.</li>
<li>Apply output filtering to detect and block responses that indicate prompt injection attempts.</li>

5
javascript/ql/src/experimental/Security/CWE-1427/UserPromptInjection.ql → javascript/ql/src/Security/CWE-1427/UserPromptInjection.ql
View File

@@ -5,15 +5,14 @@
* @kind path-problem
* @problem.severity warning
* @security-severity 5.0
* @precision medium
* @precision low
* @id js/user-prompt-injection
* @tags security
* experimental
* external/cwe/cwe-1427
*/
import javascript
import experimental.semmle.javascript.security.PromptInjection.UserPromptinjectionQuery
import semmle.javascript.security.dataflow.UserPromptInjectionQuery
import UserPromptInjectionFlow::PathGraph
from UserPromptInjectionFlow::PathNode source, UserPromptInjectionFlow::PathNode sink

0
javascript/ql/src/experimental/Security/CWE-1427/examples/user-prompt-injection.js → javascript/ql/src/Security/CWE-1427/examples/user-prompt-injection.js
View File

0
javascript/ql/src/experimental/Security/CWE-1427/examples/user-prompt-injection_fixed.js → javascript/ql/src/Security/CWE-1427/examples/user-prompt-injection_fixed.js
View File

0
javascript/ql/test/experimental/Security/CWE-1427/UserPromptInjection/UserPromptInjection.expected → javascript/ql/test/Security/CWE-1427/UserPromptInjection/UserPromptInjection.expected
View File

1
javascript/ql/test/Security/CWE-1427/UserPromptInjection/UserPromptInjection.qlref Normal file
View File

@@ -0,0 +1 @@
Security/CWE-1427/UserPromptInjection.ql

0
javascript/ql/test/experimental/Security/CWE-1427/UserPromptInjection/anthropic_user_test.js → javascript/ql/test/Security/CWE-1427/UserPromptInjection/anthropic_user_test.js
View File

0
javascript/ql/test/experimental/Security/CWE-1427/UserPromptInjection/gemini_user_test.js → javascript/ql/test/Security/CWE-1427/UserPromptInjection/gemini_user_test.js
View File

0
javascript/ql/test/experimental/Security/CWE-1427/UserPromptInjection/langchain_user_test.js → javascript/ql/test/Security/CWE-1427/UserPromptInjection/langchain_user_test.js
View File

0
javascript/ql/test/experimental/Security/CWE-1427/UserPromptInjection/openai_user_test.js → javascript/ql/test/Security/CWE-1427/UserPromptInjection/openai_user_test.js
View File

0
javascript/ql/test/experimental/Security/CWE-1427/UserPromptInjection/openrouter_user_test.js → javascript/ql/test/Security/CWE-1427/UserPromptInjection/openrouter_user_test.js
View File

1
javascript/ql/test/experimental/Security/CWE-1427/UserPromptInjection/UserPromptInjection.qlref
View File

@@ -1 +0,0 @@
experimental/Security/CWE-1427/UserPromptInjection.ql