hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-20 04:11:07 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
93a26cb6c0f90cdfb33297784ecc581caae25d29
codeql/javascript/ql/lib/semmle/javascript/security/dataflow/UserPromptInjectionCustomizations.qll
BazookaMusic e612db2ec9 Promote user prompt injection query to stable security 
Move UserPromptInjection out of experimental into stable JavaScript security locations.

Set js/user-prompt-injection precision to low and remove experimental tagging.

Move supporting dataflow libraries, qhelp/examples, and tests to stable paths and update references.
2026-06-11 11:28:14 +02:00

71 lines
2.2 KiB
Plaintext
Raw Blame History

/**
* Provides default sources, sinks and sanitizers for detecting
* "user prompt injection"
* vulnerabilities, as well as extension points for adding your own.
*/
import javascript
private import semmle.javascript.dataflow.DataFlow
private import semmle.javascript.Concepts
private import semmle.javascript.security.dataflow.RemoteFlowSources
private import semmle.javascript.dataflow.internal.BarrierGuards
private import semmle.javascript.frameworks.data.ModelsAsData
private import semmle.javascript.frameworks.OpenAI
private import semmle.javascript.frameworks.Anthropic
private import semmle.javascript.frameworks.GoogleGenAI
private import semmle.javascript.frameworks.OpenRouter
/**
* Provides default sources, sinks and sanitizers for detecting
* "user prompt injection"
* vulnerabilities, as well as extension points for adding your own.
*/
module UserPromptInjection {
/**
* A data flow source for "user prompt injection" vulnerabilities.
*/
abstract class Source extends DataFlow::Node { }
/**
* A data flow sink for "user prompt injection" vulnerabilities.
*/
abstract class Sink extends DataFlow::Node { }
/**
* A sanitizer for "user prompt injection" vulnerabilities.
*/
abstract class Sanitizer extends DataFlow::Node { }
/**
* An active threat-model source, considered as a flow source.
*/
private class ActiveThreatModelSourceAsSource extends Source, ActiveThreatModelSource { }
/**
* A prompt to an AI model, considered as a flow sink.
*/
class AIPromptAsSink extends Sink {
AIPromptAsSink() { this = any(AIPrompt p).getAPrompt() }
}
private class SinkFromModel extends Sink {
SinkFromModel() { this = ModelOutput::getASinkNode("user-prompt-injection").asSink() }
}
private class PromptContentSink extends Sink {
PromptContentSink() {
this = OpenAI::getUserPromptNode().asSink()
or
this = Anthropic::getUserPromptNode().asSink()
or
this = GoogleGenAI::getUserPromptNode().asSink()
or
this = AgentSdk::getUserPromptNode().asSink()
or
this = OpenRouter::getUserPromptNode().asSink()
or
this = OpenRouterAgent::getUserPromptNode().asSink()
}
}
}
Reference in New Issue View Git Blame Copy Permalink