mirror of
https://github.com/github/codeql.git
synced 2026-06-19 11:51:08 +02:00
db493ef30a
Replace the experimental py/prompt-injection query with two queries mirroring the JavaScript split: - py/system-prompt-injection (system prompt / tool description / developer prompt) - py/user-prompt-injection (user-role prompt) Supports OpenAI (+Agents), Anthropic, Google GenAI, LangChain and OpenRouter via MaD models plus role-filtered framework sinks that MaD cannot express. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
19 lines
1.0 KiB
YAML
19 lines
1.0 KiB
YAML
extensions:
|
|
- addsTo:
|
|
pack: codeql/python-all
|
|
extensible: sinkModel
|
|
data:
|
|
# `system_instruction` on the generation config is a system-level prompt
|
|
- ['google.genai', 'Member[types].Member[GenerateContentConfig].Argument[system_instruction:]', 'system-prompt-injection']
|
|
# User-level content
|
|
- ['GoogleGenAI', 'Member[models].Member[generate_content,generate_content_stream].Argument[contents:]', 'user-prompt-injection']
|
|
- ['GoogleGenAI', 'Member[models].Member[generate_images,generate_videos].Argument[prompt:]', 'user-prompt-injection']
|
|
- ['GoogleGenAI', 'Member[chats].Member[create].ReturnValue.Member[send_message,send_message_stream].Argument[0]', 'user-prompt-injection']
|
|
- ['GoogleGenAI', 'Member[chats].Member[create].ReturnValue.Member[send_message,send_message_stream].Argument[message:]', 'user-prompt-injection']
|
|
|
|
- addsTo:
|
|
pack: codeql/python-all
|
|
extensible: typeModel
|
|
data:
|
|
- ['GoogleGenAI', 'google.genai', 'Member[Client].ReturnValue']
|