Skip to content

Commit a9d0a16

Browse files
committed
Fix missing predicate
1 parent bacecb7 commit a9d0a16

File tree

3 files changed

+15
-4
lines changed

3 files changed

+15
-4
lines changed

python/ql/lib/semmle/python/frameworks/OpenAI.qll

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -25,6 +25,12 @@ module Agent {
2525
* See https://github.com/openai/openai-python.
2626
*/
2727
module OpenAI {
28+
/** Gets a reference to `openai.OpenAI`, `openai.AsyncOpenAI` and `openai.AzureOpenAI`classes. */
29+
API::Node classRef() {
30+
result = API::moduleImport("openai").getMember(["OpenAI", "AsyncOpenAI", "AzureOpenAI"])
31+
}
32+
33+
/** Gets a reference to a potential property of `openai.OpenAI called instructions which refers to the system prompt. */
2834
API::Node sink() {
2935
result =
3036
classRef()

python/ql/lib/semmle/python/security/dataflow/PromptInjectionCustomizations.qll

Lines changed: 8 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,13 @@ private import semmle.python.Concepts
1010
private import semmle.python.dataflow.new.RemoteFlowSources
1111
private import semmle.python.dataflow.new.BarrierGuards
1212
private import semmle.python.frameworks.OpenAI
13+
private import semmle.python.frameworks.data.ModelsAsData
1314

15+
/**
16+
* Provides default sources, sinks and sanitizers for detecting
17+
* "prompt injection"
18+
* vulnerabilities, as well as extension points for adding your own.
19+
*/
1420
module PromptInjection {
1521
/**
1622
* A data flow source for "prompt injection" vulnerabilities.
@@ -39,9 +45,7 @@ module PromptInjection {
3945
SystemPromptSink() { this = Agent::sink().asSink() or this = OpenAI::sink().asSink() }
4046
}
4147

42-
private import semmle.python.frameworks.data.ModelsAsData
43-
44-
private class DataAsPromptSink extends Sink {
45-
DataAsPromptSink() { this = ModelOutput::getASinkNode("prompt-injection").asSink() }
48+
private class SinkFromModel extends Sink {
49+
SinkFromModel() { this = ModelOutput::getASinkNode("prompt-injection").asSink() }
4650
}
4751
}

python/ql/src/Security/CWE-1427/PromptInjection.ql

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,5 @@
11
/**
2+
* @name Prompt injection
23
* @kind path-problem
34
* @problem.severity error
45
* @security-severity 5.0

0 commit comments

Comments
 (0)