Skip to content

Commit 72bc52b

Browse files
BazookaMusicCopilot
BazookaMusic
and
Copilot
committed
Python: promote prompt injection queries from experimental to production
Mirror the JavaScript layout from PR #21953: - Move SystemPromptInjection.ql / UserPromptInjection.ql to src/Security/CWE-1427 - Move customizations, query and framework libs to python/ql/lib - Move the AIPrompt concept to the production Concepts.qll - Drop the experimental tag; py/system-prompt-injection (high precision) now joins the code-scanning, security-extended and security-and-quality suites, while py/user-prompt-injection (low precision) stays out of the default suites - Move query tests to python/ql/test/query-tests/Security Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
1 parent db493ef commit 72bc52b

43 files changed

Lines changed: 42 additions & 45 deletions

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

python/ql/integration-tests/query-suite/not_included_in_qls.expected

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -54,6 +54,7 @@ ql/python/ql/src/Metrics/NumberOfStatements.ql
5454
ql/python/ql/src/Metrics/TransitiveImports.ql
5555
ql/python/ql/src/Security/CWE-020-ExternalAPIs/ExternalAPIsUsedWithUntrustedData.ql
5656
ql/python/ql/src/Security/CWE-020-ExternalAPIs/UntrustedDataToExternalAPI.ql
57+
ql/python/ql/src/Security/CWE-1427/UserPromptInjection.ql
5758
ql/python/ql/src/Security/CWE-798/HardcodedCredentials.ql
5859
ql/python/ql/src/Statements/C_StyleParentheses.ql
5960
ql/python/ql/src/Statements/DocStrings.ql
@@ -87,8 +88,6 @@ ql/python/ql/src/experimental/Security/CWE-079/EmailXss.ql
8788
ql/python/ql/src/experimental/Security/CWE-091/XsltInjection.ql
8889
ql/python/ql/src/experimental/Security/CWE-094/Js2Py.ql
8990
ql/python/ql/src/experimental/Security/CWE-1236/CsvInjection.ql
90-
ql/python/ql/src/experimental/Security/CWE-1427/SystemPromptInjection.ql
91-
ql/python/ql/src/experimental/Security/CWE-1427/UserPromptInjection.ql
9291
ql/python/ql/src/experimental/Security/CWE-176/UnicodeBypassValidation.ql
9392
ql/python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstHash/PossibleTimingAttackAgainstHash.ql
9493
ql/python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstHash/TimingAttackAgainstHash.ql

python/ql/integration-tests/query-suite/python-code-scanning.qls.expected

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,7 @@ ql/python/ql/src/Security/CWE-1004/NonHttpOnlyCookie.ql
1717
ql/python/ql/src/Security/CWE-113/HeaderInjection.ql
1818
ql/python/ql/src/Security/CWE-116/BadTagFilter.ql
1919
ql/python/ql/src/Security/CWE-1275/SameSiteNoneCookie.ql
20+
ql/python/ql/src/Security/CWE-1427/SystemPromptInjection.ql
2021
ql/python/ql/src/Security/CWE-209/StackTraceExposure.ql
2122
ql/python/ql/src/Security/CWE-215/FlaskDebug.ql
2223
ql/python/ql/src/Security/CWE-285/PamAuthorization.ql

python/ql/integration-tests/query-suite/python-security-and-quality.qls.expected

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -111,6 +111,7 @@ ql/python/ql/src/Security/CWE-113/HeaderInjection.ql
111111
ql/python/ql/src/Security/CWE-116/BadTagFilter.ql
112112
ql/python/ql/src/Security/CWE-117/LogInjection.ql
113113
ql/python/ql/src/Security/CWE-1275/SameSiteNoneCookie.ql
114+
ql/python/ql/src/Security/CWE-1427/SystemPromptInjection.ql
114115
ql/python/ql/src/Security/CWE-209/StackTraceExposure.ql
115116
ql/python/ql/src/Security/CWE-215/FlaskDebug.ql
116117
ql/python/ql/src/Security/CWE-285/PamAuthorization.ql

python/ql/integration-tests/query-suite/python-security-extended.qls.expected

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,7 @@ ql/python/ql/src/Security/CWE-113/HeaderInjection.ql
2121
ql/python/ql/src/Security/CWE-116/BadTagFilter.ql
2222
ql/python/ql/src/Security/CWE-117/LogInjection.ql
2323
ql/python/ql/src/Security/CWE-1275/SameSiteNoneCookie.ql
24+
ql/python/ql/src/Security/CWE-1427/SystemPromptInjection.ql
2425
ql/python/ql/src/Security/CWE-209/StackTraceExposure.ql
2526
ql/python/ql/src/Security/CWE-215/FlaskDebug.ql
2627
ql/python/ql/src/Security/CWE-285/PamAuthorization.ql

python/ql/lib/semmle/python/Concepts.qll

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1794,3 +1794,28 @@ module Cryptography {
17941794

17951795
import ConceptsShared::Cryptography
17961796
}
1797+
1798+
/**
1799+
* A data-flow node that prompts an AI model.
1800+
*
1801+
* Extend this class to refine existing API models. If you want to model new APIs,
1802+
* extend `AIPrompt::Range` instead.
1803+
*/
1804+
class AIPrompt extends DataFlow::Node instanceof AIPrompt::Range {
1805+
/** Gets an input that is used as AI prompt. */
1806+
DataFlow::Node getAPrompt() { result = super.getAPrompt() }
1807+
}
1808+
1809+
/** Provides a class for modeling new AI prompting mechanisms. */
1810+
module AIPrompt {
1811+
/**
1812+
* A data-flow node that prompts an AI model.
1813+
*
1814+
* Extend this class to model new APIs. If you want to refine existing API models,
1815+
* extend `AIPrompt` instead.
1816+
*/
1817+
abstract class Range extends DataFlow::Node {
1818+
/** Gets an input that is used as AI prompt. */
1819+
abstract DataFlow::Node getAPrompt();
1820+
}
1821+
}

python/ql/src/experimental/semmle/python/frameworks/Anthropic.qll renamed to python/ql/lib/semmle/python/frameworks/Anthropic.qll

File renamed without changes.

python/ql/src/experimental/semmle/python/frameworks/GoogleGenAI.qll renamed to python/ql/lib/semmle/python/frameworks/GoogleGenAI.qll

File renamed without changes.

python/ql/src/experimental/semmle/python/frameworks/OpenAI.qll renamed to python/ql/lib/semmle/python/frameworks/OpenAI.qll

File renamed without changes.

python/ql/src/experimental/semmle/python/frameworks/OpenRouter.qll renamed to python/ql/lib/semmle/python/frameworks/OpenRouter.qll

File renamed without changes.

python/ql/src/experimental/semmle/python/security/dataflow/SystemPromptInjectionCustomizations.qll renamed to python/ql/lib/semmle/python/security/dataflow/SystemPromptInjectionCustomizations.qll

Lines changed: 4 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -7,15 +7,14 @@
77
import python
88
private import semmle.python.dataflow.new.DataFlow
99
private import semmle.python.Concepts
10-
private import experimental.semmle.python.Concepts
1110
private import semmle.python.ApiGraphs
1211
private import semmle.python.dataflow.new.RemoteFlowSources
1312
private import semmle.python.dataflow.new.BarrierGuards
1413
private import semmle.python.frameworks.data.ModelsAsData
15-
private import experimental.semmle.python.frameworks.OpenAI
16-
private import experimental.semmle.python.frameworks.Anthropic
17-
private import experimental.semmle.python.frameworks.GoogleGenAI
18-
private import experimental.semmle.python.frameworks.OpenRouter
14+
private import semmle.python.frameworks.OpenAI
15+
private import semmle.python.frameworks.Anthropic
16+
private import semmle.python.frameworks.GoogleGenAI
17+
private import semmle.python.frameworks.OpenRouter
1918

2019
/**
2120
* Provides default sources, sinks and sanitizers for detecting

0 commit comments

Comments
 (0)