Skip to content

Commit 7bd5abf

Browse files
BazookaMusicBazookaMusic
committed
Refine SystemPromptInjection alert message and move test to stable
Update the alert message to "This system prompt depends on a $@." matching the SQL injection query style, and move the test out of experimental into Security/CWE-1427 to mirror the stable query location.
1 parent e612db2 commit 7bd5abf

9 files changed

Lines changed: 49 additions & 49 deletions

File tree

javascript/ql/src/Security/CWE-1427/SystemPromptInjection.ql

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,5 +15,5 @@ import SystemPromptInjectionFlow::PathGraph
1515

1616
from SystemPromptInjectionFlow::PathNode source, SystemPromptInjectionFlow::PathNode sink
1717
where SystemPromptInjectionFlow::flowPath(source, sink)
18-
select sink.getNode(), source, sink, "This prompt construction depends on a $@.", source.getNode(),
18+
select sink.getNode(), source, sink, "This system prompt depends on a $@.", source.getNode(),
1919
"user-provided value"

javascript/ql/test/experimental/Security/CWE-1427/SystemPromptInjection/SystemPromptInjection.expected renamed to javascript/ql/test/Security/CWE-1427/SystemPromptInjection/SystemPromptInjection.expected

Lines changed: 48 additions & 48 deletions
Large diffs are not rendered by default.

javascript/ql/test/experimental/Security/CWE-1427/SystemPromptInjection/SystemPromptInjection.qlref renamed to javascript/ql/test/Security/CWE-1427/SystemPromptInjection/SystemPromptInjection.qlref

File renamed without changes.

javascript/ql/test/experimental/Security/CWE-1427/SystemPromptInjection/agents_test.js renamed to javascript/ql/test/Security/CWE-1427/SystemPromptInjection/agents_test.js

File renamed without changes.

javascript/ql/test/experimental/Security/CWE-1427/SystemPromptInjection/anthropic_test.js renamed to javascript/ql/test/Security/CWE-1427/SystemPromptInjection/anthropic_test.js

File renamed without changes.

javascript/ql/test/experimental/Security/CWE-1427/SystemPromptInjection/gemini_test.js renamed to javascript/ql/test/Security/CWE-1427/SystemPromptInjection/gemini_test.js

File renamed without changes.

javascript/ql/test/experimental/Security/CWE-1427/SystemPromptInjection/langchain_test.js renamed to javascript/ql/test/Security/CWE-1427/SystemPromptInjection/langchain_test.js

File renamed without changes.

javascript/ql/test/experimental/Security/CWE-1427/SystemPromptInjection/openai_test.js renamed to javascript/ql/test/Security/CWE-1427/SystemPromptInjection/openai_test.js

File renamed without changes.

javascript/ql/test/experimental/Security/CWE-1427/SystemPromptInjection/openrouter_test.js renamed to javascript/ql/test/Security/CWE-1427/SystemPromptInjection/openrouter_test.js

File renamed without changes.

0 commit comments

Comments
 (0)