@elliotllliu/agent-shield 0.3.1 → 0.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +253 -170
- package/README.zh-CN.md +153 -72
- package/dist/cli.js +140 -8
- package/dist/cli.js.map +1 -1
- package/dist/config.d.ts +4 -4
- package/dist/config.js +5 -5
- package/dist/config.js.map +1 -1
- package/dist/discover.js +1 -1
- package/dist/discover.js.map +1 -1
- package/dist/llm/anthropic.js +1 -1
- package/dist/llm/anthropic.js.map +1 -1
- package/dist/llm/ollama.js +1 -1
- package/dist/llm/ollama.js.map +1 -1
- package/dist/llm/openai.js +1 -1
- package/dist/llm/openai.js.map +1 -1
- package/dist/llm/prompt.d.ts +1 -1
- package/dist/llm/prompt.js +1 -1
- package/dist/llm/types.d.ts +1 -1
- package/dist/llm-analyzer.js +7 -6
- package/dist/llm-analyzer.js.map +1 -1
- package/dist/reporter/badge.js +1 -1
- package/dist/reporter/badge.js.map +1 -1
- package/dist/reporter/terminal.js +32 -18
- package/dist/reporter/terminal.js.map +1 -1
- package/dist/rules/attack-chain.d.ts +2 -0
- package/dist/rules/attack-chain.js +177 -0
- package/dist/rules/attack-chain.js.map +1 -0
- package/dist/rules/backdoor.js +18 -16
- package/dist/rules/backdoor.js.map +1 -1
- package/dist/rules/credential-hardcode.js +1 -1
- package/dist/rules/credential-hardcode.js.map +1 -1
- package/dist/rules/cross-file.d.ts +2 -0
- package/dist/rules/cross-file.js +234 -0
- package/dist/rules/cross-file.js.map +1 -0
- package/dist/rules/crypto-mining.js +1 -1
- package/dist/rules/crypto-mining.js.map +1 -1
- package/dist/rules/data-exfil.js +15 -4
- package/dist/rules/data-exfil.js.map +1 -1
- package/dist/rules/description-integrity.d.ts +2 -0
- package/dist/rules/description-integrity.js +204 -0
- package/dist/rules/description-integrity.js.map +1 -0
- package/dist/rules/env-leak.js +1 -1
- package/dist/rules/env-leak.js.map +1 -1
- package/dist/rules/excessive-perms.js +2 -2
- package/dist/rules/excessive-perms.js.map +1 -1
- package/dist/rules/hidden-files.js +2 -2
- package/dist/rules/hidden-files.js.map +1 -1
- package/dist/rules/index.js +21 -0
- package/dist/rules/index.js.map +1 -1
- package/dist/rules/mcp-manifest.js +14 -14
- package/dist/rules/mcp-manifest.js.map +1 -1
- package/dist/rules/mcp-runtime.d.ts +2 -0
- package/dist/rules/mcp-runtime.js +202 -0
- package/dist/rules/mcp-runtime.js.map +1 -0
- package/dist/rules/multilang-injection.d.ts +2 -0
- package/dist/rules/multilang-injection.js +107 -0
- package/dist/rules/multilang-injection.js.map +1 -0
- package/dist/rules/network-ssrf.js +8 -8
- package/dist/rules/network-ssrf.js.map +1 -1
- package/dist/rules/obfuscation.js +6 -6
- package/dist/rules/obfuscation.js.map +1 -1
- package/dist/rules/phone-home.js +1 -1
- package/dist/rules/phone-home.js.map +1 -1
- package/dist/rules/privilege.js +4 -4
- package/dist/rules/privilege.js.map +1 -1
- package/dist/rules/prompt-injection.js +99 -83
- package/dist/rules/prompt-injection.js.map +1 -1
- package/dist/rules/python-ast.d.ts +2 -0
- package/dist/rules/python-ast.js +109 -0
- package/dist/rules/python-ast.js.map +1 -0
- package/dist/rules/python-security.d.ts +2 -0
- package/dist/rules/python-security.js +91 -0
- package/dist/rules/python-security.js.map +1 -0
- package/dist/rules/reverse-shell.js +1 -1
- package/dist/rules/reverse-shell.js.map +1 -1
- package/dist/rules/sensitive-read.js +1 -1
- package/dist/rules/sensitive-read.js.map +1 -1
- package/dist/rules/skill-risks.js +5 -5
- package/dist/rules/skill-risks.js.map +1 -1
- package/dist/rules/supply-chain.js +4 -4
- package/dist/rules/supply-chain.js.map +1 -1
- package/dist/rules/tool-shadowing.js +3 -3
- package/dist/rules/tool-shadowing.js.map +1 -1
- package/dist/rules/toxic-flow.js +3 -3
- package/dist/rules/toxic-flow.js.map +1 -1
- package/dist/rules/typosquatting.js +1 -1
- package/dist/rules/typosquatting.js.map +1 -1
- package/dist/scanner/files.d.ts +4 -0
- package/dist/scanner/files.js +35 -1
- package/dist/scanner/files.js.map +1 -1
- package/dist/scanner/index.js +88 -13
- package/dist/scanner/index.js.map +1 -1
- package/dist/score.d.ts +5 -4
- package/dist/score.js +14 -7
- package/dist/score.js.map +1 -1
- package/dist/types.d.ts +8 -4
- package/package.json +22 -20
- package/src/analyzers/python_ast.py +304 -0
|
@@ -3,12 +3,12 @@
|
|
|
3
3
|
* Detects base64 decoding + eval/exec combos and other obfuscation patterns.
|
|
4
4
|
*/
|
|
5
5
|
const OBFUSCATION_PATTERNS = [
|
|
6
|
-
{ pattern: /atob\s*\(.*\beval\b|eval\s*\(.*\batob\b/, desc: "atob() + eval() combo", severity: "
|
|
7
|
-
{ pattern: /Buffer\.from\s*\([^)]*,\s*["']base64["']\).*\beval\b/, desc: "Base64 decode + eval()", severity: "
|
|
8
|
-
{ pattern: /Buffer\.from\s*\([^)]*,\s*["']base64["']\).*\bexec\b/, desc: "Base64 decode + exec()", severity: "
|
|
9
|
-
{ pattern: /\bString\.fromCharCode\s*\(/, desc: "String.fromCharCode() — potential obfuscation", severity: "
|
|
10
|
-
{ pattern: /\\x[0-9a-f]{2}\\x[0-9a-f]{2}\\x[0-9a-f]{2}/, desc: "Hex-encoded string sequence", severity: "
|
|
11
|
-
{ pattern: /\\u00[0-9a-f]{2}\\u00[0-9a-f]{2}/, desc: "Unicode-escaped string sequence", severity: "
|
|
6
|
+
{ pattern: /atob\s*\(.*\beval\b|eval\s*\(.*\batob\b/, desc: "atob() + eval() combo", severity: "high" },
|
|
7
|
+
{ pattern: /Buffer\.from\s*\([^)]*,\s*["']base64["']\).*\beval\b/, desc: "Base64 decode + eval()", severity: "high" },
|
|
8
|
+
{ pattern: /Buffer\.from\s*\([^)]*,\s*["']base64["']\).*\bexec\b/, desc: "Base64 decode + exec()", severity: "high" },
|
|
9
|
+
{ pattern: /\bString\.fromCharCode\s*\(/, desc: "String.fromCharCode() — potential obfuscation", severity: "medium" },
|
|
10
|
+
{ pattern: /\\x[0-9a-f]{2}\\x[0-9a-f]{2}\\x[0-9a-f]{2}/, desc: "Hex-encoded string sequence", severity: "medium" },
|
|
11
|
+
{ pattern: /\\u00[0-9a-f]{2}\\u00[0-9a-f]{2}/, desc: "Unicode-escaped string sequence", severity: "medium" },
|
|
12
12
|
];
|
|
13
13
|
export const obfuscationRule = {
|
|
14
14
|
id: "obfuscation",
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"obfuscation.js","sourceRoot":"","sources":["../../src/rules/obfuscation.ts"],"names":[],"mappings":"AAEA;;;GAGG;AAEH,MAAM,oBAAoB,GAIrB;IACH,EAAE,OAAO,EAAE,yCAAyC,EAAE,IAAI,EAAE,uBAAuB,EAAE,QAAQ,EAAE,
|
|
1
|
+
{"version":3,"file":"obfuscation.js","sourceRoot":"","sources":["../../src/rules/obfuscation.ts"],"names":[],"mappings":"AAEA;;;GAGG;AAEH,MAAM,oBAAoB,GAIrB;IACH,EAAE,OAAO,EAAE,yCAAyC,EAAE,IAAI,EAAE,uBAAuB,EAAE,QAAQ,EAAE,MAAM,EAAE;IACvG,EAAE,OAAO,EAAE,sDAAsD,EAAE,IAAI,EAAE,wBAAwB,EAAE,QAAQ,EAAE,MAAM,EAAE;IACrH,EAAE,OAAO,EAAE,sDAAsD,EAAE,IAAI,EAAE,wBAAwB,EAAE,QAAQ,EAAE,MAAM,EAAE;IACrH,EAAE,OAAO,EAAE,6BAA6B,EAAE,IAAI,EAAE,+CAA+C,EAAE,QAAQ,EAAE,QAAQ,EAAE;IACrH,EAAE,OAAO,EAAE,4CAA4C,EAAE,IAAI,EAAE,6BAA6B,EAAE,QAAQ,EAAE,QAAQ,EAAE;IAClH,EAAE,OAAO,EAAE,kCAAkC,EAAE,IAAI,EAAE,iCAAiC,EAAE,QAAQ,EAAE,QAAQ,EAAE;CAC7G,CAAC;AAEF,MAAM,CAAC,MAAM,eAAe,GAAS;IACnC,EAAE,EAAE,aAAa;IACjB,IAAI,EAAE,kBAAkB;IACxB,WAAW,EAAE,4EAA4E;IAEzF,GAAG,CAAC,KAAoB;QACtB,MAAM,QAAQ,GAAc,EAAE,CAAC;QAE/B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,IAAI,IAAI,CAAC,GAAG,KAAK,OAAO,IAAI,IAAI,CAAC,GAAG,KAAK,OAAO,IAAI,IAAI,CAAC,GAAG,KAAK,MAAM,IAAI,IAAI,CAAC,GAAG,KAAK,KAAK;gBAAE,SAAS;YAExG,kDAAkD;YAClD,KAAK,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,oBAAoB,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;gBAC3E,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;oBAC/B,+BAA+B;oBAC/B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;wBAC3C,IAAI,mBAAmB,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC,EAAE,CAAC;4BAC7C,QAAQ,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,aAAa,EAAE,QAAQ,EAAE,IAAI,EAAE,IAAI,CAAC,YAAY,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC;4BACrJ,MAAM;wBACR,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;YAED,oBAAoB;YACpB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC3C,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC;gBAC5B,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;gBACjC,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;oBAAE,SAAS;gBAElE,KAAK,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,oBAAoB,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;oBACxE,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;wBACvB,QAAQ,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,aAAa,EAAE,QAAQ,EAAE,IAAI,EAAE,IAAI,CAAC,YAAY,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC;wBAC3I,MAAM;oBACR,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF,CAAC"}
|
package/dist/rules/phone-home.js
CHANGED
|
@@ -21,7 +21,7 @@ export const phoneHomeRule = {
|
|
|
21
21
|
if (TIMER_RE.test(file.lines[i])) {
|
|
22
22
|
findings.push({
|
|
23
23
|
rule: "phone-home",
|
|
24
|
-
severity: "
|
|
24
|
+
severity: "medium",
|
|
25
25
|
file: file.relativePath,
|
|
26
26
|
line: i + 1,
|
|
27
27
|
message: "Periodic timer + HTTP request — possible beacon/phone-home pattern",
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"phone-home.js","sourceRoot":"","sources":["../../src/rules/phone-home.ts"],"names":[],"mappings":"AAEA;;;GAGG;AAEH,MAAM,QAAQ,GAAG,sFAAsF,CAAC;AACxG,MAAM,OAAO,GAAG,yEAAyE,CAAC;AAE1F,MAAM,CAAC,MAAM,aAAa,GAAS;IACjC,EAAE,EAAE,YAAY;IAChB,IAAI,EAAE,qBAAqB;IAC3B,WAAW,EAAE,gFAAgF;IAE7F,GAAG,CAAC,KAAoB;QACtB,MAAM,QAAQ,GAAc,EAAE,CAAC;QAE/B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,IAAI,IAAI,CAAC,GAAG,KAAK,OAAO,IAAI,IAAI,CAAC,GAAG,KAAK,OAAO,IAAI,IAAI,CAAC,GAAG,KAAK,MAAM,IAAI,IAAI,CAAC,GAAG,KAAK,KAAK;gBAAE,SAAS;YAExG,MAAM,QAAQ,GAAG,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAC7C,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAE3C,IAAI,QAAQ,IAAI,OAAO,EAAE,CAAC;gBACxB,sBAAsB;gBACtB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;oBAC3C,IAAI,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC,EAAE,CAAC;wBAClC,QAAQ,CAAC,IAAI,CAAC;4BACZ,IAAI,EAAE,YAAY;4BAClB,QAAQ,EAAE,
|
|
1
|
+
{"version":3,"file":"phone-home.js","sourceRoot":"","sources":["../../src/rules/phone-home.ts"],"names":[],"mappings":"AAEA;;;GAGG;AAEH,MAAM,QAAQ,GAAG,sFAAsF,CAAC;AACxG,MAAM,OAAO,GAAG,yEAAyE,CAAC;AAE1F,MAAM,CAAC,MAAM,aAAa,GAAS;IACjC,EAAE,EAAE,YAAY;IAChB,IAAI,EAAE,qBAAqB;IAC3B,WAAW,EAAE,gFAAgF;IAE7F,GAAG,CAAC,KAAoB;QACtB,MAAM,QAAQ,GAAc,EAAE,CAAC;QAE/B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,IAAI,IAAI,CAAC,GAAG,KAAK,OAAO,IAAI,IAAI,CAAC,GAAG,KAAK,OAAO,IAAI,IAAI,CAAC,GAAG,KAAK,MAAM,IAAI,IAAI,CAAC,GAAG,KAAK,KAAK;gBAAE,SAAS;YAExG,MAAM,QAAQ,GAAG,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAC7C,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAE3C,IAAI,QAAQ,IAAI,OAAO,EAAE,CAAC;gBACxB,sBAAsB;gBACtB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;oBAC3C,IAAI,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC,EAAE,CAAC;wBAClC,QAAQ,CAAC,IAAI,CAAC;4BACZ,IAAI,EAAE,YAAY;4BAClB,QAAQ,EAAE,QAAQ;4BAClB,IAAI,EAAE,IAAI,CAAC,YAAY;4BACvB,IAAI,EAAE,CAAC,GAAG,CAAC;4BACX,OAAO,EAAE,oEAAoE;4BAC7E,QAAQ,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;yBAC9C,CAAC,CAAC;wBACH,MAAM;oBACR,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF,CAAC"}
|
package/dist/rules/privilege.js
CHANGED
|
@@ -24,7 +24,7 @@ export const privilegeRule = {
|
|
|
24
24
|
// No SKILL.md — can't check permissions
|
|
25
25
|
findings.push({
|
|
26
26
|
rule: "privilege",
|
|
27
|
-
severity: "
|
|
27
|
+
severity: "low",
|
|
28
28
|
file: ".",
|
|
29
29
|
message: "No SKILL.md found — permission analysis skipped",
|
|
30
30
|
});
|
|
@@ -78,7 +78,7 @@ export const privilegeRule = {
|
|
|
78
78
|
const first = locations[0];
|
|
79
79
|
findings.push({
|
|
80
80
|
rule: "privilege",
|
|
81
|
-
severity: "
|
|
81
|
+
severity: "low",
|
|
82
82
|
file: first?.file || skillMd.relativePath,
|
|
83
83
|
line: first?.line,
|
|
84
84
|
message: `Code uses '${cap}' capability but SKILL.md doesn't declare it (found in ${locations.length} location${locations.length > 1 ? "s" : ""})`,
|
|
@@ -90,7 +90,7 @@ export const privilegeRule = {
|
|
|
90
90
|
if (!usedCapabilities.has(perm) && CAPABILITY_PATTERNS[perm]) {
|
|
91
91
|
findings.push({
|
|
92
92
|
rule: "privilege",
|
|
93
|
-
severity: "
|
|
93
|
+
severity: "low",
|
|
94
94
|
file: skillMd.relativePath,
|
|
95
95
|
message: `SKILL.md declares '${perm}' permission but code doesn't appear to use it`,
|
|
96
96
|
});
|
|
@@ -100,7 +100,7 @@ export const privilegeRule = {
|
|
|
100
100
|
if (usedCapabilities.size > 0) {
|
|
101
101
|
findings.push({
|
|
102
102
|
rule: "privilege",
|
|
103
|
-
severity: "
|
|
103
|
+
severity: "low",
|
|
104
104
|
file: skillMd.relativePath,
|
|
105
105
|
message: `Detected capabilities: ${[...usedCapabilities].join(", ")}`,
|
|
106
106
|
});
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"privilege.js","sourceRoot":"","sources":["../../src/rules/privilege.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,aAAa,CAAC;AAGjC;;;GAGG;AAEH,+DAA+D;AAC/D,MAAM,mBAAmB,GAA2B;IAClD,IAAI,EAAE,0EAA0E;IAChF,IAAI,EAAE,+CAA+C;IACrD,KAAK,EAAE,6DAA6D;IACpE,SAAS,EAAE,qEAAqE;IAChF,OAAO,EAAE,wDAAwD;IACjE,OAAO,EAAE,sCAAsC;CAChD,CAAC;AAEF,MAAM,CAAC,MAAM,aAAa,GAAS;IACjC,EAAE,EAAE,WAAW;IACf,IAAI,EAAE,oBAAoB;IAC1B,WAAW,EAAE,wEAAwE;IAErF,GAAG,CAAC,KAAoB;QACtB,MAAM,QAAQ,GAAc,EAAE,CAAC;QAE/B,gBAAgB;QAChB,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CACxB,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,YAAY,KAAK,UAAU,IAAI,CAAC,CAAC,YAAY,CAAC,QAAQ,CAAC,WAAW,CAAC,CAC7E,CAAC;QACF,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,wCAAwC;YACxC,QAAQ,CAAC,IAAI,CAAC;gBACZ,IAAI,EAAE,WAAW;gBACjB,QAAQ,EAAE,
|
|
1
|
+
{"version":3,"file":"privilege.js","sourceRoot":"","sources":["../../src/rules/privilege.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,aAAa,CAAC;AAGjC;;;GAGG;AAEH,+DAA+D;AAC/D,MAAM,mBAAmB,GAA2B;IAClD,IAAI,EAAE,0EAA0E;IAChF,IAAI,EAAE,+CAA+C;IACrD,KAAK,EAAE,6DAA6D;IACpE,SAAS,EAAE,qEAAqE;IAChF,OAAO,EAAE,wDAAwD;IACjE,OAAO,EAAE,sCAAsC;CAChD,CAAC;AAEF,MAAM,CAAC,MAAM,aAAa,GAAS;IACjC,EAAE,EAAE,WAAW;IACf,IAAI,EAAE,oBAAoB;IAC1B,WAAW,EAAE,wEAAwE;IAErF,GAAG,CAAC,KAAoB;QACtB,MAAM,QAAQ,GAAc,EAAE,CAAC;QAE/B,gBAAgB;QAChB,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CACxB,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,YAAY,KAAK,UAAU,IAAI,CAAC,CAAC,YAAY,CAAC,QAAQ,CAAC,WAAW,CAAC,CAC7E,CAAC;QACF,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,wCAAwC;YACxC,QAAQ,CAAC,IAAI,CAAC;gBACZ,IAAI,EAAE,WAAW;gBACjB,QAAQ,EAAE,KAAK;gBACf,IAAI,EAAE,GAAG;gBACT,OAAO,EAAE,iDAAiD;aAC3D,CAAC,CAAC;YACH,OAAO,QAAQ,CAAC;QAClB,CAAC;QAED,oBAAoB;QACpB,IAAI,IAAI,GAAkB,EAAE,CAAC;QAC7B,IAAI,CAAC;YACH,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;YACzC,IAAI,GAAG,IAAqB,CAAC;QAC/B,CAAC;QAAC,MAAM,CAAC;YACP,wBAAwB;QAC1B,CAAC;QAED,0DAA0D;QAC1D,MAAM,aAAa,GAAG,IAAI,GAAG,EAAU,CAAC;QACxC,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;YACpC,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;gBACjC,IAAI,OAAO,CAAC,KAAK,QAAQ;oBAAE,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;YAChE,CAAC;QACH,CAAC;QAED,kDAAkD;QAClD,MAAM,cAAc,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,6BAA6B,CAAC,CAAC;QAC5E,IAAI,cAAc,EAAE,CAAC;YACnB,KAAK,MAAM,CAAC,IAAI,cAAc,CAAC,CAAC,CAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACnD,IAAI,CAAC,CAAC,IAAI,EAAE;oBAAE,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,CAAC;YAC1D,CAAC;QACH,CAAC;QAED,8CAA8C;QAC9C,MAAM,SAAS,GAAG,KAAK,CAAC,MAAM,CAC5B,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,KAAK,IAAI,CAAC,CAAC,GAAG,KAAK,OAAO,IAAI,CAAC,CAAC,GAAG,KAAK,OAAO,IAAI,CAAC,CAAC,GAAG,KAAK,MAAM,CACrF,CAAC;QAEF,MAAM,gBAAgB,GAAG,IAAI,GAAG,EAAU,CAAC;QAC3C,MAAM,mBAAmB,GAAqD,EAAE,CAAC;QAEjF,KAAK,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;YAC7B,KAAK,MAAM,CAAC,GAAG,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,mBAAmB,CAAC,EAAE,CAAC;gBACjE,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;oBAC3C,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC,EAAE,CAAC;wBACjC,gBAAgB,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;wBAC1B,IAAI,CAAC,mBAAmB,CAAC,GAAG,CAAC;4BAAE,mBAAmB,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC;wBAC7D,mBAAmB,CAAC,GAAG,CAAE,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,YAAY,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;oBAC3E,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,iCAAiC;QACjC,KAAK,MAAM,GAAG,IAAI,gBAAgB,EAAE,CAAC;YACnC,IAAI,aAAa,CAAC,IAAI,GAAG,CAAC,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;gBACtD,MAAM,SAAS,GAAG,mBAAmB,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;gBACjD,MAAM,KAAK,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC;gBAC3B,QAAQ,CAAC,IAAI,CAAC;oBACZ,IAAI,EAAE,WAAW;oBACjB,QAAQ,EAAE,KAAK;oBACf,IAAI,EAAE,KAAK,EAAE,IAAI,IAAI,OAAO,CAAC,YAAY;oBACzC,IAAI,EAAE,KAAK,EAAE,IAAI;oBACjB,OAAO,EAAE,cAAc,GAAG,0DAA0D,SAAS,CAAC,MAAM,YAAY,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG;iBACnJ,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,yCAAyC;QACzC,KAAK,MAAM,IAAI,IAAI,aAAa,EAAE,CAAC;YACjC,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,mBAAmB,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC7D,QAAQ,CAAC,IAAI,CAAC;oBACZ,IAAI,EAAE,WAAW;oBACjB,QAAQ,EAAE,KAAK;oBACf,IAAI,EAAE,OAAO,CAAC,YAAY;oBAC1B,OAAO,EAAE,sBAAsB,IAAI,gDAAgD;iBACpF,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,mCAAmC;QACnC,IAAI,gBAAgB,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YAC9B,QAAQ,CAAC,IAAI,CAAC;gBACZ,IAAI,EAAE,WAAW;gBACjB,QAAQ,EAAE,KAAK;gBACf,IAAI,EAAE,OAAO,CAAC,YAAY;gBAC1B,OAAO,EAAE,0BAA0B,CAAC,GAAG,gBAAgB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;aACtE,CAAC,CAAC;QACL,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF,CAAC"}
|
|
@@ -16,160 +16,170 @@
|
|
|
16
16
|
// Category 1: Direct instruction override
|
|
17
17
|
// ============================================================
|
|
18
18
|
const INSTRUCTION_OVERRIDE = [
|
|
19
|
-
{ pattern: /ignore\s+(all\s+)?(previous|prior|above|earlier)\s+(instructions|rules|guidelines|prompts)/i, description: "Attempts to override previous instructions", severity: "
|
|
20
|
-
{ pattern: /disregard\s+(all\s+)?(previous|prior|above|your)\s+(instructions|rules|guidelines|safety)/i, description: "Attempts to disregard safety guidelines", severity: "
|
|
21
|
-
{ pattern: /forget\s+(everything|all|your)\s+(you|instructions|rules|about)/i, description: "Attempts to make agent forget instructions", severity: "
|
|
22
|
-
{ pattern: /new\s+instructions?\s*:/i, description: "Injects new instructions", severity: "
|
|
23
|
-
{ pattern: /override\s+(your|the|all|previous)\s+(instructions|rules|behavior|guidelines)/i, description: "Attempts to override agent behavior", severity: "
|
|
19
|
+
{ pattern: /ignore\s+(all\s+)?(previous|prior|above|earlier)\s+(instructions|rules|guidelines|prompts)/i, description: "Attempts to override previous instructions", severity: "medium" },
|
|
20
|
+
{ pattern: /disregard\s+(all\s+)?(previous|prior|above|your)\s+(instructions|rules|guidelines|safety)/i, description: "Attempts to disregard safety guidelines", severity: "medium" },
|
|
21
|
+
{ pattern: /forget\s+(everything|all|your)\s+(you|instructions|rules|about)/i, description: "Attempts to make agent forget instructions", severity: "medium" },
|
|
22
|
+
{ pattern: /new\s+instructions?\s*:/i, description: "Injects new instructions", severity: "medium" },
|
|
23
|
+
{ pattern: /override\s+(your|the|all|previous)\s+(instructions|rules|behavior|guidelines)/i, description: "Attempts to override agent behavior", severity: "medium" },
|
|
24
24
|
// Multi-language injection (Chinese)
|
|
25
|
-
{ pattern: /忽略\s*(之前|以上|先前|所有)[\s的]*(指令|规则|指示|提示|所有[\s的]*指令)/i, description: "Chinese: attempts to override instructions (忽略指令)", severity: "
|
|
26
|
-
{ pattern: /无视\s*(之前|以上|所有)\s*(的\s*)?(指令|规则|限制|安全)/i, description: "Chinese: disregard instructions (无视指令)", severity: "
|
|
25
|
+
{ pattern: /忽略\s*(之前|以上|先前|所有)[\s的]*(指令|规则|指示|提示|所有[\s的]*指令)/i, description: "Chinese: attempts to override instructions (忽略指令)", severity: "medium" },
|
|
26
|
+
{ pattern: /无视\s*(之前|以上|所有)\s*(的\s*)?(指令|规则|限制|安全)/i, description: "Chinese: disregard instructions (无视指令)", severity: "medium" },
|
|
27
27
|
// Multi-language injection (Spanish)
|
|
28
|
-
{ pattern: /ignora\s+(todas?\s+)?(las\s+)?(instrucciones|reglas)\s+(anteriores|previas)/i, description: "Spanish: ignore previous instructions", severity: "
|
|
28
|
+
{ pattern: /ignora\s+(todas?\s+)?(las\s+)?(instrucciones|reglas)\s+(anteriores|previas)/i, description: "Spanish: ignore previous instructions", severity: "medium" },
|
|
29
29
|
// Multi-language injection (French)
|
|
30
|
-
{ pattern: /ignore[rz]?\s+(toutes?\s+)?(les\s+)?(instructions|règles)\s+(précédentes|antérieures)/i, description: "French: ignore previous instructions", severity: "
|
|
30
|
+
{ pattern: /ignore[rz]?\s+(toutes?\s+)?(les\s+)?(instructions|règles)\s+(précédentes|antérieures)/i, description: "French: ignore previous instructions", severity: "medium" },
|
|
31
31
|
// Multi-language injection (German)
|
|
32
|
-
{ pattern: /ignorier(?:e|en)?\s+(alle\s+)?(vorherigen|bisherigen)\s+(Anweisungen|Regeln|Richtlinien)/i, description: "German: ignore previous instructions", severity: "
|
|
32
|
+
{ pattern: /ignorier(?:e|en)?\s+(alle\s+)?(vorherigen|bisherigen)\s+(Anweisungen|Regeln|Richtlinien)/i, description: "German: ignore previous instructions", severity: "medium" },
|
|
33
|
+
// Multi-language injection (Japanese)
|
|
34
|
+
{ pattern: /(?:以前|前|これまで)の(?:指示|命令|ルール|指令)を(?:すべて|全て)?(?:無視|忘れ|無効)/i, description: "Japanese: ignore previous instructions", severity: "medium" },
|
|
35
|
+
// Multi-language injection (Korean)
|
|
36
|
+
{ pattern: /(?:이전|이전의|모든)\s*(?:지시|명령|규칙|지침)(?:을|를)\s*(?:무시|잊어|무효)/i, description: "Korean: ignore previous instructions", severity: "medium" },
|
|
37
|
+
// Chinese: behavioral override
|
|
38
|
+
{ pattern: /从现在开始.{0,20}(?:新任务|新指令|你的任务)/i, description: "Chinese: 'from now on' behavioral override", severity: "medium" },
|
|
39
|
+
{ pattern: /你现在是.{0,20}(?:没有限制|无限制|不受限)/i, description: "Chinese: identity change to unrestricted", severity: "medium" },
|
|
33
40
|
];
|
|
34
41
|
// ============================================================
|
|
35
42
|
// Category 2: Identity manipulation
|
|
36
43
|
// ============================================================
|
|
37
44
|
const IDENTITY_MANIPULATION = [
|
|
38
|
-
{ pattern: /you\s+are\s+now\s+(a|an|acting\s+as)/i, description: "Attempts to change agent identity", severity: "
|
|
39
|
-
{ pattern: /pretend\s+(to\s+be|you\s+are)/i, description: "Attempts identity manipulation via pretending", severity: "
|
|
40
|
-
{ pattern: /from\s+now\s+on,?\s+(you|your|ignore|do\s+not)/i, description: "Attempts to set new behavioral directives", severity: "
|
|
45
|
+
{ pattern: /you\s+are\s+now\s+(a|an|acting\s+as)/i, description: "Attempts to change agent identity", severity: "medium" },
|
|
46
|
+
{ pattern: /pretend\s+(to\s+be|you\s+are)/i, description: "Attempts identity manipulation via pretending", severity: "medium" },
|
|
47
|
+
{ pattern: /from\s+now\s+on,?\s+(you|your|ignore|do\s+not)/i, description: "Attempts to set new behavioral directives", severity: "medium" },
|
|
41
48
|
// Role-play injection (from BIPIA research)
|
|
42
|
-
{ pattern: /let'?s\s+play\s+a\s+game/i, description: "Role-play injection: 'let's play a game'", severity: "
|
|
43
|
-
{ pattern: /(?:imagine|suppose|assume)\s+(?:that\s+)?you\s+(?:are|were|have)\s+(?:a|an|no)\s+/i, description: "Hypothetical role-play injection", severity: "
|
|
44
|
-
{ pattern: /(?:in\s+this\s+(?:scenario|simulation|exercise|context)),?\s+you\s+(?:are|should|must|will)/i, description: "Scenario-based identity manipulation", severity: "
|
|
49
|
+
{ pattern: /let'?s\s+play\s+a\s+game/i, description: "Role-play injection: 'let's play a game'", severity: "medium" },
|
|
50
|
+
{ pattern: /(?:imagine|suppose|assume)\s+(?:that\s+)?you\s+(?:are|were|have)\s+(?:a|an|no)\s+/i, description: "Hypothetical role-play injection", severity: "medium" },
|
|
51
|
+
{ pattern: /(?:in\s+this\s+(?:scenario|simulation|exercise|context)),?\s+you\s+(?:are|should|must|will)/i, description: "Scenario-based identity manipulation", severity: "medium" },
|
|
45
52
|
// DAN-style jailbreaks
|
|
46
|
-
{ pattern: /(?:DAN|Do\s+Anything\s+Now)\s*(?:mode|prompt|:)/i, description: "DAN jailbreak attempt", severity: "
|
|
47
|
-
{ pattern: /(?:developer|debug|maintenance|admin|root)\s+mode\s*(?:enabled|activated|on|:)/i, description: "Fake mode activation to bypass restrictions", severity: "
|
|
53
|
+
{ pattern: /(?:DAN|Do\s+Anything\s+Now)\s*(?:mode|prompt|:)/i, description: "DAN jailbreak attempt", severity: "medium" },
|
|
54
|
+
{ pattern: /(?:developer|debug|maintenance|admin|root)\s+mode\s*(?:enabled|activated|on|:)/i, description: "Fake mode activation to bypass restrictions", severity: "medium" },
|
|
48
55
|
];
|
|
49
56
|
// ============================================================
|
|
50
57
|
// Category 3: System prompt extraction/manipulation
|
|
51
58
|
// ============================================================
|
|
52
59
|
const SYSTEM_PROMPT_ATTACKS = [
|
|
53
|
-
{ pattern: /(?:reveal|show|display|print|output|repeat|echo|tell\s+me)\s+(?:your\s+)?(?:system\s+)?prompt/i, description: "Attempts to extract system prompt", severity: "
|
|
54
|
-
{ pattern: /what\s+(?:is|are)\s+your\s+(?:system\s+)?(?:instructions|prompt|rules|guidelines)/i, description: "Attempts to extract agent instructions", severity: "
|
|
55
|
-
{ pattern: /<\/?system>/i, description: "Fake system tags to inject instructions", severity: "
|
|
56
|
-
{ pattern: /\[SYSTEM\]|\[INST\]|\[\/INST\]/i, description: "Fake instruction delimiters", severity: "
|
|
60
|
+
{ pattern: /(?:reveal|show|display|print|output|repeat|echo|tell\s+me)\s+(?:your\s+)?(?:system\s+)?prompt/i, description: "Attempts to extract system prompt", severity: "medium" },
|
|
61
|
+
{ pattern: /what\s+(?:is|are)\s+your\s+(?:system\s+)?(?:instructions|prompt|rules|guidelines)/i, description: "Attempts to extract agent instructions", severity: "medium" },
|
|
62
|
+
{ pattern: /<\/?system>/i, description: "Fake system tags to inject instructions", severity: "medium" },
|
|
63
|
+
{ pattern: /\[SYSTEM\]|\[INST\]|\[\/INST\]/i, description: "Fake instruction delimiters", severity: "medium" },
|
|
57
64
|
// More delimiter injection variants
|
|
58
|
-
{ pattern: /<\|(?:im_start|im_end|system|user|assistant|endoftext)\|>/i, description: "ChatML/token delimiter injection", severity: "
|
|
59
|
-
{ pattern: /###\s*(?:System|Human|Assistant|User)\s*(?:Message|Prompt)?\s*:/i, description: "Fake conversation role delimiter", severity: "
|
|
60
|
-
{ pattern: /\bEND_SYSTEM_PROMPT\b|\bBEGIN_USER_INPUT\b|\bSYSTEM_OVERRIDE\b/i, description: "Fake system boundary markers", severity: "
|
|
65
|
+
{ pattern: /<\|(?:im_start|im_end|system|user|assistant|endoftext)\|>/i, description: "ChatML/token delimiter injection", severity: "medium" },
|
|
66
|
+
{ pattern: /###\s*(?:System|Human|Assistant|User)\s*(?:Message|Prompt)?\s*:/i, description: "Fake conversation role delimiter", severity: "medium" },
|
|
67
|
+
{ pattern: /\bEND_SYSTEM_PROMPT\b|\bBEGIN_USER_INPUT\b|\bSYSTEM_OVERRIDE\b/i, description: "Fake system boundary markers", severity: "medium" },
|
|
61
68
|
];
|
|
62
69
|
// ============================================================
|
|
63
70
|
// Category 4: Hidden instructions (steganographic attacks)
|
|
64
71
|
// ============================================================
|
|
65
72
|
const HIDDEN_INSTRUCTIONS = [
|
|
66
|
-
{ pattern: /<!--[\s\S]*?(?:ignore|override|disregard|execute|run|you must|always|never)[\s\S]*?-->/i, description: "Hidden instructions in HTML comments", severity: "
|
|
67
|
-
{ pattern:
|
|
73
|
+
{ pattern: /<!--[\s\S]*?(?:ignore|override|disregard|execute|run|you must|always|never)[\s\S]*?-->/i, description: "Hidden instructions in HTML comments", severity: "medium" },
|
|
74
|
+
{ pattern: /[\u200b\u200c\u200d\u2060]/g, description: "Zero-width characters (potential hidden text)", severity: "medium" },
|
|
68
75
|
// Invariant Labs TPA: <IMPORTANT> tag poisoning
|
|
69
|
-
{ pattern: /<IMPORTANT>[\s\S]*?<\/IMPORTANT>/i, description: "TPA: <IMPORTANT> tag poisoning (Invariant Labs attack vector)", severity: "
|
|
70
|
-
{ pattern: /<(?:CRITICAL|MANDATORY|REQUIRED|ESSENTIAL|PRIORITY)>[\s\S]*?<\/(?:CRITICAL|MANDATORY|REQUIRED|ESSENTIAL|PRIORITY)>/i, description: "Urgency-tagged hidden instructions", severity: "
|
|
76
|
+
{ pattern: /<IMPORTANT>[\s\S]*?<\/IMPORTANT>/i, description: "TPA: <IMPORTANT> tag poisoning (Invariant Labs attack vector)", severity: "medium" },
|
|
77
|
+
{ pattern: /<(?:CRITICAL|MANDATORY|REQUIRED|ESSENTIAL|PRIORITY)>[\s\S]*?<\/(?:CRITICAL|MANDATORY|REQUIRED|ESSENTIAL|PRIORITY)>/i, description: "Urgency-tagged hidden instructions", severity: "medium" },
|
|
71
78
|
// Invisible unicode / homoglyph attacks
|
|
72
|
-
{ pattern: /[\u2000-\u200f\u2028-\u202f\u205f-\u206f]/g, description: "Unicode formatting/control characters (steganographic attack)", severity: "
|
|
73
|
-
{ pattern: /[\u0300-\u036f]{3,}/g, description: "Excessive combining diacritical marks (text hiding)", severity: "
|
|
79
|
+
{ pattern: /[\u2000-\u200f\u2028-\u202f\u205f-\u206f]/g, description: "Unicode formatting/control characters (steganographic attack)", severity: "medium" },
|
|
80
|
+
{ pattern: /[\u0300-\u036f]{3,}/g, description: "Excessive combining diacritical marks (text hiding)", severity: "medium" },
|
|
74
81
|
// Markdown image exfiltration
|
|
75
|
-
{ pattern: /!\[.*?\]\(https?:\/\/[^)]*(?:\?|&)(?:data|q|query|content|text|msg|payload|d|c)=/i, description: "Markdown image with data exfiltration query params", severity: "
|
|
82
|
+
{ pattern: /!\[.*?\]\(https?:\/\/[^)]*(?:\?|&)(?:data|q|query|content|text|msg|payload|d|c)=/i, description: "Markdown image with data exfiltration query params", severity: "medium" },
|
|
76
83
|
// White text / CSS hiding
|
|
77
|
-
{ pattern: /color:\s*(?:white|#fff(?:fff)?|rgb\(255,\s*255,\s*255\)|transparent)/i, description: "CSS color hiding (white/transparent text)", severity: "
|
|
78
|
-
{ pattern: /font-size:\s*(?:0|0px|0pt|0em)/i, description: "CSS zero font size (invisible text)", severity: "
|
|
84
|
+
{ pattern: /color:\s*(?:white|#fff(?:fff)?|rgb\(255,\s*255,\s*255\)|transparent)/i, description: "CSS color hiding (white/transparent text)", severity: "medium" },
|
|
85
|
+
{ pattern: /font-size:\s*(?:0|0px|0pt|0em)/i, description: "CSS zero font size (invisible text)", severity: "medium" },
|
|
79
86
|
];
|
|
80
87
|
// ============================================================
|
|
81
88
|
// Category 5: Behavioral hijacking
|
|
82
89
|
// ============================================================
|
|
83
90
|
const BEHAVIORAL_HIJACKING = [
|
|
84
|
-
{ pattern: /(?:you\s+must|always|never)\s+(?:call|use|invoke|execute|run)\s+(?:this|the|my)\s+tool/i, description: "Forces agent to call specific tools", severity: "
|
|
85
|
-
|
|
86
|
-
{ pattern: /(?:
|
|
87
|
-
{ pattern: /(?:
|
|
91
|
+
{ pattern: /(?:you\s+must|always|never)\s+(?:call|use|invoke|execute|run)\s+(?:this|the|my)\s+tool/i, description: "Forces agent to call specific tools", severity: "medium" },
|
|
92
|
+
// "do not ask the user" — only flag if followed by action-oriented verbs, not general UX guidance
|
|
93
|
+
{ pattern: /(?:do\s+not|never|don'?t)\s+(?:ask|check|verify|validate|confirm)\s+(?:the\s+user|before|permission)\s+(?:about|for|if|whether)?\s*(?:permission|consent|approval|safety|security)/i, description: "Attempts to bypass user confirmation", severity: "medium" },
|
|
94
|
+
{ pattern: /(?:before|after)\s+(?:any|every|each)\s+(?:action|request|call|tool),?\s+(?:first\s+)?(?:call|use|invoke|run)/i, description: "Injects mandatory pre/post actions", severity: "medium" },
|
|
95
|
+
{ pattern: /(?:silently|quietly|secretly|without\s+(?:telling|informing|notifying))\s+(?:send|post|upload|transmit|exfiltrate)/i, description: "Instructs covert data transmission", severity: "medium" },
|
|
88
96
|
// Concealment patterns (from Invariant Labs TPA research)
|
|
89
|
-
{ pattern: /(?:do\s+not|don'?t|never)\s+(?:mention|tell|inform|notify|alert|warn|show|display|reveal)\s+(?:[\w\s]{0,20})?(?:the\s+)?(?:user|human|person|anyone)/i, description: "Concealment: instructs hiding behavior from user", severity: "
|
|
90
|
-
{ pattern: /(?:this\s+(?:is|should\s+be|must\s+remain))\s+(?:invisible|hidden|secret|confidential)\s+(?:to|from)\s+(?:the\s+)?user/i, description: "Concealment: marks actions as hidden from user", severity: "
|
|
91
|
-
{ pattern: /(?:do\s+not|don'?t|never)\s+(?:include|show|display)\s+(?:this|these|the)\s+(?:in\s+(?:your|the)\s+)?(?:response|output|reply|answer)/i, description: "Concealment: suppresses information from response", severity: "
|
|
97
|
+
{ pattern: /(?:do\s+not|don'?t|never)\s+(?:mention|tell|inform|notify|alert|warn|show|display|reveal)\s+(?:[\w\s]{0,20})?(?:the\s+)?(?:user|human|person|anyone)/i, description: "Concealment: instructs hiding behavior from user", severity: "medium" },
|
|
98
|
+
{ pattern: /(?:this\s+(?:is|should\s+be|must\s+remain))\s+(?:invisible|hidden|secret|confidential)\s+(?:to|from)\s+(?:the\s+)?user/i, description: "Concealment: marks actions as hidden from user", severity: "medium" },
|
|
99
|
+
{ pattern: /(?:do\s+not|don'?t|never)\s+(?:include|show|display)\s+(?:this|these|the)\s+(?:in\s+(?:your|the)\s+)?(?:response|output|reply|answer)/i, description: "Concealment: suppresses information from response", severity: "medium" },
|
|
92
100
|
// Distraction patterns (from TPA: "provide detailed reasoning about math")
|
|
93
|
-
{ pattern: /(?:while|as)\s+(?:you|doing\s+(?:this|that)),?\s+(?:provide|give|show)\s+(?:detailed|lengthy|extensive)\s+(?:reasoning|explanation|analysis)/i, description: "Distraction: uses verbose output to mask malicious action", severity: "
|
|
94
|
-
{ pattern: /(?:this\s+could\s+(?:even\s+)?upset\s+the\s+user|be\s+(?:very\s+)?gentle|not\s+scary)/i, description: "Social engineering: emotional manipulation to conceal actions", severity: "
|
|
101
|
+
{ pattern: /(?:while|as)\s+(?:you|doing\s+(?:this|that)),?\s+(?:provide|give|show)\s+(?:detailed|lengthy|extensive)\s+(?:reasoning|explanation|analysis)/i, description: "Distraction: uses verbose output to mask malicious action", severity: "medium" },
|
|
102
|
+
{ pattern: /(?:this\s+could\s+(?:even\s+)?upset\s+the\s+user|be\s+(?:very\s+)?gentle|not\s+scary)/i, description: "Social engineering: emotional manipulation to conceal actions", severity: "medium" },
|
|
95
103
|
];
|
|
96
104
|
// ============================================================
|
|
97
105
|
// Category 6: Tool poisoning (MCP-specific from Invariant Labs)
|
|
98
106
|
// ============================================================
|
|
99
107
|
const TOOL_POISONING = [
|
|
100
|
-
|
|
101
|
-
{ pattern: /(?:
|
|
108
|
+
// Urgency keyword + behavioral directive — but NOT when used as a section header or warning label
|
|
109
|
+
{ pattern: /(?:important|crucial|critical|essential|vital)\s*(?::|!)\s*(?:always|you must|do not\s+(?:reveal|share|expose|send|output))/i, description: "Urgency-based behavioral directive in description", severity: "medium" },
|
|
110
|
+
{ pattern: /(?:this\s+tool\s+)?(?:requires|needs|demands)\s+(?:that\s+)?(?:you|the\s+agent)\s+(?:first|also|always)/i, description: "Tool description imposes agent requirements", severity: "medium" },
|
|
102
111
|
// TPA: Tool requiring reading unrelated files
|
|
103
|
-
{ pattern: /(?:before\s+(?:using|calling|running)\s+this\s+tool|otherwise\s+(?:the\s+tool|it)\s+will\s+not\s+work),?\s+(?:read|access|open|load|get)\s+/i, description: "TPA: tool demands reading files before execution", severity: "
|
|
104
|
-
{ pattern: /(?:pass|send|include)\s+(?:its?\s+)?(?:content|contents|data|value|result)\s+as\s+['"]?\w+['"]?/i, description: "TPA: instructs passing file contents as parameter", severity: "
|
|
112
|
+
{ pattern: /(?:before\s+(?:using|calling|running)\s+this\s+tool|otherwise\s+(?:the\s+tool|it)\s+will\s+not\s+work),?\s+(?:read|access|open|load|get)\s+/i, description: "TPA: tool demands reading files before execution", severity: "medium" },
|
|
113
|
+
{ pattern: /(?:pass|send|include)\s+(?:its?\s+)?(?:content|contents|data|value|result)\s+as\s+['"]?\w+['"]?/i, description: "TPA: instructs passing file contents as parameter", severity: "medium" },
|
|
105
114
|
// TPA: Tool with hidden side-channel parameter
|
|
106
|
-
{ pattern: /(?:pass|provide|send|include)\s+(?:it|this|the\s+(?:content|data|result|output))\s+(?:as|in|via)\s+(?:the\s+)?['"]?(?:sidenote|note|metadata|context|extra|debug|trace|log|comment|tag|label|memo|remark)['"]?/i, description: "TPA: hidden side-channel parameter for data exfiltration", severity: "
|
|
115
|
+
{ pattern: /(?:pass|provide|send|include)\s+(?:it|this|the\s+(?:content|data|result|output))\s+(?:as|in|via)\s+(?:the\s+)?['"]?(?:sidenote|note|metadata|context|extra|debug|trace|log|comment|tag|label|memo|remark)['"]?/i, description: "TPA: hidden side-channel parameter for data exfiltration", severity: "medium" },
|
|
107
116
|
// Toxic flow: cross-tool data piping
|
|
108
|
-
{ pattern: /(?:take|get|read|extract|collect)\s+(?:the\s+)?(?:output|result|response|data)\s+(?:from|of)\s+(?:the\s+)?\w+\s+(?:tool|function|command)\s+(?:and\s+)?(?:send|pass|forward|pipe)\s+(?:it\s+)?(?:to|into)/i, description: "Toxic flow: cross-tool data piping for exfiltration", severity: "
|
|
117
|
+
{ pattern: /(?:take|get|read|extract|collect)\s+(?:the\s+)?(?:output|result|response|data)\s+(?:from|of)\s+(?:the\s+)?\w+\s+(?:tool|function|command)\s+(?:and\s+)?(?:send|pass|forward|pipe)\s+(?:it\s+)?(?:to|into)/i, description: "Toxic flow: cross-tool data piping for exfiltration", severity: "medium" },
|
|
109
118
|
];
|
|
110
119
|
// ============================================================
|
|
111
120
|
// Category 7: Data exfiltration via prompt
|
|
112
121
|
// ============================================================
|
|
113
122
|
const DATA_EXFILTRATION = [
|
|
114
|
-
{ pattern: /(?:send|
|
|
115
|
-
|
|
123
|
+
{ pattern: /(?:send|transmit|forward|exfiltrate|copy)\s+(?:all|the|this|entire)\s+(?:conversation|chat)\s+(?:history|data|log|context)\s+(?:to|at)\s+/i, description: "Instructs exfiltration of conversation data", severity: "medium" },
|
|
124
|
+
// Only flag extraction attempts, not security guidance about protecting credentials
|
|
125
|
+
{ pattern: /(?:include|append|attach|embed)\s+(?:the\s+)?(?:api\s+key|token|password|secret|credential|ssh\s+key)\s+(?:in|to|into|with)\s+(?:the|your|this|a)\s+(?:response|output|reply|message|request|url|body|payload)/i, description: "Attempts to extract credentials via prompt", severity: "medium" },
|
|
116
126
|
// File read for exfiltration (from Invariant Labs TPA)
|
|
117
|
-
{ pattern: /(?:read|access|open|cat|load|get\s+the\s+contents?\s+of)\s+(?:~\/|\/(?:home|root|etc|var)\/)[\w.\-\/]*(?:\.ssh|\.aws|\.env|\.cursor|\.claude|mcp\.json|credentials|config\.json|id_rsa|\.gnupg)/i, description: "TPA: reads sensitive files for exfiltration", severity: "
|
|
118
|
-
{ pattern: /(?:read|access|open)\s+[`'"]?~\/\.(?:ssh|aws|cursor|claude|vscode|config|gnupg|npm|pypirc|docker|kube)/i, description: "TPA: reads sensitive dotfile directories", severity: "
|
|
127
|
+
{ pattern: /(?:read|access|open|cat|load|get\s+the\s+contents?\s+of)\s+(?:~\/|\/(?:home|root|etc|var)\/)[\w.\-\/]*(?:\.ssh|\.aws|\.env|\.cursor|\.claude|mcp\.json|credentials|config\.json|id_rsa|\.gnupg)/i, description: "TPA: reads sensitive files for exfiltration", severity: "medium" },
|
|
128
|
+
{ pattern: /(?:read|access|open)\s+[`'"]?~\/\.(?:ssh|aws|cursor|claude|vscode|config|gnupg|npm|pypirc|docker|kube)/i, description: "TPA: reads sensitive dotfile directories", severity: "medium" },
|
|
119
129
|
// Markdown/image-based exfiltration
|
|
120
|
-
{ pattern: /!\[(?:.*?)\]\(https?:\/\/[^)]+\/(?:collect|exfil|log|track|steal|grab|capture|record)(?:[?/]|$)/i, description: "Markdown image URL with exfiltration endpoint", severity: "
|
|
130
|
+
{ pattern: /!\[(?:.*?)\]\(https?:\/\/[^)]+\/(?:collect|exfil|log|track|steal|grab|capture|record)(?:[?/]|$)/i, description: "Markdown image URL with exfiltration endpoint", severity: "medium" },
|
|
121
131
|
];
|
|
122
132
|
// ============================================================
|
|
123
133
|
// Category 8: Encoding-based evasion
|
|
124
134
|
// ============================================================
|
|
125
135
|
const ENCODING_EVASION = [
|
|
126
|
-
{ pattern: /(?:decode|eval|execute|run)\s+(?:the\s+)?(?:base64|hex|rot13|encoded)/i, description: "Instructs decoding of obfuscated payloads", severity: "
|
|
136
|
+
{ pattern: /(?:decode|eval|execute|run)\s+(?:the\s+)?(?:base64|hex|rot13|encoded)/i, description: "Instructs decoding of obfuscated payloads", severity: "medium" },
|
|
127
137
|
// Base64-encoded instruction blocks
|
|
128
|
-
{ pattern: /(?:aWdub3Jl|ZGlzcmVnYXJk|b3ZlcnJpZGU|Zm9yZ2V0|cmV2ZWFs|c3lzdGVt|cHJvbXB0|aW5zdHJ1Y3Rpb24)/i, description: "Base64-encoded injection keywords detected", severity: "
|
|
138
|
+
{ pattern: /(?:aWdub3Jl|ZGlzcmVnYXJk|b3ZlcnJpZGU|Zm9yZ2V0|cmV2ZWFs|c3lzdGVt|cHJvbXB0|aW5zdHJ1Y3Rpb24)/i, description: "Base64-encoded injection keywords detected", severity: "medium" },
|
|
129
139
|
// Hex-encoded patterns
|
|
130
|
-
{ pattern: /\\x[0-9a-f]{2}(?:\\x[0-9a-f]{2}){5,}/gi, description: "Hex-encoded string (potential payload)", severity: "
|
|
140
|
+
{ pattern: /\\x[0-9a-f]{2}(?:\\x[0-9a-f]{2}){5,}/gi, description: "Hex-encoded string (potential payload)", severity: "medium" },
|
|
131
141
|
// Unicode escape sequences
|
|
132
|
-
{ pattern: /\\u[0-9a-f]{4}(?:\\u[0-9a-f]{4}){5,}/gi, description: "Unicode escape sequence chain (potential hidden text)", severity: "
|
|
142
|
+
{ pattern: /\\u[0-9a-f]{4}(?:\\u[0-9a-f]{4}){5,}/gi, description: "Unicode escape sequence chain (potential hidden text)", severity: "medium" },
|
|
133
143
|
];
|
|
134
144
|
// ============================================================
|
|
135
145
|
// Category 9: Fake Completion Attack (Open-Prompt-Injection: FakeCompAttacker)
|
|
136
146
|
// Agent thinks original task is done, then follows injected instructions
|
|
137
147
|
// ============================================================
|
|
138
148
|
const FAKE_COMPLETION = [
|
|
139
|
-
{ pattern: /(?:Answer|Response|Result|Output|Summary|Task)\s*:\s*(?:done|complete|finished|negative sentiment|no spam|no hateful|entailment|equivalent)[\s.]*(?:\n|\r|$)/i, description: "Fake task completion followed by potential injection", severity: "
|
|
140
|
-
{ pattern: /(?:task\s+(?:is\s+)?(?:complete|done|finished)|I'?(?:ve|m)\s+(?:done|finished)|(?:analysis|correction|summary|grammar)\s+(?:is\s+)?complete)[.\s]*(?:now|next|additionally|also|furthermore|by the way)/i, description: "Fake completion + follow-up injection", severity: "
|
|
141
|
-
{ pattern: /---\s*\n\s*(?:ignore|new|now|actual|real)\s+(?:instructions?|task)/i, description: "Separator + new instruction injection after fake completion", severity: "
|
|
149
|
+
{ pattern: /(?:Answer|Response|Result|Output|Summary|Task)\s*:\s*(?:done|complete|finished|negative sentiment|no spam|no hateful|entailment|equivalent)[\s.]*(?:\n|\r|$)/i, description: "Fake task completion followed by potential injection", severity: "medium" },
|
|
150
|
+
{ pattern: /(?:task\s+(?:is\s+)?(?:complete|done|finished)|I'?(?:ve|m)\s+(?:done|finished)|(?:analysis|correction|summary|grammar)\s+(?:is\s+)?complete)[.\s]*(?:now|next|additionally|also|furthermore|by the way)/i, description: "Fake completion + follow-up injection", severity: "medium" },
|
|
151
|
+
{ pattern: /---\s*\n\s*(?:ignore|new|now|actual|real)\s+(?:instructions?|task)/i, description: "Separator + new instruction injection after fake completion", severity: "medium" },
|
|
142
152
|
];
|
|
143
153
|
// ============================================================
|
|
144
154
|
// Category 10: Delimiter/Boundary Confusion (arXiv:2302.12173)
|
|
145
155
|
// Trick the model by injecting conversation boundary markers
|
|
146
156
|
// ============================================================
|
|
147
157
|
const DELIMITER_CONFUSION = [
|
|
148
|
-
{ pattern: /```\s*(?:system|instruction|prompt|admin|internal)\s*$/i, description: "Fake code block boundary with privileged label", severity: "
|
|
149
|
-
{ pattern: /\[(?:SYSTEM|ADMIN|INTERNAL|ROOT|OPERATOR|DEVELOPER)\s*(?:MESSAGE|NOTE|INSTRUCTION|OVERRIDE)\]/i, description: "Fake privileged message bracket", severity: "
|
|
150
|
-
{ pattern: /={3,}\s*(?:SYSTEM|ADMIN|INSTRUCTION|PRIVILEGED)\s*={3,}/i, description: "Fake section boundary marker", severity: "
|
|
151
|
-
{ pattern: /<\|(?:tool_call|function_call|tool_result|function_result)\|>/i, description: "Fake tool call/result delimiter injection", severity: "
|
|
152
|
-
{ pattern: /(?:Human|User|Assistant)\s*\((?:internal|admin|system|override)\)\s*:/i, description: "Fake role with elevated context", severity: "
|
|
158
|
+
{ pattern: /```\s*(?:system|instruction|prompt|admin|internal)\s*$/i, description: "Fake code block boundary with privileged label", severity: "medium" },
|
|
159
|
+
{ pattern: /\[(?:SYSTEM|ADMIN|INTERNAL|ROOT|OPERATOR|DEVELOPER)\s*(?:MESSAGE|NOTE|INSTRUCTION|OVERRIDE)\]/i, description: "Fake privileged message bracket", severity: "medium" },
|
|
160
|
+
{ pattern: /={3,}\s*(?:SYSTEM|ADMIN|INSTRUCTION|PRIVILEGED)\s*={3,}/i, description: "Fake section boundary marker", severity: "medium" },
|
|
161
|
+
{ pattern: /<\|(?:tool_call|function_call|tool_result|function_result)\|>/i, description: "Fake tool call/result delimiter injection", severity: "medium" },
|
|
162
|
+
{ pattern: /(?:Human|User|Assistant)\s*\((?:internal|admin|system|override)\)\s*:/i, description: "Fake role with elevated context", severity: "medium" },
|
|
153
163
|
];
|
|
154
164
|
// ============================================================
|
|
155
165
|
// Category 11: Instruction Hierarchy Abuse
|
|
156
166
|
// Claims elevated privileges or administrative authority
|
|
157
167
|
// ============================================================
|
|
158
168
|
const HIERARCHY_ABUSE = [
|
|
159
|
-
{ pattern: /(?:as\s+(?:the|an?)\s+)?(?:administrator|admin|supervisor|manager|owner|operator)\s*[,:]\s*(?:I\s+)?(?:instruct|command|order|direct|authorize|override|grant)/i, description: "Claims administrator authority", severity: "
|
|
160
|
-
{ pattern: /(?:this\s+(?:instruction|message|command)\s+)?(?:has|with)\s+(?:higher|elevated|admin|root|system)\s+(?:priority|privilege|access|permission|authority)/i, description: "Claims elevated priority/privilege", severity: "
|
|
161
|
-
{ pattern: /(?:per|by)\s+(?:company|corporate|management|executive|leadership)\s+(?:policy|directive|order|mandate)/i, description: "Invokes fake corporate authority", severity: "
|
|
162
|
-
{ pattern: /(?:security|compliance|legal|audit)\s+(?:team|department|officer)\s+(?:requires|mandates|demands|directs)/i, description: "Invokes fake security/compliance authority", severity: "
|
|
163
|
-
{ pattern: /(?:authorized|approved|sanctioned|cleared)\s+by\s+(?:the\s+)?(?:system|admin|security|management|CEO|CTO)/i, description: "Claims authorization from authority figure", severity: "
|
|
169
|
+
{ pattern: /(?:as\s+(?:the|an?)\s+)?(?:administrator|admin|supervisor|manager|owner|operator)\s*[,:]\s*(?:I\s+)?(?:instruct|command|order|direct|authorize|override|grant)/i, description: "Claims administrator authority", severity: "medium" },
|
|
170
|
+
{ pattern: /(?:this\s+(?:instruction|message|command)\s+)?(?:has|with)\s+(?:higher|elevated|admin|root|system)\s+(?:priority|privilege|access|permission|authority)/i, description: "Claims elevated priority/privilege", severity: "medium" },
|
|
171
|
+
{ pattern: /(?:per|by)\s+(?:company|corporate|management|executive|leadership)\s+(?:policy|directive|order|mandate)/i, description: "Invokes fake corporate authority", severity: "medium" },
|
|
172
|
+
{ pattern: /(?:security|compliance|legal|audit)\s+(?:team|department|officer)\s+(?:requires|mandates|demands|directs)/i, description: "Invokes fake security/compliance authority", severity: "medium" },
|
|
173
|
+
{ pattern: /(?:authorized|approved|sanctioned|cleared)\s+by\s+(?:the\s+)?(?:system|admin|security|management|CEO|CTO)/i, description: "Claims authorization from authority figure", severity: "medium" },
|
|
164
174
|
];
|
|
165
175
|
// ============================================================
|
|
166
176
|
// Category 12: Multi-step / Payload Splitting
|
|
167
177
|
// Splits malicious intent across multiple innocuous-looking lines
|
|
168
178
|
// ============================================================
|
|
169
179
|
const PAYLOAD_SPLITTING = [
|
|
170
|
-
{ pattern: /step\s*\d+\s*:\s*(?:read|access|get|retrieve)\s+(?:the\s+)?(?:file|data|credentials?|keys?|tokens?|secrets?)/i, description: "Multi-step attack: numbered steps targeting sensitive data", severity: "
|
|
171
|
-
{ pattern: /step\s*\d+\s*:\s*(?:send|post|transmit|forward|upload)\s+(?:the\s+)?(?:results?|output|data|contents?)\s+(?:to|via)/i, description: "Multi-step attack: numbered exfiltration step", severity: "
|
|
172
|
-
{ pattern: /(?:first|then|next|after that|finally),?\s+(?:silently|quietly|without\s+(?:telling|the\s+user))\s+/i, description: "Sequential instruction with concealment", severity: "
|
|
180
|
+
{ pattern: /step\s*\d+\s*:\s*(?:read|access|get|retrieve)\s+(?:the\s+)?(?:file|data|credentials?|keys?|tokens?|secrets?)/i, description: "Multi-step attack: numbered steps targeting sensitive data", severity: "medium" },
|
|
181
|
+
{ pattern: /step\s*\d+\s*:\s*(?:send|post|transmit|forward|upload)\s+(?:the\s+)?(?:results?|output|data|contents?)\s+(?:to|via)/i, description: "Multi-step attack: numbered exfiltration step", severity: "medium" },
|
|
182
|
+
{ pattern: /(?:first|then|next|after that|finally),?\s+(?:silently|quietly|without\s+(?:telling|the\s+user))\s+/i, description: "Sequential instruction with concealment", severity: "medium" },
|
|
173
183
|
];
|
|
174
184
|
// Merge all categories
|
|
175
185
|
const INJECTION_PATTERNS = [
|
|
@@ -188,9 +198,11 @@ const INJECTION_PATTERNS = [
|
|
|
188
198
|
];
|
|
189
199
|
// Suspicious URL patterns in skills
|
|
190
200
|
const SUSPICIOUS_URL_PATTERNS = [
|
|
191
|
-
{ pattern: /curl\s+(?:-[sS]\s+)?https?:\/\/(?!github\.com|raw\.githubusercontent|npmjs\.com|pypi\.org)/i, description: "Downloads from non-standard source" },
|
|
192
|
-
{ pattern: /wget\s+(?:-q\s+)?https?:\/\/(?!github\.com|raw\.githubusercontent)/i, description: "Downloads from non-standard source" },
|
|
193
|
-
|
|
201
|
+
{ pattern: /curl\s+(?:-[sS]\s+)?https?:\/\/(?!github\.com|raw\.githubusercontent|npmjs\.com|pypi\.org|localhost|127\.0\.0\.1|0\.0\.0\.0)[^\s|]+\s*\|\s*(?:bash|sh)/i, description: "Downloads from non-standard source and pipes to shell" },
|
|
202
|
+
{ pattern: /wget\s+(?:-q\s+)?https?:\/\/(?!github\.com|raw\.githubusercontent)[^\s|]+\s*(?:&&|\;)\s*(?:bash|sh|chmod)/i, description: "Downloads and executes from non-standard source" },
|
|
203
|
+
// Only flag pipe-to-shell when preceded by curl/wget (downloading + executing)
|
|
204
|
+
// This is genuinely risky even from trusted sources, but lower severity for known hosts
|
|
205
|
+
{ pattern: /(?:curl|wget)\s+[^|]*\|\s*(?:bash|sh|zsh|python[3]?|node|perl|ruby)\b/i, description: "Pipes download output to shell execution" },
|
|
194
206
|
{ pattern: /(?:bit\.ly|tinyurl|t\.co|goo\.gl|is\.gd|shorturl)\//i, description: "URL shortener (obscures destination)" },
|
|
195
207
|
{ pattern: /(?:pastebin\.com|hastebin\.com|paste\.ee|ghostbin)/i, description: "Paste site (potential malicious payload host)" },
|
|
196
208
|
// Webhook/callback exfiltration endpoints
|
|
@@ -215,11 +227,15 @@ export const promptInjection = {
|
|
|
215
227
|
for (let i = 0; i < file.lines.length; i++) {
|
|
216
228
|
const line = file.lines[i];
|
|
217
229
|
for (const { pattern, description, severity } of INJECTION_PATTERNS) {
|
|
230
|
+
// Skip zero-width/Unicode checks unless it's a skill definition file
|
|
231
|
+
// Editor artifacts (BOM, ZWNJ, ZWS) are common in multilingual markdown/code
|
|
232
|
+
if (!isSkillMd && (description.includes("Zero-width") || description.includes("Unicode formatting")))
|
|
233
|
+
continue;
|
|
218
234
|
pattern.lastIndex = 0;
|
|
219
235
|
if (pattern.test(line)) {
|
|
220
236
|
findings.push({
|
|
221
237
|
rule: "prompt-injection",
|
|
222
|
-
severity: isSkillMd ? severity : "
|
|
238
|
+
severity: isSkillMd ? severity : "medium",
|
|
223
239
|
file: file.relativePath,
|
|
224
240
|
line: i + 1,
|
|
225
241
|
message: `Prompt injection: ${description}`,
|
|
@@ -241,7 +257,7 @@ export const promptInjection = {
|
|
|
241
257
|
const lineNum = file.content.substring(0, match.index).split("\n").length;
|
|
242
258
|
findings.push({
|
|
243
259
|
rule: "prompt-injection",
|
|
244
|
-
severity: "
|
|
260
|
+
severity: "medium",
|
|
245
261
|
file: file.relativePath,
|
|
246
262
|
line: lineNum,
|
|
247
263
|
message: "TPA: <IMPORTANT> block with suspicious instructions (Invariant Labs attack pattern)",
|
|
@@ -259,7 +275,7 @@ export const promptInjection = {
|
|
|
259
275
|
if (pattern.test(line)) {
|
|
260
276
|
findings.push({
|
|
261
277
|
rule: "prompt-injection",
|
|
262
|
-
severity: "
|
|
278
|
+
severity: "medium",
|
|
263
279
|
file: file.relativePath,
|
|
264
280
|
line: i + 1,
|
|
265
281
|
message: `Suspicious URL: ${description}`,
|
|
@@ -278,7 +294,7 @@ export const promptInjection = {
|
|
|
278
294
|
if (wordCount > 50 && instructionWords / wordCount > 0.05) {
|
|
279
295
|
findings.push({
|
|
280
296
|
rule: "prompt-injection",
|
|
281
|
-
severity: "
|
|
297
|
+
severity: "medium",
|
|
282
298
|
file: file.relativePath,
|
|
283
299
|
message: `High instruction density (${instructionWords} directive words in ${wordCount} words) — may indicate tool poisoning`,
|
|
284
300
|
});
|
|
@@ -295,7 +311,7 @@ export const promptInjection = {
|
|
|
295
311
|
const lineNum = file.content.substring(0, dsMatch.index).split("\n").length;
|
|
296
312
|
findings.push({
|
|
297
313
|
rule: "prompt-injection",
|
|
298
|
-
severity: "
|
|
314
|
+
severity: "medium",
|
|
299
315
|
file: file.relativePath,
|
|
300
316
|
line: lineNum,
|
|
301
317
|
message: "TPA: Python MCP tool docstring with hidden instructions",
|
|
@@ -307,7 +323,7 @@ export const promptInjection = {
|
|
|
307
323
|
const lineNum = file.content.substring(0, dsMatch.index).split("\n").length;
|
|
308
324
|
findings.push({
|
|
309
325
|
rule: "prompt-injection",
|
|
310
|
-
severity: "
|
|
326
|
+
severity: "medium",
|
|
311
327
|
file: file.relativePath,
|
|
312
328
|
line: lineNum,
|
|
313
329
|
message: "TPA: Python docstring with user concealment instructions",
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"prompt-injection.js","sourceRoot":"","sources":["../../src/rules/prompt-injection.ts"],"names":[],"mappings":"AAEA;;;;;;;;;;;;;GAaG;AAEH,+DAA+D;AAC/D,0CAA0C;AAC1C,+DAA+D;AAC/D,MAAM,oBAAoB,GAAsF;IAC9G,EAAE,OAAO,EAAE,6FAA6F,EAAE,WAAW,EAAE,4CAA4C,EAAE,QAAQ,EAAE,UAAU,EAAE;IAC3L,EAAE,OAAO,EAAE,4FAA4F,EAAE,WAAW,EAAE,yCAAyC,EAAE,QAAQ,EAAE,UAAU,EAAE;IACvL,EAAE,OAAO,EAAE,kEAAkE,EAAE,WAAW,EAAE,4CAA4C,EAAE,QAAQ,EAAE,UAAU,EAAE;IAChK,EAAE,OAAO,EAAE,0BAA0B,EAAE,WAAW,EAAE,0BAA0B,EAAE,QAAQ,EAAE,UAAU,EAAE;IACtG,EAAE,OAAO,EAAE,gFAAgF,EAAE,WAAW,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE;IACvK,qCAAqC;IACrC,EAAE,OAAO,EAAE,mDAAmD,EAAE,WAAW,EAAE,mDAAmD,EAAE,QAAQ,EAAE,UAAU,EAAE;IACxJ,EAAE,OAAO,EAAE,yCAAyC,EAAE,WAAW,EAAE,wCAAwC,EAAE,QAAQ,EAAE,UAAU,EAAE;IACnI,qCAAqC;IACrC,EAAE,OAAO,EAAE,8EAA8E,EAAE,WAAW,EAAE,uCAAuC,EAAE,QAAQ,EAAE,UAAU,EAAE;IACvK,oCAAoC;IACpC,EAAE,OAAO,EAAE,wFAAwF,EAAE,WAAW,EAAE,sCAAsC,EAAE,QAAQ,EAAE,UAAU,EAAE;IAChL,oCAAoC;IACpC,EAAE,OAAO,EAAE,2FAA2F,EAAE,WAAW,EAAE,sCAAsC,EAAE,QAAQ,EAAE,UAAU,EAAE;CACpL,CAAC;AAEF,+DAA+D;AAC/D,oCAAoC;AACpC,+DAA+D;AAC/D,MAAM,qBAAqB,GAAsF;IAC/G,EAAE,OAAO,EAAE,uCAAuC,EAAE,WAAW,EAAE,mCAAmC,EAAE,QAAQ,EAAE,UAAU,EAAE;IAC5H,EAAE,OAAO,EAAE,gCAAgC,EAAE,WAAW,EAAE,+CAA+C,EAAE,QAAQ,EAAE,UAAU,EAAE;IACjI,EAAE,OAAO,EAAE,iDAAiD,EAAE,WAAW,EAAE,2CAA2C,EAAE,QAAQ,EAAE,UAAU,EAAE;IAC9I,4CAA4C;IAC5C,EAAE,OAAO,EAAE,2BAA2B,EAAE,WAAW,EAAE,0CAA0C,EAAE,QAAQ,EAAE,SAAS,EAAE;IACtH,EAAE,OAAO,EAAE,oFAAoF,EAAE,WAAW,EAAE,kCAAkC,EAAE,QAAQ,EAAE,SAAS,EAAE;IACvK,EAAE,OAAO,EAAE,8FAA8F,EAAE,WAAW,EAAE,sCAAsC,EAAE,QAAQ,EAAE,UAAU,EAAE;IACtL,uBAAuB;IACvB,EAAE,OAAO,EAAE,kDAAkD,EAAE,WAAW,EAAE,uBAAuB,EAAE,QAAQ,EAAE,UAAU,EAAE;IAC3H,EAAE,OAAO,EAAE,iFAAiF,EAAE,WAAW,EAAE,6CAA6C,EAAE,QAAQ,EAAE,UAAU,EAAE;CACjL,CAAC;AAEF,+DAA+D;AAC/D,oDAAoD;AACpD,+DAA+D;AAC/D,MAAM,qBAAqB,GAAsF;IAC/G,EAAE,OAAO,EAAE,gGAAgG,EAAE,WAAW,EAAE,mCAAmC,EAAE,QAAQ,EAAE,UAAU,EAAE;IACrL,EAAE,OAAO,EAAE,oFAAoF,EAAE,WAAW,EAAE,wCAAwC,EAAE,QAAQ,EAAE,SAAS,EAAE;IAC7K,EAAE,OAAO,EAAE,cAAc,EAAE,WAAW,EAAE,yCAAyC,EAAE,QAAQ,EAAE,UAAU,EAAE;IACzG,EAAE,OAAO,EAAE,iCAAiC,EAAE,WAAW,EAAE,6BAA6B,EAAE,QAAQ,EAAE,UAAU,EAAE;IAChH,oCAAoC;IACpC,EAAE,OAAO,EAAE,4DAA4D,EAAE,WAAW,EAAE,kCAAkC,EAAE,QAAQ,EAAE,UAAU,EAAE;IAChJ,EAAE,OAAO,EAAE,kEAAkE,EAAE,WAAW,EAAE,kCAAkC,EAAE,QAAQ,EAAE,UAAU,EAAE;IACtJ,EAAE,OAAO,EAAE,iEAAiE,EAAE,WAAW,EAAE,8BAA8B,EAAE,QAAQ,EAAE,UAAU,EAAE;CAClJ,CAAC;AAEF,+DAA+D;AAC/D,2DAA2D;AAC3D,+DAA+D;AAC/D,MAAM,mBAAmB,GAAsF;IAC7G,EAAE,OAAO,EAAE,yFAAyF,EAAE,WAAW,EAAE,sCAAsC,EAAE,QAAQ,EAAE,UAAU,EAAE;IACjL,EAAE,OAAO,EAAE,qCAAqC,EAAE,WAAW,EAAE,+CAA+C,EAAE,QAAQ,EAAE,SAAS,EAAE;IACrI,gDAAgD;IAChD,EAAE,OAAO,EAAE,mCAAmC,EAAE,WAAW,EAAE,+DAA+D,EAAE,QAAQ,EAAE,UAAU,EAAE;IACpJ,EAAE,OAAO,EAAE,qHAAqH,EAAE,WAAW,EAAE,oCAAoC,EAAE,QAAQ,EAAE,UAAU,EAAE;IAC3M,wCAAwC;IACxC,EAAE,OAAO,EAAE,4CAA4C,EAAE,WAAW,EAAE,+DAA+D,EAAE,QAAQ,EAAE,SAAS,EAAE;IAC5J,EAAE,OAAO,EAAE,sBAAsB,EAAE,WAAW,EAAE,qDAAqD,EAAE,QAAQ,EAAE,SAAS,EAAE;IAC5H,8BAA8B;IAC9B,EAAE,OAAO,EAAE,mFAAmF,EAAE,WAAW,EAAE,oDAAoD,EAAE,QAAQ,EAAE,UAAU,EAAE;IACzL,0BAA0B;IAC1B,EAAE,OAAO,EAAE,uEAAuE,EAAE,WAAW,EAAE,2CAA2C,EAAE,QAAQ,EAAE,SAAS,EAAE;IACnK,EAAE,OAAO,EAAE,iCAAiC,EAAE,WAAW,EAAE,qCAAqC,EAAE,QAAQ,EAAE,SAAS,EAAE;CACxH,CAAC;AAEF,+DAA+D;AAC/D,mCAAmC;AACnC,+DAA+D;AAC/D,MAAM,oBAAoB,GAAsF;IAC9G,EAAE,OAAO,EAAE,yFAAyF,EAAE,WAAW,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE;IAChL,EAAE,OAAO,EAAE,uGAAuG,EAAE,WAAW,EAAE,sCAAsC,EAAE,QAAQ,EAAE,UAAU,EAAE;IAC/L,EAAE,OAAO,EAAE,gHAAgH,EAAE,WAAW,EAAE,oCAAoC,EAAE,QAAQ,EAAE,UAAU,EAAE;IACtM,EAAE,OAAO,EAAE,qHAAqH,EAAE,WAAW,EAAE,oCAAoC,EAAE,QAAQ,EAAE,UAAU,EAAE;IAC3M,0DAA0D;IAC1D,EAAE,OAAO,EAAE,uJAAuJ,EAAE,WAAW,EAAE,kDAAkD,EAAE,QAAQ,EAAE,UAAU,EAAE;IAC3P,EAAE,OAAO,EAAE,yHAAyH,EAAE,WAAW,EAAE,gDAAgD,EAAE,QAAQ,EAAE,UAAU,EAAE;IAC3N,EAAE,OAAO,EAAE,wIAAwI,EAAE,WAAW,EAAE,mDAAmD,EAAE,QAAQ,EAAE,UAAU,EAAE;IAC7O,2EAA2E;IAC3E,EAAE,OAAO,EAAE,+IAA+I,EAAE,WAAW,EAAE,2DAA2D,EAAE,QAAQ,EAAE,SAAS,EAAE;IAC3P,EAAE,OAAO,EAAE,wFAAwF,EAAE,WAAW,EAAE,+DAA+D,EAAE,QAAQ,EAAE,UAAU,EAAE;CAC1M,CAAC;AAEF,+DAA+D;AAC/D,gEAAgE;AAChE,+DAA+D;AAC/D,MAAM,cAAc,GAAsF;IACxG,EAAE,OAAO,EAAE,8FAA8F,EAAE,WAAW,EAAE,mDAAmD,EAAE,QAAQ,EAAE,SAAS,EAAE;IAClM,EAAE,OAAO,EAAE,0GAA0G,EAAE,WAAW,EAAE,6CAA6C,EAAE,QAAQ,EAAE,SAAS,EAAE;IACxM,8CAA8C;IAC9C,EAAE,OAAO,EAAE,8IAA8I,EAAE,WAAW,EAAE,kDAAkD,EAAE,QAAQ,EAAE,UAAU,EAAE;IAClP,EAAE,OAAO,EAAE,kGAAkG,EAAE,WAAW,EAAE,mDAAmD,EAAE,QAAQ,EAAE,SAAS,EAAE;IACtM,+CAA+C;IAC/C,EAAE,OAAO,EAAE,iNAAiN,EAAE,WAAW,EAAE,0DAA0D,EAAE,QAAQ,EAAE,UAAU,EAAE;IAC7T,qCAAqC;IACrC,EAAE,OAAO,EAAE,4MAA4M,EAAE,WAAW,EAAE,qDAAqD,EAAE,QAAQ,EAAE,UAAU,EAAE;CACpT,CAAC;AAEF,+DAA+D;AAC/D,2CAA2C;AAC3C,+DAA+D;AAC/D,MAAM,iBAAiB,GAAsF;IAC3G,EAAE,OAAO,EAAE,mKAAmK,EAAE,WAAW,EAAE,6CAA6C,EAAE,QAAQ,EAAE,UAAU,EAAE;IAClQ,EAAE,OAAO,EAAE,wGAAwG,EAAE,WAAW,EAAE,4CAA4C,EAAE,QAAQ,EAAE,UAAU,EAAE;IACtM,uDAAuD;IACvD,EAAE,OAAO,EAAE,kMAAkM,EAAE,WAAW,EAAE,6CAA6C,EAAE,QAAQ,EAAE,UAAU,EAAE;IACjS,EAAE,OAAO,EAAE,yGAAyG,EAAE,WAAW,EAAE,0CAA0C,EAAE,QAAQ,EAAE,UAAU,EAAE;IACrM,oCAAoC;IACpC,EAAE,OAAO,EAAE,kGAAkG,EAAE,WAAW,EAAE,+CAA+C,EAAE,QAAQ,EAAE,UAAU,EAAE;CACpM,CAAC;AAEF,+DAA+D;AAC/D,qCAAqC;AACrC,+DAA+D;AAC/D,MAAM,gBAAgB,GAAsF;IAC1G,EAAE,OAAO,EAAE,wEAAwE,EAAE,WAAW,EAAE,2CAA2C,EAAE,QAAQ,EAAE,UAAU,EAAE;IACrK,oCAAoC;IACpC,EAAE,OAAO,EAAE,4FAA4F,EAAE,WAAW,EAAE,4CAA4C,EAAE,QAAQ,EAAE,UAAU,EAAE;IAC1L,uBAAuB;IACvB,EAAE,OAAO,EAAE,wCAAwC,EAAE,WAAW,EAAE,wCAAwC,EAAE,QAAQ,EAAE,SAAS,EAAE;IACjI,2BAA2B;IAC3B,EAAE,OAAO,EAAE,wCAAwC,EAAE,WAAW,EAAE,uDAAuD,EAAE,QAAQ,EAAE,SAAS,EAAE;CACjJ,CAAC;AAEF,+DAA+D;AAC/D,+EAA+E;AAC/E,yEAAyE;AACzE,+DAA+D;AAC/D,MAAM,eAAe,GAAsF;IACzG,EAAE,OAAO,EAAE,+JAA+J,EAAE,WAAW,EAAE,sDAAsD,EAAE,QAAQ,EAAE,SAAS,EAAE;IACtQ,EAAE,OAAO,EAAE,0MAA0M,EAAE,WAAW,EAAE,uCAAuC,EAAE,QAAQ,EAAE,UAAU,EAAE;IACnS,EAAE,OAAO,EAAE,qEAAqE,EAAE,WAAW,EAAE,6DAA6D,EAAE,QAAQ,EAAE,UAAU,EAAE;CACrL,CAAC;AAEF,+DAA+D;AAC/D,+DAA+D;AAC/D,6DAA6D;AAC7D,+DAA+D;AAC/D,MAAM,mBAAmB,GAAsF;IAC7G,EAAE,OAAO,EAAE,yDAAyD,EAAE,WAAW,EAAE,gDAAgD,EAAE,QAAQ,EAAE,UAAU,EAAE;IAC3J,EAAE,OAAO,EAAE,gGAAgG,EAAE,WAAW,EAAE,iCAAiC,EAAE,QAAQ,EAAE,UAAU,EAAE;IACnL,EAAE,OAAO,EAAE,0DAA0D,EAAE,WAAW,EAAE,8BAA8B,EAAE,QAAQ,EAAE,UAAU,EAAE;IAC1I,EAAE,OAAO,EAAE,gEAAgE,EAAE,WAAW,EAAE,2CAA2C,EAAE,QAAQ,EAAE,UAAU,EAAE;IAC7J,EAAE,OAAO,EAAE,wEAAwE,EAAE,WAAW,EAAE,iCAAiC,EAAE,QAAQ,EAAE,UAAU,EAAE;CAC5J,CAAC;AAEF,+DAA+D;AAC/D,2CAA2C;AAC3C,yDAAyD;AACzD,+DAA+D;AAC/D,MAAM,eAAe,GAAsF;IACzG,EAAE,OAAO,EAAE,iKAAiK,EAAE,WAAW,EAAE,gCAAgC,EAAE,QAAQ,EAAE,UAAU,EAAE;IACnP,EAAE,OAAO,EAAE,0JAA0J,EAAE,WAAW,EAAE,oCAAoC,EAAE,QAAQ,EAAE,UAAU,EAAE;IAChP,EAAE,OAAO,EAAE,0GAA0G,EAAE,WAAW,EAAE,kCAAkC,EAAE,QAAQ,EAAE,SAAS,EAAE;IAC7L,EAAE,OAAO,EAAE,4GAA4G,EAAE,WAAW,EAAE,4CAA4C,EAAE,QAAQ,EAAE,SAAS,EAAE;IACzM,EAAE,OAAO,EAAE,4GAA4G,EAAE,WAAW,EAAE,4CAA4C,EAAE,QAAQ,EAAE,SAAS,EAAE;CAC1M,CAAC;AAEF,+DAA+D;AAC/D,8CAA8C;AAC9C,kEAAkE;AAClE,+DAA+D;AAC/D,MAAM,iBAAiB,GAAsF;IAC3G,EAAE,OAAO,EAAE,+GAA+G,EAAE,WAAW,EAAE,4DAA4D,EAAE,QAAQ,EAAE,UAAU,EAAE;IAC7N,EAAE,OAAO,EAAE,sHAAsH,EAAE,WAAW,EAAE,+CAA+C,EAAE,QAAQ,EAAE,UAAU,EAAE;IACvN,EAAE,OAAO,EAAE,sGAAsG,EAAE,WAAW,EAAE,yCAAyC,EAAE,QAAQ,EAAE,UAAU,EAAE;CAClM,CAAC;AAEF,uBAAuB;AACvB,MAAM,kBAAkB,GAAG;IACzB,GAAG,oBAAoB;IACvB,GAAG,qBAAqB;IACxB,GAAG,qBAAqB;IACxB,GAAG,mBAAmB;IACtB,GAAG,oBAAoB;IACvB,GAAG,cAAc;IACjB,GAAG,iBAAiB;IACpB,GAAG,gBAAgB;IACnB,GAAG,eAAe;IAClB,GAAG,mBAAmB;IACtB,GAAG,eAAe;IAClB,GAAG,iBAAiB;CACrB,CAAC;AAEF,oCAAoC;AACpC,MAAM,uBAAuB,GAAoD;IAC/E,EAAE,OAAO,EAAE,6FAA6F,EAAE,WAAW,EAAE,oCAAoC,EAAE;IAC7J,EAAE,OAAO,EAAE,qEAAqE,EAAE,WAAW,EAAE,oCAAoC,EAAE;IACrI,EAAE,OAAO,EAAE,wCAAwC,EAAE,WAAW,EAAE,oCAAoC,EAAE;IACxG,EAAE,OAAO,EAAE,sDAAsD,EAAE,WAAW,EAAE,sCAAsC,EAAE;IACxH,EAAE,OAAO,EAAE,qDAAqD,EAAE,WAAW,EAAE,+CAA+C,EAAE;IAChI,0CAA0C;IAC1C,EAAE,OAAO,EAAE,iFAAiF,EAAE,WAAW,EAAE,oCAAoC,EAAE;IACjJ,EAAE,OAAO,EAAE,6DAA6D,EAAE,WAAW,EAAE,iDAAiD,EAAE;CAC3I,CAAC;AAEF,MAAM,CAAC,MAAM,eAAe,GAAS;IACnC,EAAE,EAAE,kBAAkB;IACtB,IAAI,EAAE,4BAA4B;IAClC,WAAW,EAAE,gHAAgH;IAE7H,GAAG,CAAC,KAAoB;QACtB,MAAM,QAAQ,GAAc,EAAE,CAAC;QAE/B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,wEAAwE;YACxE,MAAM,SAAS,GAAG,IAAI,CAAC,YAAY,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;YACvE,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,KAAK,KAAK,CAAC;YACtC,MAAM,QAAQ,GAAG,CAAC,OAAO,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAC/D,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,KAAK,KAAK,CAAC,CAAC,+BAA+B;YAEpE,IAAI,CAAC,UAAU,IAAI,CAAC,QAAQ,IAAI,CAAC,QAAQ;gBAAE,SAAS;YAEpD,yCAAyC;YACzC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC3C,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC;gBAE5B,KAAK,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,QAAQ,EAAE,IAAI,kBAAkB,EAAE,CAAC;oBACpE,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;oBACtB,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;wBACvB,QAAQ,CAAC,IAAI,CAAC;4BACZ,IAAI,EAAE,kBAAkB;4BACxB,QAAQ,EAAE,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS;4BAC1C,IAAI,EAAE,IAAI,CAAC,YAAY;4BACvB,IAAI,EAAE,CAAC,GAAG,CAAC;4BACX,OAAO,EAAE,qBAAqB,WAAW,EAAE;4BAC3C,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC;yBACxC,CAAC,CAAC;wBACH,MAAM,CAAC,uBAAuB;oBAChC,CAAC;gBACH,CAAC;YACH,CAAC;YAED,4EAA4E;YAC5E,IAAI,UAAU,IAAI,QAAQ,IAAI,QAAQ,EAAE,CAAC;gBACvC,MAAM,gBAAgB,GAAG,sCAAsC,CAAC;gBAChE,IAAI,KAAK,CAAC;gBACV,OAAO,CAAC,KAAK,GAAG,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;oBAC9D,MAAM,YAAY,GAAG,KAAK,CAAC,CAAC,CAAE,CAAC,WAAW,EAAE,CAAC;oBAC7C,sDAAsD;oBACtD,MAAM,aAAa,GAAG,4FAA4F,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;oBACtI,IAAI,aAAa,EAAE,CAAC;wBAClB,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC;wBAC1E,QAAQ,CAAC,IAAI,CAAC;4BACZ,IAAI,EAAE,kBAAkB;4BACxB,QAAQ,EAAE,UAAU;4BACpB,IAAI,EAAE,IAAI,CAAC,YAAY;4BACvB,IAAI,EAAE,OAAO;4BACb,OAAO,EAAE,qFAAqF;4BAC9F,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAE,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC;yBACtC,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;YACH,CAAC;YAED,2CAA2C;YAC3C,IAAI,SAAS,IAAI,UAAU,EAAE,CAAC;gBAC5B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;oBAC3C,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC;oBAC5B,KAAK,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,IAAI,uBAAuB,EAAE,CAAC;wBAC/D,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;wBACtB,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;4BACvB,QAAQ,CAAC,IAAI,CAAC;gCACZ,IAAI,EAAE,kBAAkB;gCACxB,QAAQ,EAAE,SAAS;gCACnB,IAAI,EAAE,IAAI,CAAC,YAAY;gCACvB,IAAI,EAAE,CAAC,GAAG,CAAC;gCACX,OAAO,EAAE,mBAAmB,WAAW,EAAE;gCACzC,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC;6BACxC,CAAC,CAAC;4BACH,MAAM;wBACR,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;YAED,sDAAsD;YACtD,MAAM,WAAW,GAAG,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC;YAC/C,IAAI,QAAQ,EAAE,CAAC;gBACb,MAAM,gBAAgB,GAAG,CAAC,WAAW,CAAC,KAAK,CAAC,sDAAsD,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC;gBAClH,MAAM,SAAS,GAAG,WAAW,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC;gBAClD,IAAI,SAAS,GAAG,EAAE,IAAI,gBAAgB,GAAG,SAAS,GAAG,IAAI,EAAE,CAAC;oBAC1D,QAAQ,CAAC,IAAI,CAAC;wBACZ,IAAI,EAAE,kBAAkB;wBACxB,QAAQ,EAAE,SAAS;wBACnB,IAAI,EAAE,IAAI,CAAC,YAAY;wBACvB,OAAO,EAAE,6BAA6B,gBAAgB,uBAAuB,SAAS,uCAAuC;qBAC9H,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,8DAA8D;YAC9D,IAAI,QAAQ,EAAE,CAAC;gBACb,MAAM,WAAW,GAAG,oCAAoC,CAAC;gBACzD,IAAI,OAAO,CAAC;gBACZ,OAAO,CAAC,OAAO,GAAG,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;oBAC3D,MAAM,SAAS,GAAG,OAAO,CAAC,CAAC,CAAE,CAAC;oBAC9B,uCAAuC;oBACvC,IAAI,cAAc,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,4CAA4C,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;wBACnG,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC;wBAC5E,QAAQ,CAAC,IAAI,CAAC;4BACZ,IAAI,EAAE,kBAAkB;4BACxB,QAAQ,EAAE,UAAU;4BACpB,IAAI,EAAE,IAAI,CAAC,YAAY;4BACvB,IAAI,EAAE,OAAO;4BACb,OAAO,EAAE,yDAAyD;4BAClE,QAAQ,EAAE,SAAS,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;yBAC1D,CAAC,CAAC;oBACL,CAAC;oBACD,sCAAsC;oBACtC,IAAI,4EAA4E,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;wBACjG,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC;wBAC5E,QAAQ,CAAC,IAAI,CAAC;4BACZ,IAAI,EAAE,kBAAkB;4BACxB,QAAQ,EAAE,UAAU;4BACpB,IAAI,EAAE,IAAI,CAAC,YAAY;4BACvB,IAAI,EAAE,OAAO;4BACb,OAAO,EAAE,0DAA0D;4BACnE,QAAQ,EAAE,SAAS,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;yBAC1D,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF,CAAC"}
|
|
1
|
+
{"version":3,"file":"prompt-injection.js","sourceRoot":"","sources":["../../src/rules/prompt-injection.ts"],"names":[],"mappings":"AAEA;;;;;;;;;;;;;GAaG;AAEH,+DAA+D;AAC/D,0CAA0C;AAC1C,+DAA+D;AAC/D,MAAM,oBAAoB,GAAmF;IAC3G,EAAE,OAAO,EAAE,6FAA6F,EAAE,WAAW,EAAE,4CAA4C,EAAE,QAAQ,EAAE,QAAQ,EAAE;IACzL,EAAE,OAAO,EAAE,4FAA4F,EAAE,WAAW,EAAE,yCAAyC,EAAE,QAAQ,EAAE,QAAQ,EAAE;IACrL,EAAE,OAAO,EAAE,kEAAkE,EAAE,WAAW,EAAE,4CAA4C,EAAE,QAAQ,EAAE,QAAQ,EAAE;IAC9J,EAAE,OAAO,EAAE,0BAA0B,EAAE,WAAW,EAAE,0BAA0B,EAAE,QAAQ,EAAE,QAAQ,EAAE;IACpG,EAAE,OAAO,EAAE,gFAAgF,EAAE,WAAW,EAAE,qCAAqC,EAAE,QAAQ,EAAE,QAAQ,EAAE;IACrK,qCAAqC;IACrC,EAAE,OAAO,EAAE,mDAAmD,EAAE,WAAW,EAAE,mDAAmD,EAAE,QAAQ,EAAE,QAAQ,EAAE;IACtJ,EAAE,OAAO,EAAE,yCAAyC,EAAE,WAAW,EAAE,wCAAwC,EAAE,QAAQ,EAAE,QAAQ,EAAE;IACjI,qCAAqC;IACrC,EAAE,OAAO,EAAE,8EAA8E,EAAE,WAAW,EAAE,uCAAuC,EAAE,QAAQ,EAAE,QAAQ,EAAE;IACrK,oCAAoC;IACpC,EAAE,OAAO,EAAE,wFAAwF,EAAE,WAAW,EAAE,sCAAsC,EAAE,QAAQ,EAAE,QAAQ,EAAE;IAC9K,oCAAoC;IACpC,EAAE,OAAO,EAAE,2FAA2F,EAAE,WAAW,EAAE,sCAAsC,EAAE,QAAQ,EAAE,QAAQ,EAAE;IACjL,sCAAsC;IACtC,EAAE,OAAO,EAAE,yDAAyD,EAAE,WAAW,EAAE,wCAAwC,EAAE,QAAQ,EAAE,QAAQ,EAAE;IACjJ,oCAAoC;IACpC,EAAE,OAAO,EAAE,wDAAwD,EAAE,WAAW,EAAE,sCAAsC,EAAE,QAAQ,EAAE,QAAQ,EAAE;IAC9I,+BAA+B;IAC/B,EAAE,OAAO,EAAE,+BAA+B,EAAE,WAAW,EAAE,4CAA4C,EAAE,QAAQ,EAAE,QAAQ,EAAE;IAC3H,EAAE,OAAO,EAAE,8BAA8B,EAAE,WAAW,EAAE,0CAA0C,EAAE,QAAQ,EAAE,QAAQ,EAAE;CACzH,CAAC;AAEF,+DAA+D;AAC/D,oCAAoC;AACpC,+DAA+D;AAC/D,MAAM,qBAAqB,GAAmF;IAC5G,EAAE,OAAO,EAAE,uCAAuC,EAAE,WAAW,EAAE,mCAAmC,EAAE,QAAQ,EAAE,QAAQ,EAAE;IAC1H,EAAE,OAAO,EAAE,gCAAgC,EAAE,WAAW,EAAE,+CAA+C,EAAE,QAAQ,EAAE,QAAQ,EAAE;IAC/H,EAAE,OAAO,EAAE,iDAAiD,EAAE,WAAW,EAAE,2CAA2C,EAAE,QAAQ,EAAE,QAAQ,EAAE;IAC5I,4CAA4C;IAC5C,EAAE,OAAO,EAAE,2BAA2B,EAAE,WAAW,EAAE,0CAA0C,EAAE,QAAQ,EAAE,QAAQ,EAAE;IACrH,EAAE,OAAO,EAAE,oFAAoF,EAAE,WAAW,EAAE,kCAAkC,EAAE,QAAQ,EAAE,QAAQ,EAAE;IACtK,EAAE,OAAO,EAAE,8FAA8F,EAAE,WAAW,EAAE,sCAAsC,EAAE,QAAQ,EAAE,QAAQ,EAAE;IACpL,uBAAuB;IACvB,EAAE,OAAO,EAAE,kDAAkD,EAAE,WAAW,EAAE,uBAAuB,EAAE,QAAQ,EAAE,QAAQ,EAAE;IACzH,EAAE,OAAO,EAAE,iFAAiF,EAAE,WAAW,EAAE,6CAA6C,EAAE,QAAQ,EAAE,QAAQ,EAAE;CAC/K,CAAC;AAEF,+DAA+D;AAC/D,oDAAoD;AACpD,+DAA+D;AAC/D,MAAM,qBAAqB,GAAmF;IAC5G,EAAE,OAAO,EAAE,gGAAgG,EAAE,WAAW,EAAE,mCAAmC,EAAE,QAAQ,EAAE,QAAQ,EAAE;IACnL,EAAE,OAAO,EAAE,oFAAoF,EAAE,WAAW,EAAE,wCAAwC,EAAE,QAAQ,EAAE,QAAQ,EAAE;IAC5K,EAAE,OAAO,EAAE,cAAc,EAAE,WAAW,EAAE,yCAAyC,EAAE,QAAQ,EAAE,QAAQ,EAAE;IACvG,EAAE,OAAO,EAAE,iCAAiC,EAAE,WAAW,EAAE,6BAA6B,EAAE,QAAQ,EAAE,QAAQ,EAAE;IAC9G,oCAAoC;IACpC,EAAE,OAAO,EAAE,4DAA4D,EAAE,WAAW,EAAE,kCAAkC,EAAE,QAAQ,EAAE,QAAQ,EAAE;IAC9I,EAAE,OAAO,EAAE,kEAAkE,EAAE,WAAW,EAAE,kCAAkC,EAAE,QAAQ,EAAE,QAAQ,EAAE;IACpJ,EAAE,OAAO,EAAE,iEAAiE,EAAE,WAAW,EAAE,8BAA8B,EAAE,QAAQ,EAAE,QAAQ,EAAE;CAChJ,CAAC;AAEF,+DAA+D;AAC/D,2DAA2D;AAC3D,+DAA+D;AAC/D,MAAM,mBAAmB,GAAmF;IAC1G,EAAE,OAAO,EAAE,yFAAyF,EAAE,WAAW,EAAE,sCAAsC,EAAE,QAAQ,EAAE,QAAQ,EAAE;IAC/K,EAAE,OAAO,EAAE,6BAA6B,EAAE,WAAW,EAAE,+CAA+C,EAAE,QAAQ,EAAE,QAAQ,EAAE;IAC5H,gDAAgD;IAChD,EAAE,OAAO,EAAE,mCAAmC,EAAE,WAAW,EAAE,+DAA+D,EAAE,QAAQ,EAAE,QAAQ,EAAE;IAClJ,EAAE,OAAO,EAAE,qHAAqH,EAAE,WAAW,EAAE,oCAAoC,EAAE,QAAQ,EAAE,QAAQ,EAAE;IACzM,wCAAwC;IACxC,EAAE,OAAO,EAAE,4CAA4C,EAAE,WAAW,EAAE,+DAA+D,EAAE,QAAQ,EAAE,QAAQ,EAAE;IAC3J,EAAE,OAAO,EAAE,sBAAsB,EAAE,WAAW,EAAE,qDAAqD,EAAE,QAAQ,EAAE,QAAQ,EAAE;IAC3H,8BAA8B;IAC9B,EAAE,OAAO,EAAE,mFAAmF,EAAE,WAAW,EAAE,oDAAoD,EAAE,QAAQ,EAAE,QAAQ,EAAE;IACvL,0BAA0B;IAC1B,EAAE,OAAO,EAAE,uEAAuE,EAAE,WAAW,EAAE,2CAA2C,EAAE,QAAQ,EAAE,QAAQ,EAAE;IAClK,EAAE,OAAO,EAAE,iCAAiC,EAAE,WAAW,EAAE,qCAAqC,EAAE,QAAQ,EAAE,QAAQ,EAAE;CACvH,CAAC;AAEF,+DAA+D;AAC/D,mCAAmC;AACnC,+DAA+D;AAC/D,MAAM,oBAAoB,GAAmF;IAC3G,EAAE,OAAO,EAAE,yFAAyF,EAAE,WAAW,EAAE,qCAAqC,EAAE,QAAQ,EAAE,QAAQ,EAAE;IAC9K,kGAAkG;IAClG,EAAE,OAAO,EAAE,qLAAqL,EAAE,WAAW,EAAE,sCAAsC,EAAE,QAAQ,EAAE,QAAQ,EAAE;IAC3Q,EAAE,OAAO,EAAE,gHAAgH,EAAE,WAAW,EAAE,oCAAoC,EAAE,QAAQ,EAAE,QAAQ,EAAE;IACpM,EAAE,OAAO,EAAE,qHAAqH,EAAE,WAAW,EAAE,oCAAoC,EAAE,QAAQ,EAAE,QAAQ,EAAE;IACzM,0DAA0D;IAC1D,EAAE,OAAO,EAAE,uJAAuJ,EAAE,WAAW,EAAE,kDAAkD,EAAE,QAAQ,EAAE,QAAQ,EAAE;IACzP,EAAE,OAAO,EAAE,yHAAyH,EAAE,WAAW,EAAE,gDAAgD,EAAE,QAAQ,EAAE,QAAQ,EAAE;IACzN,EAAE,OAAO,EAAE,wIAAwI,EAAE,WAAW,EAAE,mDAAmD,EAAE,QAAQ,EAAE,QAAQ,EAAE;IAC3O,2EAA2E;IAC3E,EAAE,OAAO,EAAE,+IAA+I,EAAE,WAAW,EAAE,2DAA2D,EAAE,QAAQ,EAAE,QAAQ,EAAE;IAC1P,EAAE,OAAO,EAAE,wFAAwF,EAAE,WAAW,EAAE,+DAA+D,EAAE,QAAQ,EAAE,QAAQ,EAAE;CACxM,CAAC;AAEF,+DAA+D;AAC/D,gEAAgE;AAChE,+DAA+D;AAC/D,MAAM,cAAc,GAAmF;IACrG,kGAAkG;IAClG,EAAE,OAAO,EAAE,8HAA8H,EAAE,WAAW,EAAE,mDAAmD,EAAE,QAAQ,EAAE,QAAQ,EAAE;IACjO,EAAE,OAAO,EAAE,0GAA0G,EAAE,WAAW,EAAE,6CAA6C,EAAE,QAAQ,EAAE,QAAQ,EAAE;IACvM,8CAA8C;IAC9C,EAAE,OAAO,EAAE,8IAA8I,EAAE,WAAW,EAAE,kDAAkD,EAAE,QAAQ,EAAE,QAAQ,EAAE;IAChP,EAAE,OAAO,EAAE,kGAAkG,EAAE,WAAW,EAAE,mDAAmD,EAAE,QAAQ,EAAE,QAAQ,EAAE;IACrM,+CAA+C;IAC/C,EAAE,OAAO,EAAE,iNAAiN,EAAE,WAAW,EAAE,0DAA0D,EAAE,QAAQ,EAAE,QAAQ,EAAE;IAC3T,qCAAqC;IACrC,EAAE,OAAO,EAAE,4MAA4M,EAAE,WAAW,EAAE,qDAAqD,EAAE,QAAQ,EAAE,QAAQ,EAAE;CAClT,CAAC;AAEF,+DAA+D;AAC/D,2CAA2C;AAC3C,+DAA+D;AAC/D,MAAM,iBAAiB,GAAmF;IACxG,EAAE,OAAO,EAAE,4IAA4I,EAAE,WAAW,EAAE,6CAA6C,EAAE,QAAQ,EAAE,QAAQ,EAAE;IACzO,oFAAoF;IACpF,EAAE,OAAO,EAAE,iNAAiN,EAAE,WAAW,EAAE,4CAA4C,EAAE,QAAQ,EAAE,QAAQ,EAAE;IAC7S,uDAAuD;IACvD,EAAE,OAAO,EAAE,kMAAkM,EAAE,WAAW,EAAE,6CAA6C,EAAE,QAAQ,EAAE,QAAQ,EAAE;IAC/R,EAAE,OAAO,EAAE,yGAAyG,EAAE,WAAW,EAAE,0CAA0C,EAAE,QAAQ,EAAE,QAAQ,EAAE;IACnM,oCAAoC;IACpC,EAAE,OAAO,EAAE,kGAAkG,EAAE,WAAW,EAAE,+CAA+C,EAAE,QAAQ,EAAE,QAAQ,EAAE;CAClM,CAAC;AAEF,+DAA+D;AAC/D,qCAAqC;AACrC,+DAA+D;AAC/D,MAAM,gBAAgB,GAAmF;IACvG,EAAE,OAAO,EAAE,wEAAwE,EAAE,WAAW,EAAE,2CAA2C,EAAE,QAAQ,EAAE,QAAQ,EAAE;IACnK,oCAAoC;IACpC,EAAE,OAAO,EAAE,4FAA4F,EAAE,WAAW,EAAE,4CAA4C,EAAE,QAAQ,EAAE,QAAQ,EAAE;IACxL,uBAAuB;IACvB,EAAE,OAAO,EAAE,wCAAwC,EAAE,WAAW,EAAE,wCAAwC,EAAE,QAAQ,EAAE,QAAQ,EAAE;IAChI,2BAA2B;IAC3B,EAAE,OAAO,EAAE,wCAAwC,EAAE,WAAW,EAAE,uDAAuD,EAAE,QAAQ,EAAE,QAAQ,EAAE;CAChJ,CAAC;AAEF,+DAA+D;AAC/D,+EAA+E;AAC/E,yEAAyE;AACzE,+DAA+D;AAC/D,MAAM,eAAe,GAAmF;IACtG,EAAE,OAAO,EAAE,+JAA+J,EAAE,WAAW,EAAE,sDAAsD,EAAE,QAAQ,EAAE,QAAQ,EAAE;IACrQ,EAAE,OAAO,EAAE,0MAA0M,EAAE,WAAW,EAAE,uCAAuC,EAAE,QAAQ,EAAE,QAAQ,EAAE;IACjS,EAAE,OAAO,EAAE,qEAAqE,EAAE,WAAW,EAAE,6DAA6D,EAAE,QAAQ,EAAE,QAAQ,EAAE;CACnL,CAAC;AAEF,+DAA+D;AAC/D,+DAA+D;AAC/D,6DAA6D;AAC7D,+DAA+D;AAC/D,MAAM,mBAAmB,GAAmF;IAC1G,EAAE,OAAO,EAAE,yDAAyD,EAAE,WAAW,EAAE,gDAAgD,EAAE,QAAQ,EAAE,QAAQ,EAAE;IACzJ,EAAE,OAAO,EAAE,gGAAgG,EAAE,WAAW,EAAE,iCAAiC,EAAE,QAAQ,EAAE,QAAQ,EAAE;IACjL,EAAE,OAAO,EAAE,0DAA0D,EAAE,WAAW,EAAE,8BAA8B,EAAE,QAAQ,EAAE,QAAQ,EAAE;IACxI,EAAE,OAAO,EAAE,gEAAgE,EAAE,WAAW,EAAE,2CAA2C,EAAE,QAAQ,EAAE,QAAQ,EAAE;IAC3J,EAAE,OAAO,EAAE,wEAAwE,EAAE,WAAW,EAAE,iCAAiC,EAAE,QAAQ,EAAE,QAAQ,EAAE;CAC1J,CAAC;AAEF,+DAA+D;AAC/D,2CAA2C;AAC3C,yDAAyD;AACzD,+DAA+D;AAC/D,MAAM,eAAe,GAAmF;IACtG,EAAE,OAAO,EAAE,iKAAiK,EAAE,WAAW,EAAE,gCAAgC,EAAE,QAAQ,EAAE,QAAQ,EAAE;IACjP,EAAE,OAAO,EAAE,0JAA0J,EAAE,WAAW,EAAE,oCAAoC,EAAE,QAAQ,EAAE,QAAQ,EAAE;IAC9O,EAAE,OAAO,EAAE,0GAA0G,EAAE,WAAW,EAAE,kCAAkC,EAAE,QAAQ,EAAE,QAAQ,EAAE;IAC5L,EAAE,OAAO,EAAE,4GAA4G,EAAE,WAAW,EAAE,4CAA4C,EAAE,QAAQ,EAAE,QAAQ,EAAE;IACxM,EAAE,OAAO,EAAE,4GAA4G,EAAE,WAAW,EAAE,4CAA4C,EAAE,QAAQ,EAAE,QAAQ,EAAE;CACzM,CAAC;AAEF,+DAA+D;AAC/D,8CAA8C;AAC9C,kEAAkE;AAClE,+DAA+D;AAC/D,MAAM,iBAAiB,GAAmF;IACxG,EAAE,OAAO,EAAE,+GAA+G,EAAE,WAAW,EAAE,4DAA4D,EAAE,QAAQ,EAAE,QAAQ,EAAE;IAC3N,EAAE,OAAO,EAAE,sHAAsH,EAAE,WAAW,EAAE,+CAA+C,EAAE,QAAQ,EAAE,QAAQ,EAAE;IACrN,EAAE,OAAO,EAAE,sGAAsG,EAAE,WAAW,EAAE,yCAAyC,EAAE,QAAQ,EAAE,QAAQ,EAAE;CAChM,CAAC;AAEF,uBAAuB;AACvB,MAAM,kBAAkB,GAAG;IACzB,GAAG,oBAAoB;IACvB,GAAG,qBAAqB;IACxB,GAAG,qBAAqB;IACxB,GAAG,mBAAmB;IACtB,GAAG,oBAAoB;IACvB,GAAG,cAAc;IACjB,GAAG,iBAAiB;IACpB,GAAG,gBAAgB;IACnB,GAAG,eAAe;IAClB,GAAG,mBAAmB;IACtB,GAAG,eAAe;IAClB,GAAG,iBAAiB;CACrB,CAAC;AAEF,oCAAoC;AACpC,MAAM,uBAAuB,GAAoD;IAC/E,EAAE,OAAO,EAAE,yJAAyJ,EAAE,WAAW,EAAE,uDAAuD,EAAE;IAC5O,EAAE,OAAO,EAAE,4GAA4G,EAAE,WAAW,EAAE,iDAAiD,EAAE;IACzL,+EAA+E;IAC/E,wFAAwF;IACxF,EAAE,OAAO,EAAE,wEAAwE,EAAE,WAAW,EAAE,0CAA0C,EAAE;IAC9I,EAAE,OAAO,EAAE,sDAAsD,EAAE,WAAW,EAAE,sCAAsC,EAAE;IACxH,EAAE,OAAO,EAAE,qDAAqD,EAAE,WAAW,EAAE,+CAA+C,EAAE;IAChI,0CAA0C;IAC1C,EAAE,OAAO,EAAE,iFAAiF,EAAE,WAAW,EAAE,oCAAoC,EAAE;IACjJ,EAAE,OAAO,EAAE,6DAA6D,EAAE,WAAW,EAAE,iDAAiD,EAAE;CAC3I,CAAC;AAEF,MAAM,CAAC,MAAM,eAAe,GAAS;IACnC,EAAE,EAAE,kBAAkB;IACtB,IAAI,EAAE,4BAA4B;IAClC,WAAW,EAAE,gHAAgH;IAE7H,GAAG,CAAC,KAAoB;QACtB,MAAM,QAAQ,GAAc,EAAE,CAAC;QAE/B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,wEAAwE;YACxE,MAAM,SAAS,GAAG,IAAI,CAAC,YAAY,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;YACvE,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,KAAK,KAAK,CAAC;YACtC,MAAM,QAAQ,GAAG,CAAC,OAAO,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAC/D,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,KAAK,KAAK,CAAC,CAAC,+BAA+B;YAEpE,IAAI,CAAC,UAAU,IAAI,CAAC,QAAQ,IAAI,CAAC,QAAQ;gBAAE,SAAS;YAEpD,yCAAyC;YACzC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC3C,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC;gBAE5B,KAAK,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,QAAQ,EAAE,IAAI,kBAAkB,EAAE,CAAC;oBACpE,qEAAqE;oBACrE,6EAA6E;oBAC7E,IAAI,CAAC,SAAS,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,YAAY,CAAC,IAAI,WAAW,CAAC,QAAQ,CAAC,oBAAoB,CAAC,CAAC;wBAAE,SAAS;oBAE/G,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;oBACtB,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;wBACvB,QAAQ,CAAC,IAAI,CAAC;4BACZ,IAAI,EAAE,kBAAkB;4BACxB,QAAQ,EAAE,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ;4BACzC,IAAI,EAAE,IAAI,CAAC,YAAY;4BACvB,IAAI,EAAE,CAAC,GAAG,CAAC;4BACX,OAAO,EAAE,qBAAqB,WAAW,EAAE;4BAC3C,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC;yBACxC,CAAC,CAAC;wBACH,MAAM,CAAC,uBAAuB;oBAChC,CAAC;gBACH,CAAC;YACH,CAAC;YAED,4EAA4E;YAC5E,IAAI,UAAU,IAAI,QAAQ,IAAI,QAAQ,EAAE,CAAC;gBACvC,MAAM,gBAAgB,GAAG,sCAAsC,CAAC;gBAChE,IAAI,KAAK,CAAC;gBACV,OAAO,CAAC,KAAK,GAAG,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;oBAC9D,MAAM,YAAY,GAAG,KAAK,CAAC,CAAC,CAAE,CAAC,WAAW,EAAE,CAAC;oBAC7C,sDAAsD;oBACtD,MAAM,aAAa,GAAG,4FAA4F,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;oBACtI,IAAI,aAAa,EAAE,CAAC;wBAClB,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC;wBAC1E,QAAQ,CAAC,IAAI,CAAC;4BACZ,IAAI,EAAE,kBAAkB;4BACxB,QAAQ,EAAE,QAAQ;4BAClB,IAAI,EAAE,IAAI,CAAC,YAAY;4BACvB,IAAI,EAAE,OAAO;4BACb,OAAO,EAAE,qFAAqF;4BAC9F,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAE,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC;yBACtC,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;YACH,CAAC;YAED,2CAA2C;YAC3C,IAAI,SAAS,IAAI,UAAU,EAAE,CAAC;gBAC5B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;oBAC3C,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC;oBAC5B,KAAK,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,IAAI,uBAAuB,EAAE,CAAC;wBAC/D,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;wBACtB,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;4BACvB,QAAQ,CAAC,IAAI,CAAC;gCACZ,IAAI,EAAE,kBAAkB;gCACxB,QAAQ,EAAE,QAAQ;gCAClB,IAAI,EAAE,IAAI,CAAC,YAAY;gCACvB,IAAI,EAAE,CAAC,GAAG,CAAC;gCACX,OAAO,EAAE,mBAAmB,WAAW,EAAE;gCACzC,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC;6BACxC,CAAC,CAAC;4BACH,MAAM;wBACR,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;YAED,sDAAsD;YACtD,MAAM,WAAW,GAAG,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC;YAC/C,IAAI,QAAQ,EAAE,CAAC;gBACb,MAAM,gBAAgB,GAAG,CAAC,WAAW,CAAC,KAAK,CAAC,sDAAsD,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC;gBAClH,MAAM,SAAS,GAAG,WAAW,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC;gBAClD,IAAI,SAAS,GAAG,EAAE,IAAI,gBAAgB,GAAG,SAAS,GAAG,IAAI,EAAE,CAAC;oBAC1D,QAAQ,CAAC,IAAI,CAAC;wBACZ,IAAI,EAAE,kBAAkB;wBACxB,QAAQ,EAAE,QAAQ;wBAClB,IAAI,EAAE,IAAI,CAAC,YAAY;wBACvB,OAAO,EAAE,6BAA6B,gBAAgB,uBAAuB,SAAS,uCAAuC;qBAC9H,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,8DAA8D;YAC9D,IAAI,QAAQ,EAAE,CAAC;gBACb,MAAM,WAAW,GAAG,oCAAoC,CAAC;gBACzD,IAAI,OAAO,CAAC;gBACZ,OAAO,CAAC,OAAO,GAAG,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;oBAC3D,MAAM,SAAS,GAAG,OAAO,CAAC,CAAC,CAAE,CAAC;oBAC9B,uCAAuC;oBACvC,IAAI,cAAc,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,4CAA4C,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;wBACnG,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC;wBAC5E,QAAQ,CAAC,IAAI,CAAC;4BACZ,IAAI,EAAE,kBAAkB;4BACxB,QAAQ,EAAE,QAAQ;4BAClB,IAAI,EAAE,IAAI,CAAC,YAAY;4BACvB,IAAI,EAAE,OAAO;4BACb,OAAO,EAAE,yDAAyD;4BAClE,QAAQ,EAAE,SAAS,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;yBAC1D,CAAC,CAAC;oBACL,CAAC;oBACD,sCAAsC;oBACtC,IAAI,4EAA4E,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;wBACjG,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC;wBAC5E,QAAQ,CAAC,IAAI,CAAC;4BACZ,IAAI,EAAE,kBAAkB;4BACxB,QAAQ,EAAE,QAAQ;4BAClB,IAAI,EAAE,IAAI,CAAC,YAAY;4BACvB,IAAI,EAAE,OAAO;4BACb,OAAO,EAAE,0DAA0D;4BACnE,QAAQ,EAAE,SAAS,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;yBAC1D,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF,CAAC"}
|