agent-threat-rules 0.3.0 → 0.3.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/flywheel.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"flywheel.d.ts","sourceRoot":"","sources":["../src/flywheel.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAEhE,OAAO,EAAmB,KAAK,kBAAkB,EAAE,MAAM,uBAAuB,CAAC;AAEjF,MAAM,WAAW,cAAc;IAC7B,6DAA6D;IAC7D,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAC5B,kEAAkE;IAClE,QAAQ,CAAC,cAAc,CAAC,EAAE,MAAM,CAAC;IACjC,4CAA4C;IAC5C,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,kBAAkB,CAAC,OAAO,CAAC,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACjG,mDAAmD;IACnD,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC,IAAI,EAAE,OAAO,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACjE;AAED,qBAAa,eAAe;IAC1B,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAiB;IAC5C,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAkB;IACzC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAA2B;IAClD,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAqB;gBAErC,MAAM,GAAE,cAAmB;IAWvC;;;OAGG;IACG,gBAAgB,CAAC,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,UAAU,GAAG,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC;
|
|
1
|
+
{"version":3,"file":"flywheel.d.ts","sourceRoot":"","sources":["../src/flywheel.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAEhE,OAAO,EAAmB,KAAK,kBAAkB,EAAE,MAAM,uBAAuB,CAAC;AAEjF,MAAM,WAAW,cAAc;IAC7B,6DAA6D;IAC7D,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAC5B,kEAAkE;IAClE,QAAQ,CAAC,cAAc,CAAC,EAAE,MAAM,CAAC;IACjC,4CAA4C;IAC5C,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,kBAAkB,CAAC,OAAO,CAAC,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACjG,mDAAmD;IACnD,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC,IAAI,EAAE,OAAO,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACjE;AAED,qBAAa,eAAe;IAC1B,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAiB;IAC5C,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAkB;IACzC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAA2B;IAClD,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAqB;gBAErC,MAAM,GAAE,cAAmB;IAWvC;;;OAGG;IACG,gBAAgB,CAAC,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,UAAU,GAAG,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC;IAgEnF;;;OAGG;IACH,cAAc,CAAC,KAAK,EAAE,UAAU,GAAG,SAAS,QAAQ,EAAE;IAItD,6CAA6C;IAC7C,cAAc,CAAC,MAAM,EAAE,MAAM,EAAE,cAAc,EAAE,OAAO,GAAG,IAAI;IAI7D;;;OAGG;IACG,YAAY,IAAI,OAAO,CAAC,SAAS,kBAAkB,EAAE,CAAC;IAe5D,iCAAiC;IACjC,cAAc,IAAI,WAAW,CAAC,MAAM,EAAE,OAAO,CAAC;IAI9C,qCAAqC;IACrC,eAAe,IAAI,MAAM;CAG1B"}
|
package/dist/flywheel.js
CHANGED
|
@@ -39,12 +39,35 @@ export class FlywheelManager {
|
|
|
39
39
|
// Extract category and severity from the match
|
|
40
40
|
const category = match.rule.tags?.category ?? 'prompt-injection';
|
|
41
41
|
const severity = match.rule.severity ?? 'medium';
|
|
42
|
+
// Build example payloads from ATTACK PATTERNS, not just raw content.
|
|
43
|
+
// Priority: matched patterns > event fields > event content
|
|
44
|
+
const payloads = [];
|
|
45
|
+
// 1. Matched patterns from the Tier 4 detection — these ARE the attack signals
|
|
46
|
+
if (match.matchedPatterns.length > 0) {
|
|
47
|
+
payloads.push(...match.matchedPatterns.filter((p) => p.length > 5));
|
|
48
|
+
}
|
|
49
|
+
// 2. Event fields (tool_args, tool_response, etc.) — more specific than content
|
|
50
|
+
if (event.fields) {
|
|
51
|
+
for (const value of Object.values(event.fields)) {
|
|
52
|
+
if (value && value.length > 10) {
|
|
53
|
+
payloads.push(value.slice(0, 500));
|
|
54
|
+
}
|
|
55
|
+
}
|
|
56
|
+
}
|
|
57
|
+
// 3. Event content as fallback — but only if we don't have better signals
|
|
58
|
+
if (payloads.length === 0 && event.content) {
|
|
59
|
+
payloads.push(event.content.slice(0, 500));
|
|
60
|
+
}
|
|
61
|
+
// Ensure at least one payload
|
|
62
|
+
if (payloads.length === 0) {
|
|
63
|
+
payloads.push(match.rule.description ?? match.rule.title);
|
|
64
|
+
}
|
|
42
65
|
const input = {
|
|
43
66
|
title: `Auto: ${match.rule.description?.slice(0, 60) ?? match.rule.title}`,
|
|
44
67
|
category: category,
|
|
45
68
|
severity: severity,
|
|
46
69
|
attackDescription: match.rule.description ?? match.matchedPatterns.join('; '),
|
|
47
|
-
examplePayloads:
|
|
70
|
+
examplePayloads: payloads,
|
|
48
71
|
};
|
|
49
72
|
try {
|
|
50
73
|
const result = this.scaffolder.scaffold(input, this.existingIds);
|
package/dist/flywheel.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"flywheel.js","sourceRoot":"","sources":["../src/flywheel.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAGH,OAAO,EAAE,cAAc,EAAsB,MAAM,sBAAsB,CAAC;AAC1E,OAAO,EAAE,eAAe,EAA2B,MAAM,uBAAuB,CAAC;AAajF,MAAM,OAAO,eAAe;IACT,UAAU,CAAiB;IAC3B,MAAM,CAAkB;IACxB,MAAM,CAA2B;IACjC,WAAW,GAAG,IAAI,GAAG,EAAU,CAAC;IAEjD,YAAY,SAAyB,EAAE;QACrC,IAAI,CAAC,UAAU,GAAG,IAAI,cAAc,CAAC,EAAE,MAAM,EAAE,+BAA+B,EAAE,CAAC,CAAC;QAClF,IAAI,CAAC,MAAM,GAAG,IAAI,eAAe,EAAE,CAAC;QACpC,IAAI,CAAC,MAAM,GAAG;YACZ,SAAS,EAAE,MAAM,CAAC,SAAS,IAAI,KAAK;YACpC,cAAc,EAAE,MAAM,CAAC,cAAc,IAAI,IAAI;YAC7C,SAAS,EAAE,MAAM,CAAC,SAAS,IAAI,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC;YACzC,YAAY,EAAE,MAAM,CAAC,YAAY,IAAI,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC;SAChD,CAAC;IACJ,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,gBAAgB,CAAC,KAAe,EAAE,KAAiB;QACvD,oDAAoD;QACpD,IAAI,KAAK,CAAC,UAAU,GAAG,GAAG;YAAE,OAAO,IAAI,CAAC;QAExC,+CAA+C;QAC/C,MAAM,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,IAAI,kBAAkB,CAAC;QACjE,MAAM,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC,QAAQ,IAAI,QAAQ,CAAC;QAEjD,MAAM,
|
|
1
|
+
{"version":3,"file":"flywheel.js","sourceRoot":"","sources":["../src/flywheel.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAGH,OAAO,EAAE,cAAc,EAAsB,MAAM,sBAAsB,CAAC;AAC1E,OAAO,EAAE,eAAe,EAA2B,MAAM,uBAAuB,CAAC;AAajF,MAAM,OAAO,eAAe;IACT,UAAU,CAAiB;IAC3B,MAAM,CAAkB;IACxB,MAAM,CAA2B;IACjC,WAAW,GAAG,IAAI,GAAG,EAAU,CAAC;IAEjD,YAAY,SAAyB,EAAE;QACrC,IAAI,CAAC,UAAU,GAAG,IAAI,cAAc,CAAC,EAAE,MAAM,EAAE,+BAA+B,EAAE,CAAC,CAAC;QAClF,IAAI,CAAC,MAAM,GAAG,IAAI,eAAe,EAAE,CAAC;QACpC,IAAI,CAAC,MAAM,GAAG;YACZ,SAAS,EAAE,MAAM,CAAC,SAAS,IAAI,KAAK;YACpC,cAAc,EAAE,MAAM,CAAC,cAAc,IAAI,IAAI;YAC7C,SAAS,EAAE,MAAM,CAAC,SAAS,IAAI,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC;YACzC,YAAY,EAAE,MAAM,CAAC,YAAY,IAAI,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC;SAChD,CAAC;IACJ,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,gBAAgB,CAAC,KAAe,EAAE,KAAiB;QACvD,oDAAoD;QACpD,IAAI,KAAK,CAAC,UAAU,GAAG,GAAG;YAAE,OAAO,IAAI,CAAC;QAExC,+CAA+C;QAC/C,MAAM,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,IAAI,kBAAkB,CAAC;QACjE,MAAM,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC,QAAQ,IAAI,QAAQ,CAAC;QAEjD,qEAAqE;QACrE,4DAA4D;QAC5D,MAAM,QAAQ,GAAa,EAAE,CAAC;QAE9B,+EAA+E;QAC/E,IAAI,KAAK,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACrC,QAAQ,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC;QACtE,CAAC;QAED,gFAAgF;QAChF,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;YACjB,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC;gBAChD,IAAI,KAAK,IAAI,KAAK,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;oBAC/B,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;gBACrC,CAAC;YACH,CAAC;QACH,CAAC;QAED,0EAA0E;QAC1E,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,IAAI,KAAK,CAAC,OAAO,EAAE,CAAC;YAC3C,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;QAC7C,CAAC;QAED,8BAA8B;QAC9B,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC1B,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,WAAW,IAAI,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC5D,CAAC;QAED,MAAM,KAAK,GAAkB;YAC3B,KAAK,EAAE,SAAS,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,KAAK,CAAC,IAAI,CAAC,KAAK,EAAE;YAC1E,QAAQ,EAAE,QAAqC;YAC/C,QAAQ,EAAE,QAAqC;YAC/C,iBAAiB,EAAE,KAAK,CAAC,IAAI,CAAC,WAAW,IAAI,KAAK,CAAC,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC;YAC7E,eAAe,EAAE,QAAQ;SAC1B,CAAC;QAEF,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,KAAK,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;YACjE,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC;YAE7B,+BAA+B;YAC/B,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,MAAM,MAAM,CAAC,SAAS,CAAC,CAAC;YAClD,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAY,CAAC;YAC5C,IAAI,CAAC,MAAM,GAAG,cAAc,CAAC;YAE7B,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;YAChC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;YAE1B,MAAM,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC;YAErC,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,cAAc,CAAC,KAAiB;QAC9B,OAAO,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IACrC,CAAC;IAED,6CAA6C;IAC7C,cAAc,CAAC,MAAc,EAAE,cAAuB;QACpD,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;IACrD,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,YAAY;QAChB,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,sBAAsB,CACnD,IAAI,CAAC,MAAM,CAAC,SAAS,EACrB,IAAI,CAAC,MAAM,CAAC,cAAc,CAC3B,CAAC;QAEF,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;YACnC,qDAAqD;YACrD,MAAM,QAAQ,GAAG,EAAE,GAAG,SAAS,CAAC,IAAI,EAAE,MAAM,EAAE,QAAiB,EAAE,CAAC;YAClE,MAAM,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,QAAQ,EAAE,SAAS,CAAC,KAAK,CAAC,CAAC;QACzD,CAAC;QAED,OAAO,UAAU,CAAC;IACpB,CAAC;IAED,iCAAiC;IACjC,cAAc;QACZ,OAAO,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;IACnC,CAAC;IAED,qCAAqC;IACrC,eAAe;QACb,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;IAC5B,CAAC;CACF"}
|
|
@@ -22,6 +22,20 @@ export interface ScaffoldOptions {
|
|
|
22
22
|
author?: string;
|
|
23
23
|
schemaVersion?: string;
|
|
24
24
|
}
|
|
25
|
+
/**
|
|
26
|
+
* Attack pattern templates by category — reusable regex building blocks
|
|
27
|
+
* that detect BEHAVIOR, not package names.
|
|
28
|
+
*/
|
|
29
|
+
export declare const ATTACK_PATTERN_INDICATORS: ReadonlyArray<{
|
|
30
|
+
/** Regex to test if the payload contains this attack indicator */
|
|
31
|
+
readonly test: RegExp;
|
|
32
|
+
/** The detection regex to use in the rule */
|
|
33
|
+
readonly pattern: string;
|
|
34
|
+
/** Human-readable description */
|
|
35
|
+
readonly description: string;
|
|
36
|
+
/** Which categories this indicator applies to */
|
|
37
|
+
readonly categories: readonly ATRCategory[];
|
|
38
|
+
}>;
|
|
25
39
|
export declare class RuleScaffolder {
|
|
26
40
|
private readonly options;
|
|
27
41
|
constructor(options?: ScaffoldOptions);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"rule-scaffolder.d.ts","sourceRoot":"","sources":["../src/rule-scaffolder.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAGH,OAAO,KAAK,EACV,WAAW,EACX,WAAW,EACX,aAAa,EAGd,MAAM,YAAY,CAAC;AAEpB,MAAM,WAAW,aAAa;IAC5B,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,WAAW,CAAC;IACtB,QAAQ,CAAC,EAAE,WAAW,CAAC;IACvB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,eAAe,CAAC,EAAE,aAAa,CAAC;IAChC,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;CACtB;AAED,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,MAAM,EAAE,CAAC;CACpB;AAED,MAAM,WAAW,eAAe;IAC9B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;
|
|
1
|
+
{"version":3,"file":"rule-scaffolder.d.ts","sourceRoot":"","sources":["../src/rule-scaffolder.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAGH,OAAO,KAAK,EACV,WAAW,EACX,WAAW,EACX,aAAa,EAGd,MAAM,YAAY,CAAC;AAEpB,MAAM,WAAW,aAAa;IAC5B,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,WAAW,CAAC;IACtB,QAAQ,CAAC,EAAE,WAAW,CAAC;IACvB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,eAAe,CAAC,EAAE,aAAa,CAAC;IAChC,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;CACtB;AAED,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,MAAM,EAAE,CAAC;CACpB;AAED,MAAM,WAAW,eAAe;IAC9B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAwCD;;;GAGG;AACH,eAAO,MAAM,yBAAyB,EAAE,aAAa,CAAC;IACpD,kEAAkE;IAClE,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,6CAA6C;IAC7C,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,iCAAiC;IACjC,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,iDAAiD;IACjD,QAAQ,CAAC,UAAU,EAAE,SAAS,WAAW,EAAE,CAAC;CAC7C,CAqFA,CAAC;AAsEF,qBAAa,cAAc;IACzB,OAAO,CAAC,QAAQ,CAAC,OAAO,CAA4B;gBAExC,OAAO,GAAE,eAAoB;IAOzC;;;OAGG;IACH,QAAQ,CAAC,KAAK,EAAE,aAAa,EAAE,WAAW,GAAE,WAAW,CAAC,MAAM,CAAa,GAAG,cAAc;IAwF5F;;;OAGG;IACH,OAAO,CAAC,aAAa;CAwBtB"}
|
package/dist/rule-scaffolder.js
CHANGED
|
@@ -37,12 +37,129 @@ function escapeRegex(str) {
|
|
|
37
37
|
return str.replace(REGEX_SPECIAL_CHARS, '\\$&');
|
|
38
38
|
}
|
|
39
39
|
/**
|
|
40
|
-
*
|
|
41
|
-
*
|
|
42
|
-
* falling back to a simple escaped match for short payloads.
|
|
40
|
+
* Attack pattern templates by category — reusable regex building blocks
|
|
41
|
+
* that detect BEHAVIOR, not package names.
|
|
43
42
|
*/
|
|
44
|
-
|
|
43
|
+
export const ATTACK_PATTERN_INDICATORS = [
|
|
44
|
+
// Shell execution patterns
|
|
45
|
+
{
|
|
46
|
+
test: /exec(Sync)?|spawn|child_process|shell|subprocess|popen|os\.system/i,
|
|
47
|
+
pattern: '(execSync?|spawn|child_process|shell|subprocess|popen|os\\.system)\\s*\\(',
|
|
48
|
+
description: 'Shell/command execution',
|
|
49
|
+
categories: ['tool-poisoning', 'skill-compromise', 'privilege-escalation'],
|
|
50
|
+
},
|
|
51
|
+
// Dynamic shell with interpolation (RCE)
|
|
52
|
+
{
|
|
53
|
+
test: /exec.*\$\{|spawn.*\$\{|`.*\$\{.*`/i,
|
|
54
|
+
pattern: '(exec|spawn|shell)\\s*\\(.*\\$\\{',
|
|
55
|
+
description: 'Dynamic shell execution with variable interpolation',
|
|
56
|
+
categories: ['tool-poisoning', 'skill-compromise'],
|
|
57
|
+
},
|
|
58
|
+
// Network exfiltration
|
|
59
|
+
{
|
|
60
|
+
test: /fetch|http|request|axios|got|node-fetch|urllib|curl|wget/i,
|
|
61
|
+
pattern: '(fetch|https?://|request|axios|got|node-fetch|urllib|curl|wget)\\s*\\(?',
|
|
62
|
+
description: 'Outbound network request',
|
|
63
|
+
categories: ['context-exfiltration', 'tool-poisoning', 'data-poisoning'],
|
|
64
|
+
},
|
|
65
|
+
// Credential/secret access
|
|
66
|
+
{
|
|
67
|
+
test: /password|secret|token|credential|api[_\s]?key|auth|cookie/i,
|
|
68
|
+
pattern: '(password|secret|token|credential|api[_ ]?key|auth_token|cookie)',
|
|
69
|
+
description: 'Credential/secret access',
|
|
70
|
+
categories: ['context-exfiltration', 'privilege-escalation', 'tool-poisoning'],
|
|
71
|
+
},
|
|
72
|
+
// Environment variable exfiltration
|
|
73
|
+
{
|
|
74
|
+
test: /process\.env|os\.environ|getenv|ENV\[/i,
|
|
75
|
+
pattern: '(process\\.env|os\\.environ|getenv|ENV\\[)',
|
|
76
|
+
description: 'Environment variable access',
|
|
77
|
+
categories: ['context-exfiltration', 'tool-poisoning', 'skill-compromise'],
|
|
78
|
+
},
|
|
79
|
+
// eval / dynamic code execution
|
|
80
|
+
{
|
|
81
|
+
test: /\beval\s*\(|new\s+Function\s*\(|vm\.run/i,
|
|
82
|
+
pattern: '(\\beval\\s*\\(|new\\s+Function\\s*\\(|vm\\.run)',
|
|
83
|
+
description: 'Dynamic code execution',
|
|
84
|
+
categories: ['tool-poisoning', 'skill-compromise'],
|
|
85
|
+
},
|
|
86
|
+
// Instruction override (prompt injection)
|
|
87
|
+
{
|
|
88
|
+
test: /ignore|disregard|forget|override|overwrite/i,
|
|
89
|
+
pattern: '(override|overwrite|ignore|disregard|forget)\\s+(previous|prior|above|existing|all|any)\\s+(instructions?|rules?|constraints?|guidelines?|protocols?)',
|
|
90
|
+
description: 'Instruction override attempt',
|
|
91
|
+
categories: ['prompt-injection', 'agent-manipulation'],
|
|
92
|
+
},
|
|
93
|
+
// Role manipulation
|
|
94
|
+
{
|
|
95
|
+
test: /you are now|act as|pretend|new role|system prompt/i,
|
|
96
|
+
pattern: '(you\\s+are\\s+now|act\\s+as\\s+(a|an|if)|pretend\\s+(to|you)|new\\s+role|system\\s+prompt)',
|
|
97
|
+
description: 'Role/identity manipulation',
|
|
98
|
+
categories: ['prompt-injection', 'agent-manipulation'],
|
|
99
|
+
},
|
|
100
|
+
// File system destructive operations
|
|
101
|
+
{
|
|
102
|
+
test: /rm\s+-rf|rmdir|unlink|deleteFile|fs\.rm/i,
|
|
103
|
+
pattern: '(rm\\s+-rf|rmdir\\s|unlink\\s*\\(|deleteFile|fs\\.rm)',
|
|
104
|
+
description: 'Destructive file system operation',
|
|
105
|
+
categories: ['tool-poisoning', 'excessive-autonomy'],
|
|
106
|
+
},
|
|
107
|
+
// Base64/encoding evasion
|
|
108
|
+
{
|
|
109
|
+
test: /atob|btoa|base64|Buffer\.from.*encoding|fromCharCode/i,
|
|
110
|
+
pattern: '(atob|btoa|base64|Buffer\\.from|fromCharCode)\\s*\\(',
|
|
111
|
+
description: 'Encoding-based payload obfuscation',
|
|
112
|
+
categories: ['tool-poisoning', 'skill-compromise'],
|
|
113
|
+
},
|
|
114
|
+
// Data exfiltration combo (credential + network)
|
|
115
|
+
{
|
|
116
|
+
test: /(password|secret|token|key).*(fetch|http|send|post|upload)/i,
|
|
117
|
+
pattern: '(password|secret|token|api[_ ]?key).*(fetch|https?://|request|send|post|upload)',
|
|
118
|
+
description: 'Credential access combined with network exfiltration',
|
|
119
|
+
categories: ['context-exfiltration', 'tool-poisoning'],
|
|
120
|
+
},
|
|
121
|
+
// Download + execute combo
|
|
122
|
+
{
|
|
123
|
+
test: /(download|fetch|curl|wget).*(exec|eval|spawn)/i,
|
|
124
|
+
pattern: '(download|fetch|curl|wget).*(exec|eval|spawn|child_process)',
|
|
125
|
+
description: 'Download and execute pattern',
|
|
126
|
+
categories: ['tool-poisoning', 'skill-compromise'],
|
|
127
|
+
},
|
|
128
|
+
];
|
|
129
|
+
/**
|
|
130
|
+
* Build detection regex from a payload string, using category-aware
|
|
131
|
+
* attack pattern templates instead of naive keyword extraction.
|
|
132
|
+
*
|
|
133
|
+
* Priority:
|
|
134
|
+
* 1. Match known attack indicators in the payload -> use behavioral regex
|
|
135
|
+
* 2. Combine multiple indicators with alternation for multi-vector attacks
|
|
136
|
+
* 3. Fall back to keyword extraction only for text that has no code patterns
|
|
137
|
+
*/
|
|
138
|
+
function buildRegexPattern(payload, category) {
|
|
45
139
|
const trimmed = payload.trim();
|
|
140
|
+
// Step 1: Find all attack indicators present in this payload
|
|
141
|
+
const matched = ATTACK_PATTERN_INDICATORS.filter((ind) => {
|
|
142
|
+
const matchesPayload = ind.test.test(trimmed);
|
|
143
|
+
const matchesCategory = !category || ind.categories.includes(category);
|
|
144
|
+
return matchesPayload && matchesCategory;
|
|
145
|
+
});
|
|
146
|
+
// Step 2: If we found behavioral patterns, use them
|
|
147
|
+
if (matched.length > 0) {
|
|
148
|
+
if (matched.length === 1) {
|
|
149
|
+
return `(?i)${matched[0].pattern}`;
|
|
150
|
+
}
|
|
151
|
+
// Combine multiple indicators — detect the most specific one
|
|
152
|
+
// Sort by pattern length (longer = more specific) and take top 3
|
|
153
|
+
const sorted = [...matched].sort((a, b) => b.pattern.length - a.pattern.length);
|
|
154
|
+
const top = sorted.slice(0, 3);
|
|
155
|
+
if (top.length === 1) {
|
|
156
|
+
return `(?i)${top[0].pattern}`;
|
|
157
|
+
}
|
|
158
|
+
// Use alternation for multi-vector detection
|
|
159
|
+
return `(?i)(${top.map((t) => t.pattern).join('|')})`;
|
|
160
|
+
}
|
|
161
|
+
// Step 3: Fallback — keyword extraction for text-based payloads
|
|
162
|
+
// (e.g., prompt injection text without code patterns)
|
|
46
163
|
const words = trimmed.split(/\s+/).filter((w) => w.length > 3);
|
|
47
164
|
if (words.length === 0) {
|
|
48
165
|
return `(?i).*${escapeRegex(trimmed)}.*`;
|
|
@@ -91,8 +208,8 @@ export class RuleScaffolder {
|
|
|
91
208
|
const conditions = input.examplePayloads.map((payload, idx) => ({
|
|
92
209
|
field,
|
|
93
210
|
operator: 'regex',
|
|
94
|
-
value: buildRegexPattern(payload),
|
|
95
|
-
description: `Pattern ${idx + 1}: detects "${payload.trim()}"`,
|
|
211
|
+
value: buildRegexPattern(payload, input.category),
|
|
212
|
+
description: `Pattern ${idx + 1}: detects "${payload.trim().slice(0, 80)}"`,
|
|
96
213
|
}));
|
|
97
214
|
const truePositives = input.examplePayloads.map((payload) => ({
|
|
98
215
|
input: payload.trim(),
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"rule-scaffolder.js","sourceRoot":"","sources":["../src/rule-scaffolder.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,IAAI,MAAM,SAAS,CAAC;AA+B3B,MAAM,uBAAuB,GAAiD;IAC5E,kBAAkB,EAAE,QAAQ;IAC5B,gBAAgB,EAAE,WAAW;IAC7B,sBAAsB,EAAE,gBAAgB;IACxC,oBAAoB,EAAE,kBAAkB;IACxC,sBAAsB,EAAE,gBAAgB;IACxC,oBAAoB,EAAE,gBAAgB;IACtC,gBAAgB,EAAE,QAAQ;IAC1B,aAAa,EAAE,QAAQ;IACvB,kBAAkB,EAAE,iBAAiB;CACtC,CAAC;AAEF,MAAM,iBAAiB,GAA0C;IAC/D,kBAAkB,EAAE,YAAY;IAChC,gBAAgB,EAAE,eAAe;IACjC,sBAAsB,EAAE,cAAc;IACtC,oBAAoB,EAAE,eAAe;IACrC,sBAAsB,EAAE,cAAc;IACtC,oBAAoB,EAAE,cAAc;IACpC,gBAAgB,EAAE,gBAAgB;IAClC,aAAa,EAAE,YAAY;IAC3B,kBAAkB,EAAE,gBAAgB;CACrC,CAAC;AAEF,MAAM,mBAAmB,GAAwD;IAC/E,QAAQ,EAAE,CAAC,aAAa,EAAE,OAAO,EAAE,UAAU,CAAC;IAC9C,IAAI,EAAE,CAAC,aAAa,EAAE,OAAO,CAAC;IAC9B,MAAM,EAAE,CAAC,OAAO,EAAE,UAAU,CAAC;IAC7B,GAAG,EAAE,CAAC,OAAO,CAAC;IACd,aAAa,EAAE,CAAC,OAAO,CAAC;CACzB,CAAC;AAEF,MAAM,mBAAmB,GAAG,qBAAqB,CAAC;AAElD,SAAS,WAAW,CAAC,GAAW;IAC9B,OAAO,GAAG,CAAC,OAAO,CAAC,mBAAmB,EAAE,MAAM,CAAC,CAAC;AAClD,CAAC;AAED
|
|
1
|
+
{"version":3,"file":"rule-scaffolder.js","sourceRoot":"","sources":["../src/rule-scaffolder.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,IAAI,MAAM,SAAS,CAAC;AA+B3B,MAAM,uBAAuB,GAAiD;IAC5E,kBAAkB,EAAE,QAAQ;IAC5B,gBAAgB,EAAE,WAAW;IAC7B,sBAAsB,EAAE,gBAAgB;IACxC,oBAAoB,EAAE,kBAAkB;IACxC,sBAAsB,EAAE,gBAAgB;IACxC,oBAAoB,EAAE,gBAAgB;IACtC,gBAAgB,EAAE,QAAQ;IAC1B,aAAa,EAAE,QAAQ;IACvB,kBAAkB,EAAE,iBAAiB;CACtC,CAAC;AAEF,MAAM,iBAAiB,GAA0C;IAC/D,kBAAkB,EAAE,YAAY;IAChC,gBAAgB,EAAE,eAAe;IACjC,sBAAsB,EAAE,cAAc;IACtC,oBAAoB,EAAE,eAAe;IACrC,sBAAsB,EAAE,cAAc;IACtC,oBAAoB,EAAE,cAAc;IACpC,gBAAgB,EAAE,gBAAgB;IAClC,aAAa,EAAE,YAAY;IAC3B,kBAAkB,EAAE,gBAAgB;CACrC,CAAC;AAEF,MAAM,mBAAmB,GAAwD;IAC/E,QAAQ,EAAE,CAAC,aAAa,EAAE,OAAO,EAAE,UAAU,CAAC;IAC9C,IAAI,EAAE,CAAC,aAAa,EAAE,OAAO,CAAC;IAC9B,MAAM,EAAE,CAAC,OAAO,EAAE,UAAU,CAAC;IAC7B,GAAG,EAAE,CAAC,OAAO,CAAC;IACd,aAAa,EAAE,CAAC,OAAO,CAAC;CACzB,CAAC;AAEF,MAAM,mBAAmB,GAAG,qBAAqB,CAAC;AAElD,SAAS,WAAW,CAAC,GAAW;IAC9B,OAAO,GAAG,CAAC,OAAO,CAAC,mBAAmB,EAAE,MAAM,CAAC,CAAC;AAClD,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,MAAM,yBAAyB,GASjC;IACH,2BAA2B;IAC3B;QACE,IAAI,EAAE,oEAAoE;QAC1E,OAAO,EAAE,2EAA2E;QACpF,WAAW,EAAE,yBAAyB;QACtC,UAAU,EAAE,CAAC,gBAAgB,EAAE,kBAAkB,EAAE,sBAAsB,CAAC;KAC3E;IACD,yCAAyC;IACzC;QACE,IAAI,EAAE,oCAAoC;QAC1C,OAAO,EAAE,mCAAmC;QAC5C,WAAW,EAAE,qDAAqD;QAClE,UAAU,EAAE,CAAC,gBAAgB,EAAE,kBAAkB,CAAC;KACnD;IACD,uBAAuB;IACvB;QACE,IAAI,EAAE,2DAA2D;QACjE,OAAO,EAAE,yEAAyE;QAClF,WAAW,EAAE,0BAA0B;QACvC,UAAU,EAAE,CAAC,sBAAsB,EAAE,gBAAgB,EAAE,gBAAgB,CAAC;KACzE;IACD,2BAA2B;IAC3B;QACE,IAAI,EAAE,4DAA4D;QAClE,OAAO,EAAE,kEAAkE;QAC3E,WAAW,EAAE,0BAA0B;QACvC,UAAU,EAAE,CAAC,sBAAsB,EAAE,sBAAsB,EAAE,gBAAgB,CAAC;KAC/E;IACD,oCAAoC;IACpC;QACE,IAAI,EAAE,wCAAwC;QAC9C,OAAO,EAAE,4CAA4C;QACrD,WAAW,EAAE,6BAA6B;QAC1C,UAAU,EAAE,CAAC,sBAAsB,EAAE,gBAAgB,EAAE,kBAAkB,CAAC;KAC3E;IACD,gCAAgC;IAChC;QACE,IAAI,EAAE,0CAA0C;QAChD,OAAO,EAAE,kDAAkD;QAC3D,WAAW,EAAE,wBAAwB;QACrC,UAAU,EAAE,CAAC,gBAAgB,EAAE,kBAAkB,CAAC;KACnD;IACD,0CAA0C;IAC1C;QACE,IAAI,EAAE,6CAA6C;QACnD,OAAO,EAAE,uJAAuJ;QAChK,WAAW,EAAE,8BAA8B;QAC3C,UAAU,EAAE,CAAC,kBAAkB,EAAE,oBAAoB,CAAC;KACvD;IACD,oBAAoB;IACpB;QACE,IAAI,EAAE,oDAAoD;QAC1D,OAAO,EAAE,6FAA6F;QACtG,WAAW,EAAE,4BAA4B;QACzC,UAAU,EAAE,CAAC,kBAAkB,EAAE,oBAAoB,CAAC;KACvD;IACD,qCAAqC;IACrC;QACE,IAAI,EAAE,0CAA0C;QAChD,OAAO,EAAE,uDAAuD;QAChE,WAAW,EAAE,mCAAmC;QAChD,UAAU,EAAE,CAAC,gBAAgB,EAAE,oBAAoB,CAAC;KACrD;IACD,0BAA0B;IAC1B;QACE,IAAI,EAAE,uDAAuD;QAC7D,OAAO,EAAE,sDAAsD;QAC/D,WAAW,EAAE,oCAAoC;QACjD,UAAU,EAAE,CAAC,gBAAgB,EAAE,kBAAkB,CAAC;KACnD;IACD,iDAAiD;IACjD;QACE,IAAI,EAAE,6DAA6D;QACnE,OAAO,EAAE,iFAAiF;QAC1F,WAAW,EAAE,sDAAsD;QACnE,UAAU,EAAE,CAAC,sBAAsB,EAAE,gBAAgB,CAAC;KACvD;IACD,2BAA2B;IAC3B;QACE,IAAI,EAAE,gDAAgD;QACtD,OAAO,EAAE,6DAA6D;QACtE,WAAW,EAAE,8BAA8B;QAC3C,UAAU,EAAE,CAAC,gBAAgB,EAAE,kBAAkB,CAAC;KACnD;CACF,CAAC;AAEF;;;;;;;;GAQG;AACH,SAAS,iBAAiB,CAAC,OAAe,EAAE,QAAsB;IAChE,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC;IAE/B,6DAA6D;IAC7D,MAAM,OAAO,GAAG,yBAAyB,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE;QACvD,MAAM,cAAc,GAAG,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC9C,MAAM,eAAe,GAAG,CAAC,QAAQ,IAAI,GAAG,CAAC,UAAU,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QACvE,OAAO,cAAc,IAAI,eAAe,CAAC;IAC3C,CAAC,CAAC,CAAC;IAEH,oDAAoD;IACpD,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvB,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACzB,OAAO,OAAO,OAAO,CAAC,CAAC,CAAE,CAAC,OAAO,EAAE,CAAC;QACtC,CAAC;QACD,6DAA6D;QAC7D,iEAAiE;QACjE,MAAM,MAAM,GAAG,CAAC,GAAG,OAAO,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAChF,MAAM,GAAG,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QAC/B,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACrB,OAAO,OAAO,GAAG,CAAC,CAAC,CAAE,CAAC,OAAO,EAAE,CAAC;QAClC,CAAC;QACD,6CAA6C;QAC7C,OAAO,QAAQ,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;IACxD,CAAC;IAED,gEAAgE;IAChE,sDAAsD;IACtD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAE/D,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,OAAO,SAAS,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC;IAC3C,CAAC;IAED,MAAM,QAAQ,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACnC,OAAO,OAAO,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,QAAQ,WAAW,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;AAC1E,CAAC;AAED,SAAS,UAAU,CAAC,cAAmC,IAAI,GAAG,EAAE;IAC9D,MAAM,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IACtC,MAAM,WAAW,GAAG,GAAG,CAAC;IACxB,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,GAAG,WAAW,EAAE,OAAO,EAAE,EAAE,CAAC;QACvD,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,GAAG,CAAC,GAAG,GAAG,CAAC,CAAC;QAC1D,MAAM,EAAE,GAAG,OAAO,IAAI,IAAI,GAAG,EAAE,CAAC;QAChC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC;YACzB,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC;IACD,MAAM,IAAI,KAAK,CAAC,gEAAgE,CAAC,CAAC;AACpF,CAAC;AAED,SAAS,cAAc;IACrB,MAAM,CAAC,GAAG,IAAI,IAAI,EAAE,CAAC;IACrB,MAAM,IAAI,GAAG,CAAC,CAAC,WAAW,EAAE,CAAC;IAC7B,MAAM,EAAE,GAAG,MAAM,CAAC,CAAC,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IACrD,MAAM,EAAE,GAAG,MAAM,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IAChD,OAAO,GAAG,IAAI,IAAI,EAAE,IAAI,EAAE,EAAE,CAAC;AAC/B,CAAC;AAED,MAAM,OAAO,cAAc;IACR,OAAO,CAA4B;IAEpD,YAAY,UAA2B,EAAE;QACvC,IAAI,CAAC,OAAO,GAAG;YACb,MAAM,EAAE,OAAO,CAAC,MAAM,IAAI,iCAAiC;YAC3D,aAAa,EAAE,OAAO,CAAC,aAAa,IAAI,KAAK;SAC9C,CAAC;IACJ,CAAC;IAED;;;OAGG;IACH,QAAQ,CAAC,KAAoB,EAAE,cAAmC,IAAI,GAAG,EAAE;QACzE,MAAM,QAAQ,GAAG,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC;QAE3C,MAAM,QAAQ,GAAG,KAAK,CAAC,QAAQ,IAAI,QAAQ,CAAC;QAC5C,MAAM,UAAU,GAAG,KAAK,CAAC,eAAe,IAAI,uBAAuB,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;QACpF,MAAM,KAAK,GAAG,iBAAiB,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;QAChD,MAAM,EAAE,GAAG,UAAU,CAAC,WAAW,CAAC,CAAC;QACnC,MAAM,IAAI,GAAG,cAAc,EAAE,CAAC;QAE9B,MAAM,UAAU,GAAwB,KAAK,CAAC,eAAe,CAAC,GAAG,CAC/D,CAAC,OAAO,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;YACjB,KAAK;YACL,QAAQ,EAAE,OAAO;YACjB,KAAK,EAAE,iBAAiB,CAAC,OAAO,EAAE,KAAK,CAAC,QAAQ,CAAC;YACjD,WAAW,EAAE,WAAW,GAAG,GAAG,CAAC,cAAc,OAAO,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG;SAC5E,CAAC,CACH,CAAC;QAEF,MAAM,aAAa,GAAG,KAAK,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;YAC5D,KAAK,EAAE,OAAO,CAAC,IAAI,EAAE;YACrB,QAAQ,EAAE,SAAkB;SAC7B,CAAC,CAAC,CAAC;QAEJ,MAAM,aAAa,GAAG;YACpB;gBACE,KAAK,EAAE,0DAA0D;gBACjE,QAAQ,EAAE,YAAqB;aAChC;SACF,CAAC;QAEF,MAAM,UAAU,GAA6B,EAAE,CAAC;QAChD,IAAI,KAAK,CAAC,SAAS,IAAI,KAAK,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAClD,UAAU,CAAC,SAAS,GAAG,CAAC,GAAG,KAAK,CAAC,SAAS,CAAC,CAAC;QAC9C,CAAC;QACD,IAAI,KAAK,CAAC,SAAS,IAAI,KAAK,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAClD,UAAU,CAAC,WAAW,GAAG,CAAC,GAAG,KAAK,CAAC,SAAS,CAAC,CAAC;QAChD,CAAC;QAED,MAAM,aAAa,GAAG,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC;QAE5D,MAAM,IAAI,GAA4B;YACpC,KAAK,EAAE,KAAK,CAAC,KAAK;YAClB,EAAE;YACF,cAAc,EAAE,IAAI,CAAC,OAAO,CAAC,aAAa;YAC1C,MAAM,EAAE,OAAO;YACf,WAAW,EAAE,KAAK,CAAC,iBAAiB;YACpC,MAAM,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM;YAC3B,IAAI;YACJ,QAAQ;YACR,cAAc,EAAE,SAAS;YACzB,QAAQ,EAAE,OAAO;YACjB,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAC7D,IAAI,EAAE;gBACJ,QAAQ,EAAE,KAAK,CAAC,QAAQ;gBACxB,UAAU,EAAE,QAAQ,KAAK,UAAU,IAAI,QAAQ,KAAK,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ;aAC/E;YACD,YAAY,EAAE;gBACZ,IAAI,EAAE,UAAU;aACjB;YACD,SAAS,EAAE;gBACT,UAAU;gBACV,SAAS,EAAE,aAAa;gBACxB,eAAe,EAAE;oBACf,+CAA+C;iBAChD;aACF;YACD,QAAQ,EAAE;gBACR,OAAO,EAAE,CAAC,GAAG,mBAAmB,CAAC,QAAQ,CAAC,CAAC;gBAC3C,gBAAgB,EAAE,aAAa,KAAK,CAAC,QAAQ,iCAAiC;aAC/E;YACD,UAAU,EAAE;gBACV,cAAc,EAAE,aAAa;gBAC7B,cAAc,EAAE,aAAa;aAC9B;SACF,CAAC;QAEF,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE;YAC9B,MAAM,EAAE,CAAC;YACT,SAAS,EAAE,GAAG;YACd,MAAM,EAAE,IAAI;YACZ,QAAQ,EAAE,KAAK;YACf,WAAW,EAAE,GAAG;YAChB,WAAW,EAAE,KAAK;SACnB,CAAC,CAAC;QAEH,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,QAAQ,EAAE,CAAC;IACzC,CAAC;IAED;;;OAGG;IACK,aAAa,CAAC,KAAoB;QACxC,MAAM,QAAQ,GAAa,EAAE,CAAC;QAE9B,IAAI,CAAC,KAAK,CAAC,KAAK,IAAI,KAAK,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACpD,MAAM,IAAI,KAAK,CAAC,uDAAuD,CAAC,CAAC;QAC3E,CAAC;QACD,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC;YACpB,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;QACxD,CAAC;QACD,IAAI,CAAC,KAAK,CAAC,iBAAiB,IAAI,KAAK,CAAC,iBAAiB,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC5E,MAAM,IAAI,KAAK,CAAC,mEAAmE,CAAC,CAAC;QACvF,CAAC;QACD,IAAI,CAAC,KAAK,CAAC,eAAe,IAAI,KAAK,CAAC,eAAe,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACjE,MAAM,IAAI,KAAK,CAAC,iEAAiE,CAAC,CAAC;QACrF,CAAC;QAED,IAAI,KAAK,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACrC,QAAQ,CAAC,IAAI,CACX,mFAAmF,CACpF,CAAC;QACJ,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "agent-threat-rules",
|
|
3
|
-
"version": "0.3.
|
|
3
|
+
"version": "0.3.1",
|
|
4
4
|
"type": "module",
|
|
5
5
|
"description": "Detection rules for AI agent threats, inspired by the Sigma format. Early-stage rule library for prompt injection, tool poisoning, and agent manipulation.",
|
|
6
6
|
"main": "./dist/index.js",
|