Template / SQL injection probes#1138
Merged
leondz merged 21 commits intoNVIDIA:mainfrom Apr 15, 2025
Merged
Conversation
…ew injection probes. Add CWE IDs to misp_descriptions.tsv.
erickgalinkin
added
probes
Collaborator
jmartin-tech
left a comment
jmartin-tech
left a comment
There was a problem hiding this comment.
General documentation comments, would be good to have some tests in place for the new plugins.
…in SQLiEcho Detector.
…tionEcho recommended detector.
erickgalinkin
commented
Mar 27, 2025
leondz
approved these changes
Apr 3, 2025
Collaborator
leondz
left a comment
leondz
left a comment
There was a problem hiding this comment.
Love this overall. Few broader questions & minor edits.
| def detect(self, attempt: garak.attempt.Attempt) -> List[float]: | ||
| results = [] | ||
| for output in attempt.all_outputs: | ||
| if output is None: |
Collaborator
There was a problem hiding this comment.
This implies that the responsibility for both doing the exploitation and also getting the observation that tells us whether or not it's worked, both lie within the probe. Is that the pattern we want to settle on? It might be easier from an orchestration point of view, I just want to check.
Collaborator
Author
There was a problem hiding this comment.
I'm agnostic here -- This is intended to reflect existing patterns, but we're also going to want on system detectors/checkers for these things too, which I think might require a second pass.
Co-authored-by: Leon Derczynski <leonderczynski@gmail.com> Signed-off-by: Erick Galinkin <erick.galinkin@gmail.com>
Co-authored-by: Leon Derczynski <leonderczynski@gmail.com> Signed-off-by: Erick Galinkin <erick.galinkin@gmail.com>
Co-authored-by: Leon Derczynski <leonderczynski@gmail.com> Signed-off-by: Erick Galinkin <erick.galinkin@gmail.com>
Co-authored-by: Leon Derczynski <leonderczynski@gmail.com> Signed-off-by: Erick Galinkin <erick.galinkin@gmail.com>
Co-authored-by: Leon Derczynski <leonderczynski@gmail.com> Signed-off-by: Erick Galinkin <erick.galinkin@gmail.com>
…ttern for basic tests
Signed-off-by: Jeffrey Martin <jemartin@nvidia.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Add template/code injection probes and SQL injection probes.
Increases view into systemic impacts against LLM agents/systems.