Fix projcet build errors

mbaluda · mbaluda · commit 6c5c87e05075 · 2026-01-02T12:57:03.000+01:00
diff --git a/python/ql/lib/change-notes/2026-01-02-prompt-injection.md b/python/ql/lib/change-notes/2026-01-02-prompt-injection.md
@@ -0,0 +1,5 @@
+---
+category: minorAnalysis
+---
+* Added propmpt injection query
+* Added taint flow model and type model for `agents` and `openai` modules.
diff --git a/python/ql/lib/semmle/python/security/dataflow/PromptInjectionCustomizations.qll b/python/ql/lib/semmle/python/security/dataflow/PromptInjectionCustomizations.qll
@@ -1,15 +1,16 @@
+/**
+ * Provides default sources, sinks and sanitizers for detecting
+ * "prompt injection"
+ * vulnerabilities, as well as extension points for adding your own.
+ */
+
 import python
 private import semmle.python.dataflow.new.DataFlow
 private import semmle.python.Concepts
 private import semmle.python.dataflow.new.RemoteFlowSources
 private import semmle.python.dataflow.new.BarrierGuards
 private import semmle.python.frameworks.OpenAI
 
-/**
- * Provides default sources, sinks and sanitizers for detecting
- * "prompt injection"
- * vulnerabilities, as well as extension points for adding your own.
- */
 module PromptInjection {
   /**
    * A data flow source for "prompt injection" vulnerabilities.
@@ -31,6 +32,9 @@ module PromptInjection {
    */
   private class ActiveThreatModelSourceAsSource extends Source, ActiveThreatModelSource { }
 
+  /**
+   * Agent prompt sinks, considered as a flow sink.
+   */
   class SystemPromptSink extends Sink {
     SystemPromptSink() { this = Agent::sink().asSink() or this = OpenAI::sink().asSink() }
   }
diff --git a/python/ql/lib/semmle/python/security/dataflow/PromptInjectionQuery.qll b/python/ql/lib/semmle/python/security/dataflow/PromptInjectionQuery.qll
@@ -1,3 +1,11 @@
+/**
+ * Provides taint-tracking configurations for detecting "prompt injection" vulnerabilities.
+ *
+ * Note, for performance reasons: only import this file if
+ * `PromptInjection::Configuration` is needed, otherwise
+ * `PromptInjectionCustomizations` should be imported instead.
+ */
+
 private import python
 import semmle.python.dataflow.new.DataFlow
 import semmle.python.dataflow.new.TaintTracking
diff --git a/python/ql/src/Security/CWE-1427/PromptInjection.qhelp b/python/ql/src/Security/CWE-1427/PromptInjection.qhelp
@@ -5,12 +5,11 @@
 
 <overview>
 <p>Prompts can be constructed to bypass the original purposes of an agent and lead to sensitive data leak or 
-operations that were not intended.
-</p>
+operations that were not intended.</p>
 </overview>
 
 <recommendation>
-Sanitize user input and also avoid using user input in developer or system level prompts.
+<p>Sanitize user input and also avoid using user input in developer or system level prompts.</p>
 </recommendation>
 
 <example>
