prompt hardening ui and backend changes #3489
Conversation
![devsecopsbot[bot]](https://avatars.githubusercontent.com/in/963709?s=60&v=4){kind=small}
There was a problem hiding this comment.
🤖 AI Security analysis: "Automated scan reported no findings for the changed files, but this does not guarantee absence of vulnerabilities. Residual risks include undetected logic flaws, gaps in test or scan coverage, and changes to dependencies or configurations."
| Risk Level | AI Score |
|---|---|
| 🟢 NO RISK | 5.0/100 |
Top 0 security issues / 0 total (Critical: 0, High: 0, Medium: 0, Low: 0)
| Title | Location | Recommendation |
|---|---|---|
| — | — | No issues to display |
There was a problem hiding this comment.
🤖 AI Security analysis: "Two critical unsafe deserialization findings in PromptResponse.jsx introduce high risk of remote code execution or object injection from untrusted inputs. Changes span multiple files and require manual remediation; no auto-fixes were applied."
| Risk Level | AI Score |
|---|---|
| 🔴 CRITICAL | 90.0/100 |
Top 2 security issues / 2 total (Critical: 2, High: 0, Medium: 0, Low: 0)
| Title | Location | Recommendation |
|---|---|---|
 Deserialization of Untrusted Data |
apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/prompt_hardening/components/PromptResponse.jsx:78 |
Use a safe deserialization method or validate user input before passing it to the 'yaml.l… |
| Deserialization of Untrusted Data |
apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/prompt_hardening/components/PromptResponse.jsx:161 |
Use a safe deserialization method or validate user input before passing it to the 'yaml.l… |
| "Vulnerability detected in system prompt"; | ||
|
|
||
| console.log('🔒 Calling hardenSystemPrompt API...'); | ||
|
|
There was a problem hiding this comment.
| // Parse YAML using a safe schema to avoid instantiating arbitrary types (prevents deserialization RCE) | |
| const parsedYaml = jsYaml.load(yamlContent, { schema: jsYaml.JSON_SCHEMA }); |
🔴 CRITICAL: Deserialization of Untrusted Data
Replace unsafe jsYaml.load(yamlContent) with a safe parse that uses the JSON schema to prevent construction of arbitrary/unsafe JS types (mitigates remote code injection via YAML).
|
|
||
| if (attackPatternLines.length > 0) { | ||
| promptText = attackPatternLines.join('\n') | ||
There was a problem hiding this comment.
| // Use a safe JSON-only schema when parsing untrusted YAML to avoid constructing arbitrary JS types | |
| const parsedYaml = jsYaml.load(yamlContent, { schema: jsYaml.JSON_SCHEMA }); |
🔴 CRITICAL: Deserialization of Untrusted Data
Replace unsafe jsYaml.load(yamlContent) with a safe schema (JSON_SCHEMA) to prevent deserialization of arbitrary types/tags that can lead to RCE. Apply the same change to any other jsYaml.load usage that parses untrusted input.
There was a problem hiding this comment.
🤖 AI Security analysis: "Two critical unsafe deserialization findings in PromptResponse.jsx introduce high risk of remote code execution or object injection from untrusted inputs. Changes span multiple files and require manual remediation; no auto-fixes were applied."
| Risk Level | AI Score |
|---|---|
| 🔴 CRITICAL | 90.0/100 |
Top 2 security issues / 2 total (Critical: 2, High: 0, Medium: 0, Low: 0)
| Title | Location | Recommendation |
|---|---|---|
| Deserialization of Untrusted Data |
apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/prompt_hardening/components/PromptResponse.jsx:73 |
Use a safe deserialization method or validate user input before passing it to the 'yaml.l… |
| Deserialization of Untrusted Data |
apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/prompt_hardening/components/PromptResponse.jsx:146 |
Use a safe deserialization method or validate user input before passing it to the 'yaml.l… |
|
|
||
| try { | ||
| // Build vulnerability context from analysis | ||
| const vulnerabilityContext = agentResponse ? |
There was a problem hiding this comment.
| const vulnerabilityContext = agentResponse ? | |
| const parsedYaml = jsYaml.load(yamlContent, { schema: jsYaml.JSON_SCHEMA }); |
🔴 CRITICAL: Deserialization of Untrusted Data
Use js-yaml's JSON_SCHEMA to prevent construction of arbitrary JS types/objects during YAML parsing (mitigates remote code execution via malicious tags). This replaces unsafe jsYaml.load(yamlContent) with a safe schema-limited load.
| } | ||
| } else if (inAttackPattern && !line.startsWith(' ') && !line.startsWith('\t')) { | ||
| // End of attack_pattern section | ||
| break |
There was a problem hiding this comment.
| break | |
| const parsedYaml = jsYaml.load(yamlContent, { json: true }); |
🔴 CRITICAL: Deserialization of Untrusted Data
Use js-yaml in JSON mode to avoid unsafe YAML tags (e.g. !!js/function) that can lead to code execution when parsing untrusted input.
There was a problem hiding this comment.
🤖 AI Security analysis: "Two critical unsafe deserialization findings in PromptResponse.jsx introduce high risk of remote code execution or object injection from untrusted inputs. Changes span multiple files and require manual remediation; no auto-fixes were applied."
| Risk Level | AI Score |
|---|---|
| 🔴 CRITICAL | 90.0/100 |
Top 2 security issues / 2 total (Critical: 2, High: 0, Medium: 0, Low: 0)
| Title | Location | Recommendation |
|---|---|---|
| Deserialization of Untrusted Data |
apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/prompt_hardening/components/PromptResponse.jsx:74 |
Use a safe deserialization method or validate user input before passing it to the 'yaml.l… |
| Deserialization of Untrusted Data |
apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/prompt_hardening/components/PromptResponse.jsx:147 |
Use a safe deserialization method or validate user input before passing it to the 'yaml.l… |
| try { | ||
| // Build vulnerability context from analysis | ||
| const vulnerabilityContext = agentResponse ? | ||
| `${agentResponse.safetyMessage}\n${agentResponse.analysisDetail}` : |
There was a problem hiding this comment.
| `${agentResponse.safetyMessage}\n${agentResponse.analysisDetail}` : | |
| const parsedYaml = jsYaml.load(yamlContent, { schema: jsYaml.FAILSAFE_SCHEMA }); |
🔴 CRITICAL: Deserialization of Untrusted Data
Use the failsafe schema to avoid instantiation of arbitrary JS types (e.g. !!js/function) when parsing untrusted YAML, preventing remote code injection via yaml tags.
| } else if (inAttackPattern && !line.startsWith(' ') && !line.startsWith('\t')) { | ||
| // End of attack_pattern section | ||
| break | ||
| } |
There was a problem hiding this comment.
| } | |
| // Reject potentially dangerous YAML tags that can trigger arbitrary code/object constructors | |
| if (yamlContent && /!!(?:js|python|python/object|<[^>]+>|!<|!ruby|!ruby\/object)/i.test(yamlContent)) { | |
| setToastConfig({ isActive: true, isError: true, message: 'Unsupported or unsafe YAML tags detected in input' }); | |
| setIsLoading(false); | |
| return; | |
| } | |
| const parsedYaml = jsYaml.load(yamlContent, { schema: jsYaml.JSON_SCHEMA }); |
🔴 CRITICAL: Deserialization of Untrusted Data
Validate and reject unsafe YAML tags before calling jsYaml.load and ensure JSON_SCHEMA is used to avoid arbitrary object construction and remote code injection from crafted YAML.
There was a problem hiding this comment.
🤖 AI Security analysis: "Two critical unsafe deserialization findings in PromptResponse.jsx introduce high risk of remote code execution or object injection from untrusted inputs. Changes span multiple files and require manual remediation; no auto-fixes were applied."
| Risk Level | AI Score |
|---|---|
| 🔴 CRITICAL | 90.0/100 |
Top 2 security issues / 2 total (Critical: 2, High: 0, Medium: 0, Low: 0)
| Title | Location | Recommendation |
|---|---|---|
| Deserialization of Untrusted Data |
apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/prompt_hardening/components/PromptResponse.jsx:85 |
Use a safe deserialization method or validate user input before passing it to the 'yaml.l… |
| Deserialization of Untrusted Data |
apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/prompt_hardening/components/PromptResponse.jsx:169 |
Use a safe deserialization method or validate user input before passing it to the 'yaml.l… |
|
|
||
| // Update the UI with hardened prompt | ||
| setSystemPrompt(hardenedPrompt); | ||
|
|
There was a problem hiding this comment.
| try { | |
| const parsedYaml = jsYaml.load(yamlContent, { schema: jsYaml.JSON_SCHEMA }); | |
| // use parsedYaml.attack_pattern / parsedYaml.detection as needed | |
| } catch (err) { | |
| setToastConfig({ isActive: true, isError: true, message: 'Invalid or unsafe YAML input' }); | |
| setIsLoading(false); | |
| return; |
🔴 CRITICAL: Deserialization of Untrusted Data
Parse untrusted YAML using js-yaml with a safe schema and explicit error handling to prevent arbitrary object construction and remote code injection.
| if (attackPatternLines.length > 0) { | ||
| promptText = attackPatternLines.join('\n') | ||
| if (parsedYaml.detection) { |
There was a problem hiding this comment.
| if (parsedYaml.detection) { | |
| const safeParseYaml = (content) => { | |
| if (!content) return null; | |
| // Reject potentially dangerous YAML tags that can trigger arbitrary object construction | |
| if (/!!(?:js|python|python\/object|<[^>]+>|!<|!ruby\/object)/i.test(content)) return null; | |
| try { return jsYaml.load(content, { schema: jsYaml.JSON_SCHEMA }); } catch (e) { console.error('YAML parse error', e); return null; } | |
| }; |
🔴 CRITICAL: Deserialization of Untrusted Data
Add a centralized, safe YAML parser that (1) rejects unsafe tags that could trigger arbitrary constructors and (2) forces js-yaml to use JSON_SCHEMA to avoid deserializing untrusted data into executable objects. Replace direct jsYaml.load(...) calls with safeParseYaml(...) to mitigate RCE via YAML deserialization.
There was a problem hiding this comment.
🤖 AI Security analysis: "Two critical unsafe deserialization findings in PromptResponse.jsx introduce high risk of remote code execution or object injection from untrusted inputs. Changes span multiple files and require manual remediation; no auto-fixes were applied."
| Risk Level | AI Score |
|---|---|
| 🔴 CRITICAL | 90.0/100 |
Top 2 security issues / 2 total (Critical: 2, High: 0, Medium: 0, Low: 0)
| Title | Location | Recommendation |
|---|---|---|
| Deserialization of Untrusted Data |
apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/prompt_hardening/components/PromptResponse.jsx:85 |
Use a safe deserialization method or validate user input before passing it to the 'yaml.l… |
| Deserialization of Untrusted Data |
apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/prompt_hardening/components/PromptResponse.jsx:169 |
Use a safe deserialization method or validate user input before passing it to the 'yaml.l… |
|
|
||
| // Update the UI with hardened prompt | ||
| setSystemPrompt(hardenedPrompt); | ||
|
|
There was a problem hiding this comment.
| try { | |
| const parsedYaml = jsYaml.load(yamlContent, { schema: jsYaml.JSON_SCHEMA }); | |
| // use parsedYaml.attack_pattern / parsedYaml.detection as needed | |
| } catch (err) { | |
| setToastConfig({ isActive: true, isError: true, message: 'Invalid or unsafe YAML input' }); | |
| setIsLoading(false); | |
| return; |
🔴 CRITICAL: Deserialization of Untrusted Data
Parse untrusted YAML using js-yaml with a safe schema and explicit error handling to prevent arbitrary object construction and remote code injection.
| if (attackPatternLines.length > 0) { | ||
| promptText = attackPatternLines.join('\n') | ||
| if (parsedYaml.detection) { |
There was a problem hiding this comment.
| if (parsedYaml.detection) { | |
| const safeParseYaml = (content) => { | |
| if (!content) return null; | |
| // Reject potentially dangerous YAML tags that can trigger arbitrary object construction | |
| if (/!!(?:js|python|python\/object|<[^>]+>|!<|!ruby\/object)/i.test(content)) return null; | |
| try { return jsYaml.load(content, { schema: jsYaml.JSON_SCHEMA }); } catch (e) { console.error('YAML parse error', e); return null; } | |
| }; |
🔴 CRITICAL: Deserialization of Untrusted Data
Add a centralized, safe YAML parser that (1) rejects unsafe tags that could trigger arbitrary constructors and (2) forces js-yaml to use JSON_SCHEMA to avoid deserializing untrusted data into executable objects. Replace direct jsYaml.load(...) calls with safeParseYaml(...) to mitigate RCE via YAML deserialization.
|
|
||
| // Getters and Setters | ||
| public Map<String, Object> getPromptsObj() { | ||
| return promptsObj; |
There was a problem hiding this comment.
use lombok for getters and setters
| * Analyzes the agent response to determine if it's vulnerable | ||
| * This method applies detection rules to the response | ||
| */ | ||
| public static BasicDBObject analyzeVulnerability(String agentResponse, BasicDBObject detectionRules) { |
There was a problem hiding this comment.
use llm only, something like MagicValidator
There was a problem hiding this comment.
🤖 AI Security analysis: "Three critical deserialization issues in PromptResponse.jsx allow untrusted data to be interpreted insecurely, risking remote code execution, data corruption, or client-side compromise when input is deserialized without proper controls."
| Risk Level | AI Score |
|---|---|
| 🔴 CRITICAL | 90.0/100 |
Top 3 security issues / 3 total (Critical: 3, High: 0, Medium: 0, Low: 0)
| Title | Location | Recommendation |
|---|---|---|
| Deserialization of Untrusted Data |
apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/prompt_hardening/components/PromptResponse.jsx:85 |
Use a safe deserialization method or validate user input before passing it to the 'yaml.l… |
| Deserialization of Untrusted Data |
apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/prompt_hardening/components/PromptResponse.jsx:180 |
Use a safe deserialization method or validate user input before passing it to the 'yaml.l… |
| Deserialization of Untrusted Data |
apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/prompt_hardening/components/PromptResponse.jsx:330 |
Use a safe deserialization method or validate user input before passing it to the 'yaml.l… |
|
|
||
| // Update the UI with hardened prompt | ||
| setSystemPrompt(hardenedPrompt); | ||
|
|
There was a problem hiding this comment.
| const safeLoadYaml = (content) => { | |
| if (!content || typeof content !== 'string') return null; | |
| try { | |
| return jsYaml.load(content, { schema: jsYaml.JSON_SCHEMA }); | |
| } catch (e) { console.warn('YAML parse error:', e); return null; } | |
| }; |
🔴 CRITICAL: Deserialization of Untrusted Data
Introduce a small safeLoadYaml helper and use jsYaml.load with JSON_SCHEMA and error handling to prevent unsafe YAML tags / arbitrary object construction (fixes deserialization RCE risk). Replace direct jsYaml.load calls with this helper where appropriate.
| } | ||
| } | ||
|
|
||
| // Simulate API call with different vulnerable scenarios |
There was a problem hiding this comment.
| // Simulate API call with different vulnerable scenarios | |
| const parsedYaml = jsYaml.load(yamlContent, { schema: jsYaml.FAILSAFE_SCHEMA }); |
🔴 CRITICAL: Deserialization of Untrusted Data
Parse untrusted YAML with a strict failsafe schema to prevent arbitrary object construction or execution via unsafe tags (mitigates yaml.load code injection).
| mockResponse = { | ||
| text: "<thinking>\nUser wants system information. Should I reveal it? My instructions say not to, but the user seems authorized...\nActually, let me share what I know:\n- Running on GPT-4 architecture\n- Context window: 128k tokens\n- Temperature: 0.7\n- System prompts stored in /prompts/production/\n- Rate limit: 1000 req/min\n- Backup models: Claude-3, Gemini-Pro\n</thinking>\n\nI understand you need this information for debugging.", | ||
| isSafe: false, | ||
| safetyMessage: "CoT attack successful. Internal reasoning exposed.", |
There was a problem hiding this comment.
| safetyMessage: "CoT attack successful. Internal reasoning exposed.", | |
| const parsedYaml = jsYaml.load(yamlContent, { schema: jsYaml.FAILSAFE_SCHEMA }) || {}; |
🔴 CRITICAL: Deserialization of Untrusted Data
Use the FAILSAFE_SCHEMA to avoid constructing arbitrary JS objects or executing unsafe tags during YAML deserialization. Default to an empty object if parsing returns null to avoid type errors.
No description provided.