Merge branch 'knewbury01/add-prompt-injection-query-python' into prompt-injection

Author: mbaluda

python/ql/lib/semmle/python/Frameworks.qll

@@ -54,6 +54,7 @@ private import semmle.python.frameworks.Multidict
 private import semmle.python.frameworks.Mysql
 private import semmle.python.frameworks.MySQLdb
 private import semmle.python.frameworks.Numpy
+private import semmle.python.frameworks.OpenAI
 private import semmle.python.frameworks.Opml
 private import semmle.python.frameworks.Oracledb
 private import semmle.python.frameworks.Pandas

python/ql/lib/semmle/python/frameworks/OpenAI.qll

@@ -0,0 +1,20 @@
+/**
+ * Provides classes modeling security-relevant aspects of the `openAI`Agents SDK package.
+ * See https://github.com/openai/openai-agents-python.
+ */
+
+private import python
+private import semmle.python.ApiGraphs
+
+/**
+ * Provides models for Agent (instances of the `agents.Agent` class).
+ *
+ * See https://github.com/openai/openai-agents-python.
+ */
+module Agent {
+  /** Gets a reference to the `agents.Agent` class. */
+  API::Node classRef() { result = API::moduleImport("agents").getMember("Agent") }
+
+  /** Gets a reference to a potential property of `agents.Agent` called instructions which refers to the system prompt. */
+  API::Node sink() { result = classRef().getACall().getKeywordParameter("instructions") }
+}

python/ql/src/Security/CWE-1427/PromptInjection.ql

@@ -1,5 +1,6 @@
 /**
  * @name Prompt injection
+ * @description User input used in developer message and or system prompt can allow for Prompt Injection attacks.
  * @kind path-problem
  * @problem.severity error
  * @security-severity 5.0

python/ql/test/query-tests/Security/CWE-1427-PromptInjection/PromptInjection.qlref

@@ -1,2 +1,2 @@
 query: Security/CWE-1427/PromptInjection.ql
-postprocess: utils/test/InlineExpectationsTestQuery.ql
+postprocess: utils/test/InlineExpectationsTestQuery.ql