FIX: Normalize paths for cross-platform prompt injection scanning

john-walkoe · claude · john-walkoe · commit 7b978a328035 · 2026-01-19T22:15:40.000-06:00
The prompt injection scanner was failing on CI (Linux) because the baseline
was created on Windows with backslash path separators. The scanner couldn't
match paths between platforms, causing all findings to appear as NEW.

Changes:
- Normalize all file paths to use forward slashes (Path.as_posix())
- Update get_fingerprint() to use normalized paths
- Update baseline_file_key generation to use normalized paths
- Regenerate .prompt_injections.baseline with 63 normalized findings

This fixes the CI security scan failures while maintaining full
cross-platform compatibility between Windows and Linux environments.

Co-Authored-By: Claude Sonnet 4.5 &lt;noreply@anthropic.com&gt;
diff --git a/.prompt_injections.baseline b/.prompt_injections.baseline
@@ -29,6 +29,248 @@
       "match": "Variation Selector steganography detected (1 selectors)"
     }
   },
+  "src/fpd_mcp/prompts/__init__.py": {
+    "0bc0544c68e852f6": {
+      "line": 33,
+      "match": "prompt"
+    },
+    "363828ae7bc98c11": {
+      "line": 4,
+      "match": "prompt"
+    },
+    "39cfd406cf875846": {
+      "line": 2,
+      "match": "Prompt"
+    },
+    "3f63f24165879a53": {
+      "line": 5,
+      "match": "prompt"
+    },
+    "7cb5efa8e17da036": {
+      "line": 16,
+      "match": "Prompts"
+    },
+    "b5afdfedf95e766e": {
+      "line": 8,
+      "match": "prompts"
+    }
+  },
+  "src/fpd_mcp/prompts/art_unit_quality_assessment.py": {
+    "acb349649d6edf53": {
+      "line": 152,
+      "match": "Variation Selector steganography detected (1 selectors)"
+    },
+    "c442c8b25673b5c0": {
+      "line": 6,
+      "match": "prompt"
+    }
+  },
+  "src/fpd_mcp/prompts/company_petition_risk_assessment_pfw.py": {
+    "b2a5e1036fbba0b4": {
+      "line": 266,
+      "match": "Variation Selector steganography detected (1 selectors)"
+    },
+    "f536fa6e86568f7c": {
+      "line": 6,
+      "match": "prompt"
+    }
+  },
+  "src/fpd_mcp/prompts/complete_portfolio_due_diligence_pfw_ptab.py": {
+    "3f24e6c45cec9ec5": {
+      "line": 311,
+      "match": "Variation Selector steganography detected (1 selectors)"
+    },
+    "4d37da9345f351f6": {
+      "line": 251,
+      "match": "Variation Selector steganography detected (1 selectors)"
+    },
+    "953d39719675c08b": {
+      "line": 172,
+      "match": "Variation Selector steganography detected (1 selectors)"
+    },
+    "b5f09bc85ebb796d": {
+      "line": 310,
+      "match": "Variation Selector steganography detected (1 selectors)"
+    },
+    "e08772a36aa6b7a7": {
+      "line": 309,
+      "match": "Variation Selector steganography detected (1 selectors)"
+    },
+    "fdd27d40ecd28e75": {
+      "line": 6,
+      "match": "prompt"
+    }
+  },
+  "src/fpd_mcp/prompts/examiner_dispute_citation_analysis.py": {
+    "1dc8cb9ab94c6038": {
+      "line": 6,
+      "match": "prompt"
+    },
+    "4db5ee2669a08097": {
+      "line": 277,
+      "match": "Variation Selector steganography detected (1 selectors)"
+    },
+    "4fcb47246cc76789": {
+      "line": 278,
+      "match": "Variation Selector steganography detected (1 selectors)"
+    },
+    "563f4412aea9f16e": {
+      "line": 279,
+      "match": "Variation Selector steganography detected (1 selectors)"
+    }
+  },
+  "src/fpd_mcp/prompts/litigation_research_setup_pfw.py": {
+    "29b2ed9feb2eb14b": {
+      "line": 6,
+      "match": "prompt"
+    },
+    "9d7f120d5897f486": {
+      "line": 168,
+      "match": "Variation Selector steganography detected (1 selectors)"
+    }
+  },
+  "src/fpd_mcp/prompts/patent_vulnerability_assessment_ptab.py": {
+    "21b9adb7cd1bc2ca": {
+      "line": 155,
+      "match": "Variation Selector steganography detected (1 selectors)"
+    },
+    "5682b620a6d6422b": {
+      "line": 264,
+      "match": "Variation Selector steganography detected (1 selectors)"
+    },
+    "98064ba63868ff0f": {
+      "line": 266,
+      "match": "Variation Selector steganography detected (1 selectors)"
+    },
+    "ac0db517c701680c": {
+      "line": 265,
+      "match": "Variation Selector steganography detected (1 selectors)"
+    },
+    "f61dfb6aec0700d0": {
+      "line": 6,
+      "match": "prompt"
+    }
+  },
+  "src/fpd_mcp/prompts/petition_document_research_package.py": {
+    "a051d912cba8cd15": {
+      "line": 6,
+      "match": "prompt"
+    },
+    "ac712af16f584b87": {
+      "line": 224,
+      "match": "Variation Selector steganography detected (1 selectors)"
+    },
+    "b25466a86e914ffc": {
+      "line": 84,
+      "match": "Variation Selector steganography detected (1 selectors)"
+    }
+  },
+  "src/fpd_mcp/prompts/petition_quality_with_citation_intelligence.py": {
+    "39c36cbeaf0c4883": {
+      "line": 6,
+      "match": "prompt"
+    },
+    "3fc69cb5d9764e89": {
+      "line": 230,
+      "match": "Variation Selector steganography detected (1 selectors)"
+    },
+    "45c108f9b0cbfc33": {
+      "line": 190,
+      "match": "Variation Selector steganography detected (1 selectors)"
+    },
+    "4e9d81195853a41f": {
+      "line": 207,
+      "match": "Variation Selector steganography detected (1 selectors)"
+    },
+    "6ef9db203273f76a": {
+      "line": 228,
+      "match": "Variation Selector steganography detected (1 selectors)"
+    },
+    "8385fd76768f6f29": {
+      "line": 99,
+      "match": "Variation Selector steganography detected (1 selectors)"
+    },
+    "a1ade2486f23e744": {
+      "line": 205,
+      "match": "Variation Selector steganography detected (1 selectors)"
+    },
+    "ab0da65008f9e9c0": {
+      "line": 206,
+      "match": "Variation Selector steganography detected (1 selectors)"
+    },
+    "b90684d5a2be9dce": {
+      "line": 204,
+      "match": "Variation Selector steganography detected (1 selectors)"
+    },
+    "f36dc32ee99b93c7": {
+      "line": 229,
+      "match": "Variation Selector steganography detected (1 selectors)"
+    }
+  },
+  "src/fpd_mcp/prompts/prosecution_quality_correlation_pfw.py": {
+    "0c2b4e6c3f167bcc": {
+      "line": 246,
+      "match": "Variation Selector steganography detected (1 selectors)"
+    },
+    "1fe3d80d3b5827b6": {
+      "line": 199,
+      "match": "Variation Selector steganography detected (1 selectors)"
+    },
+    "2eed5fbeaf3013e6": {
+      "line": 247,
+      "match": "Variation Selector steganography detected (1 selectors)"
+    },
+    "4217679f71c0e740": {
+      "line": 221,
+      "match": "Variation Selector steganography detected (1 selectors)"
+    },
+    "b2aba2209130c705": {
+      "line": 223,
+      "match": "Variation Selector steganography detected (1 selectors)"
+    },
+    "c43920f518fa994d": {
+      "line": 245,
+      "match": "Variation Selector steganography detected (1 selectors)"
+    },
+    "c483f6f12521a5ba": {
+      "line": 6,
+      "match": "prompt"
+    },
+    "ccbeadf50f448d47": {
+      "line": 222,
+      "match": "Variation Selector steganography detected (1 selectors)"
+    }
+  },
+  "src/fpd_mcp/prompts/revival_petition_analysis.py": {
+    "9d9e91c7658e4484": {
+      "line": 6,
+      "match": "prompt"
+    },
+    "b9ee15bb9aa6bb03": {
+      "line": 236,
+      "match": "system"
+    },
+    "c28328c977cc1e78": {
+      "line": 158,
+      "match": "Variation Selector steganography detected (1 selectors)"
+    }
+  },
+  "src/fpd_mcp/shared/health_check.py": {
+    "9e29b5aca2f1a849": {
+      "line": 2,
+      "match": "system"
+    },
+    "fe25b2b9efa8509d": {
+      "line": 4,
+      "match": "system"
+    }
+  },
+  "src/fpd_mcp/shared/internal_auth.py": {
+    "afe1f6628c635b89": {
+      "line": 2,
+      "match": "System"
+    }
+  },
   "src\\fpd_mcp\\prompts\\__init__.py": {
     "31237e17f9a93fa5": {
       "line": 5,
@@ -271,6 +513,22 @@
       "match": "System"
     }
   },
+  "tests/test_unified_key_management.py": {
+    "1f36b10fab2027a5": {
+      "line": 6,
+      "match": "system"
+    }
+  },
+  "tests/test_unified_storage.py": {
+    "4c3035e3df3d3f24": {
+      "line": 5,
+      "match": "system"
+    },
+    "732c8e9bfc82c41c": {
+      "line": 248,
+      "match": "system"
+    }
+  },
   "tests\\test_unified_key_management.py": {
     "5921ffae2852892a": {
       "line": 6,
diff --git a/.security/check_prompt_injections.py b/.security/check_prompt_injections.py
@@ -39,7 +39,9 @@
 
 def get_fingerprint(filepath: Path, line_number: int, match: str) -> str:
     """Create a unique fingerprint for a finding."""
-    content = f"{filepath}:{line_number}:{match}"
+    # Normalize path to use forward slashes for cross-platform compatibility
+    normalized_path = filepath.as_posix()
+    content = f"{normalized_path}:{line_number}:{match}"
     return hashlib.sha256(content.encode()).hexdigest()[:16]
 
 
@@ -249,7 +251,8 @@ def main():
 
                 # Filter findings against baseline
                 if baseline or args.update_baseline:
-                    baseline_file_key = str(file_path)
+                    # Normalize path to use forward slashes for cross-platform compatibility
+                    baseline_file_key = file_path.as_posix()
                     if baseline_file_key not in baseline:
                         baseline[baseline_file_key] = {}
 
@@ -286,7 +289,8 @@ def main():
                     print(f"\n[!] Prompt injection patterns found in {file_path}:")
                     for line_num, match in findings:
                         fingerprint = get_fingerprint(file_path, line_num, match)
-                        in_baseline = baseline and fingerprint in baseline.get(str(file_path), {})
+                        # Use normalized path for cross-platform compatibility
+                        in_baseline = baseline and fingerprint in baseline.get(file_path.as_posix(), {})
                         status = " [BASELINE]" if in_baseline else " [NEW]" if (baseline or args.update_baseline) else ""
 
                         if args.verbose:
