Documentation
¶
Overview ¶
Package fixtures provides test fixtures for OWASP LLM vulnerabilities
Package fixtures provides test fixtures for OWASP LLM vulnerabilities ¶
Package fixtures provides test fixtures for OWASP LLM vulnerabilities ¶
Package fixtures provides test fixtures for OWASP LLM vulnerabilities ¶
Package fixtures provides test fixtures for OWASP LLM vulnerabilities ¶
Package fixtures provides test fixtures for OWASP LLM vulnerabilities ¶
Package fixtures provides test fixtures for OWASP LLM vulnerabilities ¶
Package fixtures provides test fixtures for OWASP LLM vulnerabilities ¶
Package fixtures provides test fixtures for OWASP LLM vulnerabilities ¶
Package fixtures provides test fixtures for OWASP LLM vulnerabilities ¶
Package fixtures provides test fixtures for OWASP LLM vulnerabilities ¶
Package fixtures provides test fixtures for OWASP LLM vulnerabilities ¶
Package fixtures provides test fixtures for OWASP LLM vulnerabilities
Index ¶
- Constants
- func CustomFunctionCriteria(functionName string, context map[string]interface{}) detection.DetectionCriteria
- func GetAllFixtures() map[types.VulnerabilityType]TestFixtures
- func GetAllTestCases() []*types.TestCase
- func GetTestCaseByID(id string) *types.TestCase
- func GetTestCasesByVulnerabilityType(vulnType types.VulnerabilityType) []*types.TestCase
- func HybridMatchCriteria(pattern string, criteria string, threshold int) detection.DetectionCriteria
- func RegexMatchCriteria(pattern string, caseSensitive bool) detection.DetectionCriteria
- func RegisterFixtures()
- func RegisterTestCase(testCase *types.TestCase)
- func SemanticMatchCriteria(criteria string, threshold int) detection.DetectionCriteria
- func StringMatchCriteria(match string, caseSensitive bool) detection.DetectionCriteria
- type AttackVector
- type TestFixture
- type TestFixtures
- func GetExcessiveAgencyFixtures() TestFixtures
- func GetFixturesByVulnerabilityType(vulnType types.VulnerabilityType) TestFixtures
- func GetInsecureOutputFixtures() TestFixtures
- func GetInsecurePluginFixtures() TestFixtures
- func GetModelDoSFixtures() TestFixtures
- func GetModelTheftFixtures() TestFixtures
- func GetOverrelianceFixtures() TestFixtures
- func GetPromptInjectionFixtures() TestFixtures
- func GetSensitiveInfoDisclosureFixtures() TestFixtures
- func GetSupplyChainFixtures() TestFixtures
- func GetTrainingDataPoisoningFixtures() TestFixtures
Constants ¶
const ( LLM01_PromptInjection = "LLM01" LLM02_InsecureOutput = "LLM02" LLM03_TrainingDataPoisoning = "LLM03" LLM04_ModelDOS = "LLM04" LLM05_SupplyChainVulnerabilities = "LLM05" LLM06_SensitiveInformationDisclosure = "LLM06" LLM07_InsecurePluginDesign = "LLM07" LLM08_ExcessiveAgency = "LLM08" LLM09_Overreliance = "LLM09" LLM10_ModelTheft = "LLM10" )
OWASP Top 10 for LLM mappings
Variables ¶
This section is empty.
Functions ¶
func CustomFunctionCriteria ¶
func CustomFunctionCriteria(functionName string, context map[string]interface{}) detection.DetectionCriteria
Helper function to create a custom function detection criteria
func GetAllFixtures ¶
func GetAllFixtures() map[types.VulnerabilityType]TestFixtures
GetAllFixtures returns all test fixtures for all OWASP LLM vulnerabilities
func GetAllTestCases ¶
GetAllTestCases converts all fixtures to test cases
func GetTestCaseByID ¶
GetTestCaseByID returns a test case by its ID
func GetTestCasesByVulnerabilityType ¶
func GetTestCasesByVulnerabilityType(vulnType types.VulnerabilityType) []*types.TestCase
GetTestCasesByVulnerabilityType converts fixtures to test cases for a specific vulnerability type
func HybridMatchCriteria ¶
func HybridMatchCriteria(pattern string, criteria string, threshold int) detection.DetectionCriteria
Helper function to create a hybrid match detection criteria
func RegexMatchCriteria ¶
func RegexMatchCriteria(pattern string, caseSensitive bool) detection.DetectionCriteria
Helper function to create a regex match detection criteria
func RegisterFixtures ¶
func RegisterFixtures()
RegisterFixtures registers all test fixtures with the testing framework
func RegisterTestCase ¶
RegisterTestCase registers a single test case with the testing framework
func SemanticMatchCriteria ¶
func SemanticMatchCriteria(criteria string, threshold int) detection.DetectionCriteria
Helper function to create a semantic match detection criteria
func StringMatchCriteria ¶
func StringMatchCriteria(match string, caseSensitive bool) detection.DetectionCriteria
Helper function to create a string match detection criteria
Types ¶
type AttackVector ¶ added in v0.8.0
type AttackVector struct {
// ID is the unique identifier for the attack vector
ID string
// Name is the name of the attack vector
Name string
// Prompt is the prompt to use for this attack vector
Prompt string
// TriggerPhrase is the phrase that triggers the vulnerability
TriggerPhrase string
// Description is a description of the attack vector
Description string
}
AttackVector represents a specific attack vector for a test fixture
type TestFixture ¶
type TestFixture struct {
// ID is the unique identifier for the test fixture
ID string
// VulnerabilityID is the vulnerability identifier
VulnerabilityID string
// Name is the name of the test fixture
Name string
// Description is a description of the test fixture
Description string
// VulnerabilityType is the type of vulnerability being tested
VulnerabilityType types.VulnerabilityType
// Severity is the severity level of the vulnerability
Severity detection.SeverityLevel
// Prompt is the prompt to send to the LLM
Prompt string
// ExpectedBehavior is the expected behavior of the LLM
ExpectedBehavior string
// ExpectedVulnerableResponse is the expected vulnerable response
ExpectedVulnerableResponse string
// AttackVectors is the list of attack vectors for this fixture
AttackVectors []AttackVector
// DetectionCriteria is the criteria for detecting the vulnerability
DetectionCriteria []detection.DetectionCriteria
// Tags are tags for the test fixture
Tags []string
// OWASPMapping is the mapping to the OWASP Top 10 for LLMs
OWASPMapping string
// Metadata is additional metadata for the test fixture
Metadata map[string]interface{}
}
TestFixture represents a test fixture for an OWASP LLM vulnerability
func GetFixtureByID ¶
func GetFixtureByID(id string) *TestFixture
GetFixtureByID returns a test fixture by its ID
func NewTestFixture ¶
func NewTestFixture( id string, name string, description string, vulnerabilityType types.VulnerabilityType, severity detection.SeverityLevel, prompt string, expectedBehavior string, detectionCriteria []detection.DetectionCriteria, tags []string, owaspMapping string, ) *TestFixture
Helper function to create a test fixture
func (*TestFixture) IsResponseVulnerable ¶ added in v0.8.0
func (f *TestFixture) IsResponseVulnerable(response string, vector AttackVector) bool
IsResponseVulnerable checks if a response indicates a vulnerability for a given attack vector
func (*TestFixture) ToTestCase ¶
func (f *TestFixture) ToTestCase() *types.TestCase
ToTestCase converts a test fixture to a test case
func (*TestFixture) WithMetadata ¶
func (f *TestFixture) WithMetadata(key string, value interface{}) *TestFixture
Helper function to add metadata to a test fixture
type TestFixtures ¶
type TestFixtures []*TestFixture
TestFixtures is a collection of test fixtures
func GetExcessiveAgencyFixtures ¶
func GetExcessiveAgencyFixtures() TestFixtures
GetExcessiveAgencyFixtures returns test fixtures for excessive agency vulnerabilities
func GetFixturesByVulnerabilityType ¶
func GetFixturesByVulnerabilityType(vulnType types.VulnerabilityType) TestFixtures
GetFixturesByVulnerabilityType returns test fixtures for a specific vulnerability type
func GetInsecureOutputFixtures ¶
func GetInsecureOutputFixtures() TestFixtures
GetInsecureOutputFixtures returns test fixtures for insecure output handling vulnerabilities
func GetInsecurePluginFixtures ¶
func GetInsecurePluginFixtures() TestFixtures
GetInsecurePluginFixtures returns test fixtures for insecure plugin design vulnerabilities
func GetModelDoSFixtures ¶
func GetModelDoSFixtures() TestFixtures
GetModelDoSFixtures returns test fixtures for model denial of service vulnerabilities
func GetModelTheftFixtures ¶
func GetModelTheftFixtures() TestFixtures
GetModelTheftFixtures returns test fixtures for model theft vulnerabilities
func GetOverrelianceFixtures ¶
func GetOverrelianceFixtures() TestFixtures
GetOverrelianceFixtures returns test fixtures for overreliance vulnerabilities
func GetPromptInjectionFixtures ¶
func GetPromptInjectionFixtures() TestFixtures
GetPromptInjectionFixtures returns test fixtures for prompt injection vulnerabilities
func GetSensitiveInfoDisclosureFixtures ¶
func GetSensitiveInfoDisclosureFixtures() TestFixtures
GetSensitiveInfoDisclosureFixtures returns test fixtures for sensitive information disclosure vulnerabilities
func GetSupplyChainFixtures ¶
func GetSupplyChainFixtures() TestFixtures
GetSupplyChainFixtures returns test fixtures for supply chain vulnerabilities
func GetTrainingDataPoisoningFixtures ¶
func GetTrainingDataPoisoningFixtures() TestFixtures
GetTrainingDataPoisoningFixtures returns test fixtures for training data poisoning vulnerabilities
func (TestFixtures) ToTestCases ¶
func (f TestFixtures) ToTestCases() []*types.TestCase
ToTestCases converts a collection of test fixtures to test cases