common

package
v0.8.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 18, 2026 License: MIT Imports: 7 Imported by: 0

Documentation

Overview

Package common provides shared types and utilities for all attack modules. This package consolidates duplicated definitions that previously existed independently in injection, jailbreak, orchestration, multimodal, and other attack packages.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ContainsAnyInsensitive

func ContainsAnyInsensitive(text string, keywords []string) bool

ContainsAnyInsensitive checks if text contains any of the keywords (case-insensitive).

func ContainsInsensitive

func ContainsInsensitive(text, substr string) bool

ContainsInsensitive checks if text contains substr (case-insensitive).

func GenerateAttackID

func GenerateAttackID() string

GenerateAttackID generates a unique identifier for an attack.

func RandInt

func RandInt(max int) int

RandInt returns a cryptographically secure random integer in [0, max). Falls back to a timestamp-based value if crypto/rand fails.

Types

type AttackCategory

type AttackCategory string

AttackCategory categorizes attack modules by domain.

const (
	CategoryInjection     AttackCategory = "injection"
	CategoryJailbreak     AttackCategory = "jailbreak"
	CategoryOrchestration AttackCategory = "orchestration"
	CategoryEvasion       AttackCategory = "evasion"
	CategoryExtraction    AttackCategory = "extraction"
	CategoryMultimodal    AttackCategory = "multimodal"
	CategoryPersistence   AttackCategory = "persistence"
	CategoryExfiltration  AttackCategory = "exfiltration"
	CategorySupplyChain   AttackCategory = "supply_chain"
	CategoryRAG           AttackCategory = "rag"
	CategoryAgentic       AttackCategory = "agentic"
	CategoryAudio         AttackCategory = "audio"
	CategoryReasoning     AttackCategory = "reasoning"
	CategoryAdaptive      AttackCategory = "adaptive"
)

type AttackConfig

type AttackConfig struct {
	// Target configuration
	Technique   string        `json:"technique"`
	Payload     string        `json:"payload"`
	Objective   string        `json:"objective"`
	MaxAttempts int           `json:"max_attempts"`
	Timeout     time.Duration `json:"timeout"`

	// Provider settings
	ProviderName string `json:"provider_name"`
	Model        string `json:"model"`

	// Context
	SystemPrompt string    `json:"system_prompt"`
	History      []Message `json:"history"`

	// Success criteria
	SuccessIndicators []string `json:"success_indicators"`

	// Advanced options
	UseMutation    bool    `json:"use_mutation"`
	MutationRate   float64 `json:"mutation_rate"`
	UseObfuscation bool    `json:"use_obfuscation"`

	// Cost control
	MaxCostUSD float64 `json:"max_cost_usd"`

	// Metadata
	Context  map[string]interface{} `json:"context,omitempty"`
	Metadata map[string]string      `json:"metadata,omitempty"`
}

AttackConfig configures an attack execution.

func (AttackConfig) CostExceeded

func (c AttackConfig) CostExceeded(accumulatedCost float64) bool

CostExceeded reports whether accumulatedCost has reached the configured ceiling. Returns false if no ceiling is set (MaxCostUSD <= 0).

type AttackResult

type AttackResult struct {
	// Identification
	ID        string    `json:"id"`
	Timestamp time.Time `json:"timestamp"`

	// Attack details
	Technique string `json:"technique"`
	Payload   string `json:"payload"`

	// Results
	Success    bool    `json:"success"`
	Confidence float64 `json:"confidence"`
	Response   string  `json:"response"`

	// Metrics
	AttemptCount int           `json:"attempt_count"`
	Duration     time.Duration `json:"duration"`
	TokensUsed   int           `json:"tokens_used"`
	CostUSD      float64       `json:"cost_usd"`

	// Analysis
	SuccessFactors    []string `json:"success_factors,omitempty"`
	FailureReasons    []string `json:"failure_reasons,omitempty"`
	SuggestedFollowup string   `json:"suggested_followup,omitempty"`

	// Metadata
	Metadata map[string]interface{} `json:"metadata,omitempty"`
}

AttackResult contains the outcome of an attack execution.

type Logger

type Logger interface {
	Debug(msg string, keysAndValues ...interface{})
	Info(msg string, keysAndValues ...interface{})
	Warn(msg string, keysAndValues ...interface{})
	Error(msg string, keysAndValues ...interface{})
}

Logger defines the structured logging interface used by attack modules.

type Message

type Message struct {
	Role      string                 `json:"role"`
	Content   string                 `json:"content"`
	Timestamp time.Time              `json:"timestamp,omitempty"`
	Metadata  map[string]interface{} `json:"metadata,omitempty"`
}

Message represents a conversation message exchanged with an LLM.

type NopLogger

type NopLogger struct{}

NopLogger is a Logger that discards all output. Useful for testing.

func (*NopLogger) Debug

func (l *NopLogger) Debug(_ string, _ ...interface{})

func (*NopLogger) Error

func (l *NopLogger) Error(_ string, _ ...interface{})

func (*NopLogger) Info

func (l *NopLogger) Info(_ string, _ ...interface{})

func (*NopLogger) Warn

func (l *NopLogger) Warn(_ string, _ ...interface{})

type Provider

type Provider interface {
	// Query sends messages to the LLM and returns the response text.
	Query(ctx context.Context, messages []Message, options map[string]interface{}) (string, error)
	// GetName returns the provider name (e.g., "openai", "anthropic").
	GetName() string
	// GetModel returns the model identifier (e.g., "gpt-4", "claude-3").
	GetModel() string
	// GetTokenCount returns the approximate token count for the given text.
	GetTokenCount(text string) int
}

Provider is the interface for LLM providers used by attack modules. This is a simplified facade over the full core.Provider interface, providing only the methods that attack modules need.

type SimpleLogger

type SimpleLogger struct{}

SimpleLogger provides a basic fmt-based Logger implementation.

func (*SimpleLogger) Debug

func (l *SimpleLogger) Debug(msg string, keysAndValues ...interface{})

func (*SimpleLogger) Error

func (l *SimpleLogger) Error(msg string, keysAndValues ...interface{})

func (*SimpleLogger) Info

func (l *SimpleLogger) Info(msg string, keysAndValues ...interface{})

func (*SimpleLogger) Warn

func (l *SimpleLogger) Warn(msg string, keysAndValues ...interface{})

type TechniqueInfo

type TechniqueInfo struct {
	ID          string  `json:"id"`
	Name        string  `json:"name"`
	Description string  `json:"description"`
	Category    string  `json:"category"`
	Risk        string  `json:"risk"`
	SuccessRate float64 `json:"success_rate"`
	Examples    []string
	// OWASP mappings
	OWASPLLMCategories     []string `json:"owasp_llm_categories,omitempty"`
	OWASPAgenticCategories []string `json:"owasp_agentic_categories,omitempty"`
}

TechniqueInfo provides metadata about an attack technique.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL