Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Rule: OpenAI isConsequential flag set to false for state changing operation in OpenAPI spec #3446

Merged
merged 8 commits into from
Oct 5, 2024
41 changes: 41 additions & 0 deletions yaml/openapi/security/openai-consequential-action-false.test.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
openapi: 3.1.0
info:
title: Email Service API
version: 1.0.0
description: API for managing emails
paths:
/emails/{emailId}:
# ok: openai-consequential-action-false
get:
operationId: getEmailById
x-openai-isConsequential: false
summary: List Emails
description: Get a list of email messages.

# ruleid: openai-consequential-action-false
delete:
operationId: deleteEmailById
x-openai-isConsequential: false
summary: Delete Email
description: Delete a specific email.

# ruleid: openai-consequential-action-false
post:
operationId: createEmail
x-openai-isConsequential: false
summary: Create Email
description: Create a new email.

# ruleid: openai-consequential-action-false
put:
operationId: updateEmail
x-openai-isConsequential: false
summary: Update Email
description: Update an existing email.

# ruleid: openai-consequential-action-false
patch:
operationId: partialUpdateEmail
x-openai-isConsequential: false
summary: Partially Update Email
description: Update certain fields of an existing email.
47 changes: 47 additions & 0 deletions yaml/openapi/security/openai-consequential-action-false.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
rules:
- id: openai-consequential-action-false
languages: [yaml]
message: >-
Found 'x-openai-isConsequential: false' in a state-changing HTTP
method: $METHOD $PATH. This Action configuration will enable the 'Always
Allow' option for state-changing HTTP methods, such as POST, PUT, PATCH,
or DELETE. The risk of a user selecting the 'Always Allow' button is that
the agent could perform unintended actions on behalf of the user. When
working with sensitive functionality, it is always best to include a Human
In The Loop (HITL) type of control. Consider the trade-off between security
and user friction and then make a risk-based decision about this function.
severity: WARNING
pattern-either:
- pattern-inside: |
post:
...
x-openai-isConsequential: false
- pattern-inside: |
put:
...
x-openai-isConsequential: false
- pattern-inside: |
patch:
...
x-openai-isConsequential: false
- pattern-inside: |
delete:
...
x-openai-isConsequential: false
metadata:
category: security
subcategory:
- audit
technology:
- openapi
- openai
likelihood: HIGH
impact: HIGH
confidence: HIGH
owasp:
- 'A04:2021 Insecure Design'
- 'LLM08:2023 - Excessive Agency'
references:
- https://platform.openai.com/docs/actions/consequential-flag
- https://owasp.org/Top10/A04_2021-Insecure_Design/
- https://owasp.org/www-project-top-10-for-large-language-model-applications/assets/PDF/OWASP-Top-10-for-LLMs-2023-v1_1.pdf
Loading