Rule: OpenAI isConsequential flag set to false for state changing ope…

…ration in OpenAPI spec (#3446) * Rule: OpenAI isConsequential flag set to false for state changing operation in OpenAPI spec * set subcategory to audit instead of vuln * alternative approach --------- Co-authored-by: Pieter De Cremer (Semgrep) <pieter@r2c.dev>
semgrep · Oct 5, 2024 · ed75fb1 · ed75fb1
1 parent ecba02c
commit ed75fb1
Show file tree

Hide file tree

Showing 2 changed files with 88 additions and 0 deletions.
diff --git a/yaml/openapi/security/openai-consequential-action-false.test.yaml b/yaml/openapi/security/openai-consequential-action-false.test.yaml
@@ -0,0 +1,41 @@
+openapi: 3.1.0
+info:
+  title: Email Service API
+  version: 1.0.0
+  description: API for managing emails
+paths:
+  /emails/{emailId}:
+    # ok: openai-consequential-action-false
+    get:
+      operationId: getEmailById
+      x-openai-isConsequential: false
+      summary: List Emails
+      description: Get a list of email messages.
+
+    # ruleid: openai-consequential-action-false
+    delete:
+      operationId: deleteEmailById
+      x-openai-isConsequential: false
+      summary: Delete Email
+      description: Delete a specific email.
+
+    # ruleid: openai-consequential-action-false
+    post:
+      operationId: createEmail
+      x-openai-isConsequential: false
+      summary: Create Email
+      description: Create a new email.
+
+    # ruleid: openai-consequential-action-false
+    put:
+      operationId: updateEmail
+      x-openai-isConsequential: false
+      summary: Update Email
+      description: Update an existing email.
+
+    # ruleid: openai-consequential-action-false
+    patch:
+      operationId: partialUpdateEmail
+      x-openai-isConsequential: false
+      summary: Partially Update Email
+      description: Update certain fields of an existing email.
diff --git a/yaml/openapi/security/openai-consequential-action-false.yaml b/yaml/openapi/security/openai-consequential-action-false.yaml
@@ -0,0 +1,47 @@
+rules:
+  - id: openai-consequential-action-false
+    languages: [yaml]
+    message: >-
+      Found 'x-openai-isConsequential: false' in a state-changing HTTP
+      method: $METHOD $PATH. This Action configuration will enable the 'Always
+      Allow' option for state-changing HTTP methods, such as POST, PUT, PATCH,
+      or DELETE. The risk of a user selecting the 'Always Allow' button is that
+      the agent could perform unintended actions on behalf of the user. When
+      working with sensitive functionality, it is always best to include a Human
+      In The Loop (HITL) type of control. Consider the trade-off between security 
+      and user friction and then make a risk-based decision about this function.
+    severity: WARNING
+    pattern-either:
+      - pattern-inside: |
+          post:
+            ...
+            x-openai-isConsequential: false
+      - pattern-inside: |
+          put:
+            ...
+            x-openai-isConsequential: false
+      - pattern-inside: |
+          patch:
+            ...
+            x-openai-isConsequential: false
+      - pattern-inside: |
+          delete:
+            ...
+            x-openai-isConsequential: false
+    metadata:
+      category: security
+      subcategory:
+        - audit
+      technology:
+        - openapi
+        - openai
+      likelihood: HIGH
+      impact: HIGH
+      confidence: HIGH
+      owasp:
+        - 'A04:2021 Insecure Design'
+        - 'LLM08:2023 - Excessive Agency'
+      references:
+        - https://platform.openai.com/docs/actions/consequential-flag
+        - https://owasp.org/Top10/A04_2021-Insecure_Design/
+        - https://owasp.org/www-project-top-10-for-large-language-model-applications/assets/PDF/OWASP-Top-10-for-LLMs-2023-v1_1.pdf