From ed75fb18a676ba036f4015fe59a831252f0ac470 Mon Sep 17 00:00:00 2001 From: Anton Abashkin Date: Sat, 5 Oct 2024 05:22:52 -0400 Subject: [PATCH] Rule: OpenAI isConsequential flag set to false for state changing operation in OpenAPI spec (#3446) * Rule: OpenAI isConsequential flag set to false for state changing operation in OpenAPI spec * set subcategory to audit instead of vuln * alternative approach --------- Co-authored-by: Pieter De Cremer (Semgrep) --- ...penai-consequential-action-false.test.yaml | 41 ++++++++++++++++ .../openai-consequential-action-false.yaml | 47 +++++++++++++++++++ 2 files changed, 88 insertions(+) create mode 100644 yaml/openapi/security/openai-consequential-action-false.test.yaml create mode 100644 yaml/openapi/security/openai-consequential-action-false.yaml diff --git a/yaml/openapi/security/openai-consequential-action-false.test.yaml b/yaml/openapi/security/openai-consequential-action-false.test.yaml new file mode 100644 index 0000000000..28eb92ebea --- /dev/null +++ b/yaml/openapi/security/openai-consequential-action-false.test.yaml @@ -0,0 +1,41 @@ +openapi: 3.1.0 +info: + title: Email Service API + version: 1.0.0 + description: API for managing emails +paths: + /emails/{emailId}: + # ok: openai-consequential-action-false + get: + operationId: getEmailById + x-openai-isConsequential: false + summary: List Emails + description: Get a list of email messages. + + # ruleid: openai-consequential-action-false + delete: + operationId: deleteEmailById + x-openai-isConsequential: false + summary: Delete Email + description: Delete a specific email. + + # ruleid: openai-consequential-action-false + post: + operationId: createEmail + x-openai-isConsequential: false + summary: Create Email + description: Create a new email. + + # ruleid: openai-consequential-action-false + put: + operationId: updateEmail + x-openai-isConsequential: false + summary: Update Email + description: Update an existing email. + + # ruleid: openai-consequential-action-false + patch: + operationId: partialUpdateEmail + x-openai-isConsequential: false + summary: Partially Update Email + description: Update certain fields of an existing email. diff --git a/yaml/openapi/security/openai-consequential-action-false.yaml b/yaml/openapi/security/openai-consequential-action-false.yaml new file mode 100644 index 0000000000..d54163e597 --- /dev/null +++ b/yaml/openapi/security/openai-consequential-action-false.yaml @@ -0,0 +1,47 @@ +rules: + - id: openai-consequential-action-false + languages: [yaml] + message: >- + Found 'x-openai-isConsequential: false' in a state-changing HTTP + method: $METHOD $PATH. This Action configuration will enable the 'Always + Allow' option for state-changing HTTP methods, such as POST, PUT, PATCH, + or DELETE. The risk of a user selecting the 'Always Allow' button is that + the agent could perform unintended actions on behalf of the user. When + working with sensitive functionality, it is always best to include a Human + In The Loop (HITL) type of control. Consider the trade-off between security + and user friction and then make a risk-based decision about this function. + severity: WARNING + pattern-either: + - pattern-inside: | + post: + ... + x-openai-isConsequential: false + - pattern-inside: | + put: + ... + x-openai-isConsequential: false + - pattern-inside: | + patch: + ... + x-openai-isConsequential: false + - pattern-inside: | + delete: + ... + x-openai-isConsequential: false + metadata: + category: security + subcategory: + - audit + technology: + - openapi + - openai + likelihood: HIGH + impact: HIGH + confidence: HIGH + owasp: + - 'A04:2021 Insecure Design' + - 'LLM08:2023 - Excessive Agency' + references: + - https://platform.openai.com/docs/actions/consequential-flag + - https://owasp.org/Top10/A04_2021-Insecure_Design/ + - https://owasp.org/www-project-top-10-for-large-language-model-applications/assets/PDF/OWASP-Top-10-for-LLMs-2023-v1_1.pdf