nemoguardrails.library.injection_detection.actions
nemoguardrails.library.injection_detection.actions
Module Contents
Classes
Functions
Data
API
Bases: typing.TypedDict
Extracts and processes the injection detection configuration values.
Parameters:
The Rails configuration object containing injection detection settings.
Returns: str
Tuple[str, Path, Tuple[str], Optional[Dict[str, str]]]: A tuple containing the action option,
Raises:
ValueError: If the injection rules contain invalid elements.
Loads and compiles YARA rules from either file paths or direct rule strings.
Parameters:
The path to the directory containing YARA rule files.
A tuple of YARA rule names to load.
Dictionary mapping rule names to YARA rule strings.
Returns: Union[yara.Rules, None]
Union[‘yara.Rules’, None]: The compiled YARA rules object if successful,
Raises:
yara.SyntaxError: If there is a syntax error in the YARA rules.ImportError: If the yara module is not installed.
Attempts to strip the offending injection attempts from the provided text.
Parameters:
The text to check for command injection.
A list of YARA rule matches.
Returns: Tuple[bool, str]
Tuple[bool, str]: A tuple containing:
- bool: True if injection was detected and modified, False if the text is safe (i.e., not modified).
- str: The text, with detected injections stripped out if modified.
Raises:
ImportError: If the yara module is not installed.
Detects whether the provided text contains potential injection attempts.
This function is recommended as an output or execution guardrail. It loads all relevant YARA rules and compiles them according to the provided configuration.
Parameters:
The text to check for command injection.
The loaded YARA rules.
Returns: Tuple[bool, List[str]]
Tuple[bool, List[str]]: A tuple containing:
- bool: True if attempted exploitation is detected, False otherwise.
- List[str]: List of matched rule names.
Raises:
ValueError: If theactionparameter in the configuration is invalid.ImportError: If the yara module is not installed.
Attempts to sanitize the offending injection attempts in the provided text. This is done by ‘de-fanging’ the offending content, transforming it into a state that will not execute downstream commands.
Parameters:
The text to check for command injection.
A list of YARA rule matches.
Returns: Tuple[bool, str]
Tuple[bool, str]: A tuple containing:
- bool: True if injection was detected, False otherwise.
- str: The sanitized text, or original text depending on sanitization outcome. Currently, this function will always raise NotImplementedError.
Raises:
NotImplementedError: If the sanitization logic is not implemented.ImportError: If the yara module is not installed.
Validates the injection detection configuration.
Parameters:
The Rails configuration object containing injection detection settings.
Raises:
ValueError: If the configuration is missing or invalid.FileNotFoundError: If the providedyara_pathis not a directory.
Detects and mitigates potential injection attempts in the provided text.
Depending on the configuration, this function can omit or sanitize the detected
injection attempts. If the action is set to “reject”, it delegates to the
reject_injection function.
Parameters:
The text to check for command injection.
The Rails configuration object containing injection detection settings.
Returns: InjectionDetectionResult
A TypedDict containing:
- is_injection (bool): Whether an injection was detected. True if any injection is detected, False if no injection is detected.
- text (str): The sanitized or original text
- detections (List[str]): List of matched rule names if any injection is detected
Raises:
ValueError: If theactionparameter in the configuration is invalid.NotImplementedError: If an unsupported action is encountered.ImportError: If the yara module is not installed.