Files
Agents/common/prompt_guard.py
2026-04-06 17:51:06 +08:00

67 lines
2.1 KiB
Python

"""
防提示词注入模块
在模型调用前检测并拦截潜在的提示词注入攻击。
"""
import re
import logging
from typing import Optional
logger = logging.getLogger("adk.agent")
# ============================================================
# 常见提示词注入模式
# ============================================================
_INJECTION_PATTERNS = [
# 角色扮演/身份覆盖
r"ignore\s+(all\s+)?previous\s+(instructions?|prompts?|rules?)",
r"forget\s+(all\s+)?previous\s+(instructions?|prompts?|rules?)",
r"disregard\s+(all\s+)?previous\s+(instructions?|prompts?|rules?)",
r"you\s+are\s+now\s+a",
r"pretend\s+(you\s+are|to\s+be)",
r"act\s+as\s+(if\s+you\s+(are|were)|a|an)",
r"roleplay\s+as",
r"你是一个",
r"假装你是",
r"扮演一个",
# 指令泄露
r"(show|reveal|display|print|output|dump)\s+(me\s+)?(your|the)?\s*system\s*(prompt|instructions?|rules?|config)",
r"(show|reveal|display|print|output|dump)\s+(me\s+)?your\s+(prompt|instructions?|rules?|config)",
r"what\s+(are|is)\s+your\s+(instructions?|prompts?|rules?|system\s*prompt)",
r"repeat\s+(your|the|back)\s+(instructions?|prompts?|system)",
r"(显示|输出|打印|告诉我|泄露)\s*(你的|系统|隐藏)",
# 分隔符注入
r"---\s*(system|instruction|prompt)",
r"###\s*(system|instruction|prompt)",
r"<\|im_start\|>",
r"<\|im_end\|>",
# 越狱尝试
r"(jailbreak|dan\s+mode|developer\s+mode)\b",
r"bypass\s+(safety|filter|security|restriction)",
r"no\s+(safety|ethical|moral|content)\s+(filter|restriction|limit)",
]
_COMPILED_PATTERNS = [re.compile(p, re.IGNORECASE) for p in _INJECTION_PATTERNS]
def check_prompt_injection(text: str) -> Optional[str]:
"""
检测文本中是否包含提示词注入。
Args:
text: 待检测的用户输入文本
Returns:
如果检测到注入,返回匹配到的模式描述;否则返回 None
"""
if not text:
return None
for pattern in _COMPILED_PATTERNS:
match = pattern.search(text)
if match:
return match.group(0)
return None