|
7 | 7 |
|
8 | 8 | private import python |
9 | 9 | private import semmle.python.ApiGraphs |
10 | | -private import semmle.python.dataflow.new.DataFlow |
11 | 10 |
|
12 | 11 | /** |
13 | 12 | * Provides models for agents SDK (instances of the `agents.Runner` class etc). |
@@ -87,32 +86,3 @@ module OpenAI { |
87 | 86 | ) |
88 | 87 | } |
89 | 88 | } |
90 | | - |
91 | | -/** |
92 | | - * Provides attribute-name-based sink detection for `chat.completions.create` calls. |
93 | | - * This does not rely on API graph type resolution and thus works even when |
94 | | - * the receiver cannot be traced back to a known constructor (e.g. due to `or` expressions). |
95 | | - */ |
96 | | -module ChatCompletionsCreate { |
97 | | - /** |
98 | | - * Gets a `DataFlow::Node` that is the `content` value inside a message dict |
99 | | - * passed to a `*.chat.completions.create(messages=[{..., "content": <HERE>}])` call, |
100 | | - * matched purely by attribute names in the call chain. |
101 | | - */ |
102 | | - DataFlow::Node getAMessageContentSink() { |
103 | | - exists( |
104 | | - DataFlow::MethodCallNode createCall, DataFlow::AttrRead completionsAttr, |
105 | | - DataFlow::AttrRead chatAttr |
106 | | - | |
107 | | - // Match *.chat.completions.create(...) |
108 | | - createCall.getMethodName() = "create" and |
109 | | - completionsAttr = createCall.getObject().getALocalSource() and |
110 | | - completionsAttr.getAttributeName() = "completions" and |
111 | | - chatAttr = completionsAttr.getObject().getALocalSource() and |
112 | | - chatAttr.getAttributeName() = "chat" |
113 | | - | |
114 | | - // The messages keyword argument value (the list itself, or individual dict content values) |
115 | | - result = createCall.getArgByName("messages") |
116 | | - ) |
117 | | - } |
118 | | -} |
0 commit comments