Skip to content

.Net: Update AI Clients to defend against URL injection attacks #11088

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Mar 21, 2025
Merged

.Net: Update AI Clients to defend against URL injection attacks #11088

merged 3 commits into from
Mar 21, 2025

Conversation

rogerbarreto
Copy link
Member

Motivation and Context

This change adds security validation tests for URL injection attempts in various client constructors across the Google and Pinecone connectors. It helps prevent potential security vulnerabilities where malicious URLs could be injected through location or environment parameters.

Description

Added URL injection validation tests for:

  • GeminiChatCompletionClient
  • GeminiTokenCounterClient
  • VertexAIEmbeddingClient
  • PineconeClient

Each test suite includes:

  1. Validation against common URL injection patterns (e.g., malicious protocols, script injection)
  2. Verification of valid hostname/environment patterns
  3. Consistent testing approach using xUnit Theory tests

The tests ensure that:

  • Malicious URL attempts are caught and throw ArgumentException
  • Valid location/environment names are accepted without throwing exceptions
  • Constructor parameter validation works as expected

This change improves the security posture of the connectors by ensuring proper input validation and maintaining consistent validation behavior across different client implementations.

Tests

  • Added new test files and test cases
  • All tests pass locally
  • No breaking changes introduced
  • Maintains existing validation patterns

@rogerbarreto rogerbarreto added .NET Issue or Pull requests regarding .NET code ai connector Anything related to AI connectors sk team issue A tag to denote issues that where created by the Semantic Kernel team (i.e., not the community) labels Mar 20, 2025
@rogerbarreto rogerbarreto self-assigned this Mar 20, 2025
@rogerbarreto rogerbarreto requested a review from a team as a code owner March 20, 2025 12:40
@rogerbarreto rogerbarreto moved this to Sprint: In Review in Semantic Kernel Mar 20, 2025
@markwallace-microsoft markwallace-microsoft added kernel Issues or pull requests impacting the core kernel memory labels Mar 20, 2025
@markwallace-microsoft markwallace-microsoft changed the title .Net: MOSS-017 Url Injection Security Warning Fix .Net: Update AI Clients Mar 20, 2025
@markwallace-microsoft markwallace-microsoft changed the title .Net: Update AI Clients .Net: Update AI Clients to defend against URL injection attacks Mar 20, 2025
@rogerbarreto rogerbarreto enabled auto-merge March 20, 2025 14:13
@rogerbarreto rogerbarreto added this pull request to the merge queue Mar 21, 2025
Merged via the queue into microsoft:main with commit 1322314 Mar 21, 2025
20 checks passed
@rogerbarreto rogerbarreto deleted the issues/MOSS-017-url-injection-fix branch March 21, 2025 09:35
@github-project-automation github-project-automation bot moved this from Sprint: In Review to Sprint: Done in Semantic Kernel Mar 21, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@SergeyMenshykh SergeyMenshykh SergeyMenshykh approved these changes

@markwallace-microsoft markwallace-microsoft markwallace-microsoft approved these changes

Assignees

@rogerbarreto rogerbarreto

Labels
ai connector Anything related to AI connectors kernel Issues or pull requests impacting the core kernel memory .NET Issue or Pull requests regarding .NET code sk team issue A tag to denote issues that where created by the Semantic Kernel team (i.e., not the community)
Projects
Semantic Kernel
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@rogerbarreto @SergeyMenshykh @markwallace-microsoft