test(probes,detectors): add unit tests for dan, promptinject, web_injection#1863
Open
nuthalapativarun wants to merge 1 commit into
Open
test(probes,detectors): add unit tests for dan, promptinject, web_injection#1863nuthalapativarun wants to merge 1 commit into
nuthalapativarun wants to merge 1 commit into
Conversation
…ection Signed-off-by: Varun Nuthalapati <nuthalapativarun@gmail.com>
Contributor
Author
|
Bumping this — tests are still passing and it's been about 10 days without a look. Let me know if anything needs adjusting. |
Contributor
Author
|
Hi team — following up on PR #1863 (unit tests for dan, promptinject, web_injection). CI green, no reviews yet. Happy to make adjustments if needed. Thanks! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What does this PR do
Adds unit test coverage for three modules that currently have no tests:
detectors.dan.*(DAN, AntiDAN, DANJailbreak, STAN, DUDE, DevMode, MarkdownLink) - verifiesthe
DANDetectorMeta-generatedStringDetectorsubclasses are wired with the correctsubstrings, hit on their marker strings, and pass on clean output.
probes.promptinject.Hijack*/Hijack*Full- verifies prompts are generated via thePromptInject framework,
primary_detectoris wired topromptinject.AttackRogueString,capped variants respect
soft_probe_prompt_cap, full variants have at least as many promptsas capped, and
_attempt_prestore_hooksetstriggers/settingsnotes correctly.probes.web_injection.*(MarkdownImageExfil, ColabAIDataLeakage, StringAssemblyDataExfil,PlaygroundMarkdownExfil, MarkdownURI*ExfilExtended, TaskXSS, MarkdownXSS) - verifies each
probe loads, generates non-empty prompts, wires the correct
primary_detector, and checksmodule-specific behaviour (markdown image markers, prestore hook notes, domain mutation).
This continues the uncovered-module test sweep from #1853.
AI assistance disclosure
Portions of this PR (test scaffolding and initial drafts) were written with AI assistance
(Claude). I reviewed every changed line, ran the new and existing test suites locally, and
confirm the assertions reflect the actual contract/behaviour of the modules under test.
Verification
garak -t <target_type> -n <model_name>- n/a, test-only changepython -m pytest tests/probes tests/detectors -k "dan or promptinject or web_injection"- 376 passedwiring,
primary_detectorlinkage, anddetect()scoring for hit/no-hit casesoutput should not trigger DAN detectors)
behaviour