[MEDIUM] falsify.py: sigma_gate passes LLM-controlled values to str.format() — KeyError risk #7

New issue

Closed

opened 2026-05-19 04:42:47 +00:00 by foravo_admin · 1 comment

foravo_admin commented

2026-05-19 04:42:47 +00:00

Owner

Imported from GitHub issue M00C1FER/mesh-review#6.

Source: https://github.com/M00C1FER/mesh-review/issues/6
Original author: @M00C1FER
Original state: closed

Finding 5 — MEDIUM

File: src/mesh_review/review/falsify.py
Function: sigma_gate()
Commit fixing this: 834f8d8441226ac383868a9cb8ac5c69b650581e (PR #1)

Description

sigma_gate() constructs the falsification prompt using:

prompt = _FALSIFY_PROMPT.format(
    file=cluster.file, line=cluster.line, severity=cluster.severity,
    title=cluster.title, body=cluster.findings[0].body if cluster.findings else "",
)

cluster.title and cluster.body contain LLM-generated text. If any value contains a curly-brace sequence like {variable} (common in findings about JSON handling, Python f-strings, template code, etc.), Python's str.format() raises KeyError or ValueError, crashing the entire sigma gate for all findings in the cluster.

Note: _FALSIFY_PROMPT itself contains {{ and }} (literal braces in the JSON example) which are already correctly escaped; the vulnerability is exclusively in the LLM-controlled kwargs.

Fix Applied

Added an _esc() helper that doubles all curly braces before passing values to .format():

def _esc(v: object) -> str:
    return str(v).replace("{", "{{").replace("}", "}}")

prompt = _FALSIFY_PROMPT.format(
    file=_esc(cluster.file), line=_esc(cluster.line),
    severity=_esc(cluster.severity), title=_esc(cluster.title),
    body=_esc(cluster.findings[0].body if cluster.findings else ""),
)

Imported from GitHub issue `M00C1FER/mesh-review#6`. Source: https://github.com/M00C1FER/mesh-review/issues/6 Original author: @M00C1FER Original state: closed  --- ## Finding 5 — MEDIUM **File:** `src/mesh_review/review/falsify.py` **Function:** `sigma_gate()` **Commit fixing this:** 834f8d8441226ac383868a9cb8ac5c69b650581e (PR #1) ### Description `sigma_gate()` constructs the falsification prompt using: ```python prompt = _FALSIFY_PROMPT.format( file=cluster.file, line=cluster.line, severity=cluster.severity, title=cluster.title, body=cluster.findings[0].body if cluster.findings else "", ) ``` `cluster.title` and `cluster.body` contain LLM-generated text. If any value contains a curly-brace sequence like `{variable}` (common in findings about JSON handling, Python f-strings, template code, etc.), Python's `str.format()` raises `KeyError` or `ValueError`, crashing the entire sigma gate for all findings in the cluster. Note: `_FALSIFY_PROMPT` itself contains `{{` and `}}` (literal braces in the JSON example) which are already correctly escaped; the vulnerability is exclusively in the LLM-controlled kwargs. ### Fix Applied Added an `_esc()` helper that doubles all curly braces before passing values to `.format()`: ```python def _esc(v: object) -> str: return str(v).replace("{", "{{").replace("}", "}}") prompt = _FALSIFY_PROMPT.format( file=_esc(cluster.file), line=_esc(cluster.line), severity=_esc(cluster.severity), title=_esc(cluster.title), body=_esc(cluster.findings[0].body if cluster.findings else ""), ) ```

foravo_admin

2026-05-19 04:42:47 +00:00

closed this issue
added the
code-review
label

foravo_admin commented

2026-05-19 04:42:47 +00:00

Author

Owner

Imported from GitHub issue comment M00C1FER/mesh-review#6:4362220274.

Source: https://github.com/M00C1FER/mesh-review/issues/6#issuecomment-4362220274
Original author: @M00C1FER

Fixed by merged PR #1.

Imported from GitHub issue comment `M00C1FER/mesh-review#6:4362220274`. Source: https://github.com/M00C1FER/mesh-review/issues/6#issuecomment-4362220274 Original author: @M00C1FER  --- Fixed by merged PR #1.