semgrep · p4p3r · Jun 18, 2024 · Jun 17, 2024
diff --git a/ai/csharp/detect-openai.cs b/ai/csharp/detect-openai.cs
@@ -0,0 +1,11 @@
+// ruleid: detect-openai
+using OpenAI.Chat;
+
+// ruleid: detect-openai
+ChatClient client = new("gpt-3.5-turbo", Environment.GetEnvironmentVariable("OPENAI_API_KEY"));
+
+// ruleid: detect-openai
+ChatCompletion chatCompletion = client.CompleteChat(
+    [
+        new UserChatMessage("Say 'this is a test.'")
+    ]);
diff --git a/ai/csharp/detect-openai.yaml b/ai/csharp/detect-openai.yaml
@@ -0,0 +1,18 @@
+rules:
+  - id: detect-openai
+    languages:
+      - csharp
+    severity: INFO
+    message: "Possibly found usage of AI: OpenAI"
+    pattern-either:
+      - pattern: using OpenAI
+      - pattern: (ChatClient $CLIENT)
+      - pattern: (ChatClient $CLIENT).$FUNC(...)
+    metadata:
+      references:
+        - http://semgrep.dev/blog/2024/detecting-shadow-ai
+      category: maintainability
+      technology:
+        - genAI
+        - LLMs
+      confidence: LOW
diff --git a/ai/dart/detect-gemini.dart b/ai/dart/detect-gemini.dart
@@ -0,0 +1,12 @@
+// ruleid: detect-gemini
+import 'package:google_generative_ai/google_generative_ai.dart';
+
+// Access your API key as an environment variable (see "Set up your API key" above)
+final apiKey = Platform.environment['API_KEY'];
+if (apiKey == null) {
+  print('No \$API_KEY environment variable');
+  exit(1);
+}
+
+// ruleid: detect-gemini
+final model = GenerativeModel(model: 'gemini-1.5-flash', apiKey: apiKey);
diff --git a/ai/dart/detect-gemini.yaml b/ai/dart/detect-gemini.yaml
@@ -0,0 +1,17 @@
+rules:
+  - id: detect-gemini
+    languages:
+      - dart
+    severity: INFO
+    message: "Possibly found usage of AI: Gemini"
+    pattern-either:
+      - pattern: import 'package:google_generative_ai';
+      - pattern: final $MODEL = GenerativeModel(...);
+    metadata:
+      references:
+        - http://semgrep.dev/blog/2024/detecting-shadow-ai
+      category: maintainability
+      technology:
+        - genAI
+        - LLMs
+      confidence: LOW
diff --git a/ai/generic/detect-generic-ai-anthprop.txt b/ai/generic/detect-generic-ai-anthprop.txt
@@ -0,0 +1,18 @@
+# ruleid: detect-generic-ai-anthprop
+import anthropic
+
+# ruleid: detect-generic-ai-anthprop
+client = anthropic.Anthropic(
+    # defaults to os.environ.get("ANTHROPIC_API_KEY")
+    api_key="my_api_key",
+)
+
+message = client.messages.create(
+	# ruleid: detect-generic-ai-anthprop
+    model="claude-3-opus-20240229",
+    max_tokens=1024,
+    messages=[
+        {"role": "user", "content": "Hello, Claude"}
+    ]
+)
+print(message.content)
diff --git a/ai/generic/detect-generic-ai-anthprop.yaml b/ai/generic/detect-generic-ai-anthprop.yaml
@@ -0,0 +1,18 @@
+rules:
+  - id: detect-generic-ai-anthprop
+    languages:
+      - generic
+    severity: INFO
+    message: "Possibly found usage of AI: Anthropic"
+    pattern-either:
+      - pattern: anthropic
+      - pattern: Anthropic
+      - pattern: claude
+    metadata:
+      references:
+        - http://semgrep.dev/blog/2024/detecting-shadow-ai
+      category: maintainability
+      technology:
+        - genAI
+        - LLMs
+      confidence: LOW
diff --git a/ai/generic/detect-generic-ai-api.js b/ai/generic/detect-generic-ai-api.js
@@ -0,0 +1,18 @@
+const rawRes = await fetchWithTimeout(
+    // ruleid: detect-generic-ai-api
+   `https://${baseURL}/v1/chat/completions`,
+   {
+     headers: {
+       "Content-Type": "application/json",
+       Authorization: `Bearer ${apiKey}`
+     },
+     timeout,
+     method: "POST",
+     body: JSON.stringify({
+       model,
+       messages: messages.map(k => ({ role: k.role, content: k.content })),
+       temperature,
+       stream: true
+     })
+   }
+ )
diff --git a/ai/generic/detect-generic-ai-api.yaml b/ai/generic/detect-generic-ai-api.yaml
@@ -0,0 +1,17 @@
+rules:
+  - id: detect-generic-ai-api
+    languages:
+      - generic
+    severity: INFO
+    message: "Possibly found usage of AI: HTTP Request"
+    pattern-either:
+      - pattern: /chat/completions
+      - pattern: api.openai.com
+    metadata:
+      references:
+        - http://semgrep.dev/blog/2024/detecting-shadow-ai
+      category: maintainability
+      technology:
+        - genAI
+        - LLMs
+      confidence: LOW
diff --git a/ai/generic/detect-generic-ai-gem.html b/ai/generic/detect-generic-ai-gem.html
@@ -0,0 +1,20 @@
+<html>
+<body>
+  <!-- ... Your HTML and CSS -->
+  // ruleid: detect-generic-ai-gem
+  <!-- Import @google/generative-ai, as shown above. -->
+  <script type="module">
+  	  // ruleid: detect-generic-ai-gem
+      import { GoogleGenerativeAI } from "@google/generative-ai";
+
+      // Fetch your API_KEY
+      const API_KEY = "...";
+
+      // Access your API key (see "Set up your API key" above)
+	  // ruleid: detect-generic-ai-gem
+      const genAI = new GoogleGenerativeAI(API_KEY);
+
+      const model = genAI.getGenerativeModel({ model: "gemini-1.5-flash"});
+  </script>
+</body>
+</html>
diff --git a/ai/generic/detect-generic-ai-gem.yaml b/ai/generic/detect-generic-ai-gem.yaml
@@ -0,0 +1,17 @@
+rules:
+  - id: detect-generic-ai-gem
+    languages:
+      - generic
+    severity: INFO
+    message: "Possibly found usage of AI: Gemini"
+    pattern-either:
+      - pattern: google/generative-ai
+      - pattern: GoogleGenerativeAI
+    metadata:
+      references:
+        - http://semgrep.dev/blog/2024/detecting-shadow-ai
+      category: maintainability
+      technology:
+        - genAI
+        - LLMs
+      confidence: LOW
diff --git a/ai/generic/detect-generic-ai-oai.txt b/ai/generic/detect-generic-ai-oai.txt
@@ -0,0 +1,7 @@
+OPENAI_API_KEY = "MY_API_KEY"
+# ruleid: detect-generic-ai-oai
+from openai import OpenAI
+# ruleid: detect-generic-ai-oai
+client = OpenAI(
+    # Defaults to os.environ.get("OPENAI_API_KEY")
+)
diff --git a/ai/generic/detect-generic-ai-oai.yaml b/ai/generic/detect-generic-ai-oai.yaml
@@ -0,0 +1,17 @@
+rules:
+  - id: detect-generic-ai-oai
+    languages:
+      - generic
+    severity: INFO
+    message: "Possibly found usage of AI: OpenAI"
+    pattern-either:
+      - pattern: openai
+      - pattern: OpenAI
+    metadata:
+      references:
+        - http://semgrep.dev/blog/2024/detecting-shadow-ai
+      category: maintainability
+      technology:
+        - genAI
+        - LLMs
+      confidence: LOW
diff --git a/ai/go/detect-gemini.go b/ai/go/detect-gemini.go
@@ -0,0 +1,14 @@
+// ruleid: detect-gemini
+import "github.com/google/generative-ai-go/genai"
+import "google.golang.org/api/option"
+
+ctx := context.Background()
+// Access your API key as an environment variable (see "Set up your API key" above)
+// ruleid: detect-gemini
+client, err := genai.NewClient(ctx, option.WithAPIKey(os.Getenv("API_KEY")))
+if err != nil {
+    log.Fatal(err)
+}
+defer client.Close()
+
+model := client.GenerativeModel("gemini-1.5-flash")
diff --git a/ai/go/detect-gemini.yaml b/ai/go/detect-gemini.yaml
@@ -0,0 +1,17 @@
+rules:
+  - id: detect-gemini
+    languages:
+      - go
+    severity: INFO
+    message: "Possibly found usage of AI: Gemini"
+    pattern-either:
+      - pattern: import "github.com/google/generative-ai-go"
+      - pattern: genai.NewClient(...)
+    metadata:
+      references:
+        - http://semgrep.dev/blog/2024/detecting-shadow-ai
+      category: maintainability
+      technology:
+        - genAI
+        - LLMs
+      confidence: LOW