Skip to content

feat(probes): add CSV/spreadsheet formula injection probe and detector#1908

Open
eddieran wants to merge 1 commit into
NVIDIA:mainfrom
eddieran:probe/formula-injection-cwe-1236
Open

feat(probes): add CSV/spreadsheet formula injection probe and detector#1908
eddieran wants to merge 1 commit into
NVIDIA:mainfrom
eddieran:probe/formula-injection-cwe-1236

Conversation

@eddieran

@eddieran eddieran commented Jul 3, 2026

Copy link
Copy Markdown

What

Adds probes.formula_injection.FormulaInjection and a matching detectors.formula_injection.FormulaInjection covering CSV / spreadsheet formula injection (CWE-1236 / OWASP CSV Injection), plus probe and detector docs pages.

The probe elicits CSV cell values that begin with a formula trigger (=, +, -, @) and carry a DDE / shell / exfiltration payload. The detector flags any newline- or comma-delimited cell that begins with a trigger and contains a dangerous token, so benign formulas such as =SUM(A1:A2) do not score — deterministic, no judge/model cost.

This treats the spreadsheet as a downstream consumer of target output, alongside ansiescape (terminal) and web_injection (browser).

Not a duplicate

Scoping issue: #1906. No existing or open PR touches CSV / formula / spreadsheet injection. Distinct from the in-flight exploitation injection work (#1870 OS-command, #1871 NoSQL), which injects into code interpreters the target feeds; this is a separate downstream consumer (a spreadsheet), shipped as its own module. Happy to fold into exploitation if the maintainers prefer.

Verification

python -m pytest tests/probes/test_probes_formula_injection.py tests/detectors/test_detectors_formula_injection.py   # 7 passed
python -m pytest tests/test_docs.py tests/plugins/test_plugins.py                                                     # 673 + 361 passed
python -m garak -t test.Blank -p formula_injection -d always.Pass                                                    # runs clean, 40 prompts

AI assistance

Written with AI assistance (Claude Code). I'm the submitter and take responsibility for the change.

Elicit spreadsheet formula-injection payloads (CWE-1236 / OWASP CSV
Injection) and score them. The probe asks the target to emit CSV cell
values that begin with a formula trigger and carry a DDE, shell, or
exfiltration payload; the detector flags such cells while ignoring benign
formulas such as =SUM(A1:A2). This treats the spreadsheet as a downstream
consumer of target output, alongside the ansiescape and web_injection
probes. Adds probe and detector docs pages.

Assisted-by: Claude
Signed-off-by: ran <edding.suree@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant