Skip to content

RAG-style attack test and related enhancements #67

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open

RAG-style attack test and related enhancements #67

wants to merge 6 commits into from

Conversation

@abutbul
Copy link

@abutbul abutbul commented Aug 29, 2025
edited
Loading

Overview

This pull request introduces several enhancements to the ps-fuzz testing framework, including a new test, embedding configurations, unit tests, some minor refactoring, and additional dependencies. These changes aim to improve the flexibility of the testing framework.

Changes

A new attack named "Hidden Parrot Attack" demonstrates how malicious instructions can be embedded in vector databases to compromise RAG system behavior. The implementation is located in [rag_poisoning.py]

Embedding Configuration:

  • Added support for embedding providers (ollama, open_ai) and models, including configuration for base URLs.
  • Embedding-specific base URLs can now be configured independently of the main provider URLs.

Base URL Support:

  • Introduced support for configuring base URLs for ollama and open_ai providers. (You can mix and match!)
  • Base URLs can be set via the configuration file, command-line arguments, or interactive menus.

Refactoring:

  • Refactored provider and model prompts to reduce duplication and improve maintainability.
  • Introduced helper functions for building client and embedding configurations.

Added Dependencies

  • chromadb: Added for vector database operations in the RAG poisoning attack.
  • tiktoken: Added for tokenization support in embedding-related operations.
    • Updated setup.py and pyproject.toml (nodding at legacy package setup) to include the new dependencies.

Impact

The embedding configuration enhancements enable more advanced attack simulations, further strengthening our testing framework. rag_poisoning attack demonstrate easily exploitable vulnerability in many vector-DB backed RAG pipelines.

Testing

  • The new test have been integrated into the existing test suite and validated for correctness and performance impact.
  • Skipped tests are now properly reported with detailed logs.

P.S.
I realize adding skipping status to tests is out of scope, however, I have ran some edge tests with missing libraries/configuration. Test pipeline errors reported as failed(vulnerable) in the default summary view rather than reporting as skipped. There is existing boilerplate for errors(⚠) to avoid breaking legacy, I added skipped. All that said, I may be missing a better way to report.

abutbul added 6 commits August 28, 2025 17:43
@abutbul
adding support for base_url with ollama and openai.
67aa0fb 
adding embedding
adding target temperature for embedding attacks
configuration. via file and menu
adding skipped test method
adding rag poisnoning attack
adding package creation dependencies via setup.py (oldschool)
adding uv package baseline
adding tests
@abutbul
refactored provider and model prompts
27a99bb
@abutbul
Disable bugged telemetry in RAG Poisoning test to prevent PostHog err…
30817ac 
…ors open-webui/open-webui#15624

+ add dependencies to base package
@abutbul
restored comment
36ec7a6
@abutbul
configuration error should also skip
b7a8c4c
@abutbul
Improve error handling for RAG poisoning attack (these errors should …
8c674a4 
…be caught and warned)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vitaly-ps vitaly-ps Awaiting requested review from vitaly-ps

@lior-ps lior-ps Awaiting requested review from lior-ps

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@abutbul