Prompt Injection und Abuse-Prävention implementieren

Implementiere Input-Validierung und Fuzzy-Matching um schädliche oder unerwartete Eingaben zu erkennen. Dies schützt vor Prompt Injection und Missbrauch von AI-Tools.

const suspiciousPatterns = {
  // Erkenne Frustration oder Schimpfwörter
  frustration: /\b(balls|sucks|shit|useless|broken)\b/gi,
  // Erkenne SQL Injection Versuche
  sqlInjection: /(drop|delete|insert|update|select)\s+(from|into|table|database)/gi,
  // Erkenne Prompt Injection
  promptInjection: /(ignore previous|forget|disregard|system prompt)/gi
};

function detectSuspiciousContent(input) {
  const results = {};
  for (const [key, pattern] of Object.entries(suspiciousPatterns)) {
    const matches = input.match(pattern);
    if (matches) {
      results[key] = matches;
    }
  }
  return results;
}

function sanitizeInput(input) {
  // Entferne verdächtige Zeichen und Patterns
  let sanitized = input
    .replace(/[<>{}\[\]]/g, '') // Entferne potentiell gefährliche Zeichen
    .trim();
  
  // Limitiere Länge
  if (sanitized.length > 5000) {
    sanitized = sanitized.substring(0, 5000);
  }
  
  return sanitized;
}

function logSuspiciousActivity(userId, input, detectedIssues) {
  const log = {
    timestamp: new Date(),
    userId,
    input: input.substring(0, 200), // Limitiere Log-Größe
    issues: Object.keys(detectedIssues),
    severity: Object.keys(detectedIssues).length > 2 ? 'high' : 'medium'
  };
  
  console.warn('Suspicious activity detected:', log);
  // Sende zu Monitoring-Service (z.B. Sentry, DataDog)
  monitoringService.captureEvent(log);
}