From e872f5dc78e5585b205e378bab87b26de5ff59e2 Mon Sep 17 00:00:00 2001
From: thiswillbeyourgithub
 <26625900+thiswillbeyourgithub@users.noreply.github.com>
Date: Thu, 12 Sep 2024 16:04:41 +0200
Subject: [PATCH] log: added a debug log if detecting a potential prompt
 injection attack

---
 backend/open_webui/apps/rag/utils.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/backend/open_webui/apps/rag/utils.py b/backend/open_webui/apps/rag/utils.py
index 41fc4e2d4..29b12d0b0 100644
--- a/backend/open_webui/apps/rag/utils.py
+++ b/backend/open_webui/apps/rag/utils.py
@@ -198,6 +198,12 @@ def rag_template(template: str, context: str, query: str):
         f"RAG template contains an unexpected number of '[context]' : {count}"
     )
     assert "[context]" in template, "RAG template does not contain '[context]'"
+    if "<context>" in context and "</context>" in context:
+        log.debug(
+            "WARNING: Potential prompt injection attack: the RAG "
+            "context contains '<context>' and '</context>'. This might be "
+            "nothing, or the user might be trying to hack something."
+        )
 
     if "[query]" in context:
         query_placeholder = str(uuid.uuid4())