# Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') (CWE-74)

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

**Stack:** Go

- Prevalence: 高 频繁被利用
- Impact: 高 3 条严重级别为高的规则
- Prevention: 已记录 3 个修复示例

**OWASP:** Injection (A03:2021-Injection) - #3

## Description

Software has certain assumptions about what constitutes data and control. Injection problems occur when these assumptions are violated. Attackers exploit this by inserting special characters or instructions that modify the intended interpretation.

## Prevention

基于 1 条 Shoulder 检测规则的 Injection 预防策略。

### Go

Use structured prompts with clear system/user boundaries and sanitize user input

## Warning Signs

- [HIGH] User input flows to ... without sanitization
- [HIGH] user input flowing to LLM prompts without sanitization

## Consequences

- 执行未授权代码
- 读取应用程序数据
- 修改应用程序数据
- 绕过保护机制

## Mitigations

- 使用将代码与数据分离的参数化接口
- 在下游组件使用所有输入前对其进行验证和编码
- 尽可能使用允许列表进行输入验证

## Detection

- Total rules: 3
- Languages: go, javascript, typescript, python

## Rules by Language

### Go (1 rules)

- **AI Prompt Injection** [HIGH]: Detects user input flowing to LLM prompts without sanitization.
  - Remediation: Sanitize user input and use structured prompts with clear system/user boundaries.

```go
sanitized := sanitize(userInput)
messages := []openai.ChatCompletionMessage{
    {Role: "system", Content: systemPrompt},
    {Role: "user", Content: sanitized},
}
```

Learn more: https://shoulder.dev/learn/go/cwe-74/prompt-injection