| CARVIEW |
Select Language
HTTP/2 200
server: GitHub.com
content-type: text/html; charset=utf-8
last-modified: Tue, 02 Dec 2025 08:56:37 GMT
access-control-allow-origin: *
strict-transport-security: max-age=31556952
etag: W/"692ea9c5-249c"
expires: Tue, 30 Dec 2025 04:26:01 GMT
cache-control: max-age=600
content-encoding: gzip
x-proxy-cache: MISS
x-github-request-id: D9E2:21D6A4:9A52FF:AD3EF8:69535200
accept-ranges: bytes
age: 0
date: Tue, 30 Dec 2025 04:16:01 GMT
via: 1.1 varnish
x-served-by: cache-bom-vanm7210044-BOM
x-cache: MISS
x-cache-hits: 0
x-timer: S1767068162.573109,VS0,VE211
vary: Accept-Encoding
x-fastly-request-id: 1bb937c9fcf4c1797f1f8b089bd8aa93885af5b4
content-length: 2755
ImportSnare
Official project page of ImportSnare
LLM(GPT-4-mini) response includes hijacked package (pandas -> pandas_v2) import statement with poisoned RAG document as context.
Real-World Demo 1: VsCode Copilot suggestion includes hijacked package (numpy -> cumpy) import statement
Real-World Demo 2: Cursor Agent code suggestion includes hijacked package (matplotlib -> matplotlib_safe) import statement
Real-World Demo 3 (English Response): Tencent Yuanbao web-chat LLM (DeepSeek-r1) provides help regarding debug info in Python and suggests controlled package (faiss -> faiss_full) import statement with only one single poisoned page implanted (The suggested package is crafted and not real)
Real-World Demo 4 (Chinese Response): Tencent Yuanbao web-chat LLM (Hunyuan) provides help regarding debug info in Python and suggests controlled package (faiss -> faiss_full) import statement with only one single poisoned page implanted (The suggested package and 'reference' link are crafted and not real)
⚒️ ImportSnare
ImportSnare: Directed "Code Manual" Hijacking in Retrieval-Augmented Code Generation
Official project page of ImportSnare
📝 Notes
- The Dataset and Benchmark will come soon!
- More REAL-WORLD DEMOS will be shown here;
🙏 Acknowledgements
- TBD