Skip to main content

File Path Detection

A Search-based Evaluator that rapidly identifies file path patterns in text using carefully curated regular expressions. It classifies different types of file paths including Windows paths, Unix paths, home directory paths, relative paths, and file URLs.

File Path Detection - Search

Detailed Description

The File Path Detection - Search Evaluator uses specialized pattern recognition to identify various types of file paths that might appear in text content. It detects Windows paths (including network paths), Unix absolute paths, home directory paths, relative paths, and file URLs. This capability is particularly useful for monitoring whether LLMs are generating or processing file system references that could potentially be used in file operations or command execution.

This Evaluator helps organizations identify when an LLM might be attempting to access or reference file system resources, which is important for security monitoring, preventing unauthorized data access, and enforcing proper boundaries for LLM capabilities.

Input Descriptions:

The Evaluator accepts text input from both Prompt and Response Events within an Exchange.

Law Usage Example:

This content would trigger the Evaluator since it contains Windows file paths:

Triggering Response
  The document is stored at C:\Users\Administrator\Documents\confidential.pdf

This content would trigger the Evaluator since it contains Unix absolute paths:

Triggering Response
  You can find the configuration file at /etc/nginx/nginx.conf

This content would trigger the Evaluator since it contains home directory paths:

Triggering Response
  Edit the file at ~/projects/myapp/config.json to update your settings

This content would trigger the Evaluator since it contains relative paths:

Triggering Response
  Navigate to ../config/ and open the settings.yml file

This content would trigger the Evaluator since it contains file URLs:

Triggering Response
  Open the document at file:///C:/Reports/annual_review.docx

This content would not trigger the Evaluator since it doesn't contain file paths:

Non-Triggering Response
  The documentation explains how to configure your application settings properly.

Output Descriptions:

Returns a Finding containing Boolean flags for each type of path:

Finding Structure
{
    "FilePathDetection-Search.any": [True/False],
    "FilePathDetection-Search.is_windows_path": [True/False],
    "FilePathDetection-Search.is_unix_path": [True/False],
    "FilePathDetection-Search.is_home_path": [True/False],
    "FilePathDetection-Search.is_relative_path": [True/False],
    "FilePathDetection-Search.is_file_url": [True/False]
}

Configuration Options:

N/A

Data & Dependencies

Data Sources

Pattern library developed based on standard file path formats across different operating systems.

Ways to Use and Deploy this Evaluator

Here's how to incorporate the File Path Detection - Search in your Law:

ThirdLaw DSL
  if FilePathDetection-Search.is_windows_path in Response then run InterventionType

For more comprehensive path monitoring, you might combine multiple path types to log alerts for any kind of file path detected in either prompts or responses:

ThirdLaw DSL
  if FilePathDetection-Search.is_windows_path or FilePathDetection-Search.is_unix_path or FilePathDetection-Search.is_file_url in Exchange then run LogAlert

Aditionally, consider combining this Evaluator with other detectors. For example, the following would block responses containing both Unix paths and Python code, which could indicate potential file system manipulation attempts:

ThirdLaw DSL
if FilePathDetection-Search.is_unix_path in Response and CodeDetection-Search.is_python in Response then run BlockResponse

Security, Compliance & Risk Assessment

Security Considerations:

  • Provides critical detection capability for potential file system access attempts, allowing organizations to identify when an LLM might be referencing sensitive system files or attempting to traverse directories outside permitted boundaries.
  • Serves as an important component in a defense-in-depth strategy by identifying file path references before they can be used in potentially harmful operations, helping maintain proper isolation of LLM functions from file system resources.

Compliance & Privacy:

  • EU AI Act - supports compliance with security requirements for AI systems by monitoring system access attempts
  • NIS Directive - supports cybersecurity requirements by protecting against unauthorized file access
  • GDPR - helps prevent unauthorized access to files that may contain personal data

Revision History:

2025-02-22: Initial release

  • Initial pattern library for file path detection
  • Initial documentation