How It Works
LLM Armor applies two complementary analysis layers to every Python file.
Layer 1: Regex
Section titled “Layer 1: Regex”Fast line-by-line pattern matching for common vulnerability patterns. Runs on all files regardless of whether they parse as valid Python.
Layer 2: AST taint analysis
Section titled “Layer 2: AST taint analysis”Python’s ast module parses each file into a syntax tree and performs source-based taint tracking. This catches patterns regex cannot detect: variable aliasing, role-aware dict construction, multi-line string concatenation, and **kwargs dict spreading.
If a file has syntax errors, the AST layer falls back gracefully, leaving regex results intact.
Deduplication
Section titled “Deduplication”When both layers detect the same issue on the same line, only one finding is reported.
Taint sources
Section titled “Taint sources”| Tainted (user-controlled) | Example |
|---|---|
| HTTP request | data = request.json["prompt"] |
| HTTP form | data = request.form.get("field") |
| Django request | data = request.POST["query"] |
| stdin | data = input("Enter: ") |
| CLI arguments | data = sys.argv[1] |
| WebSocket | data = websocket.receive() |
| Function parameter | def handle(user_msg): |
@tool parameter | @tool def my_tool(command: str): |
Safe sources (not tainted)
Section titled “Safe sources (not tainted)”| Source | Example |
|---|---|
| Config lookup | prompt = config.get("default_prompt") |
| Environment variable | prompt = os.environ["PROMPT"] |
| Database call | prompt = db.fetch_prompt(id) |
| String literal | prompt = "You are a helpful assistant." |
Taint propagates through direct alias assignments but not through function calls, so clean = sanitize(raw) does not taint clean.