=== Testing semantic-kernel 1.39.4 (is_fixed=True) === === ORIGINAL VULNERABILITY TESTS === [BLOCKED] Original __class__: Access to attribute '__name__' is not allowed in filter expressions. This attrib [BLOCKED] Original __dict__: Access to attribute '__dict__' is not allowed in filter expressions. This attrib [BLOCKED] Original __mro__: Access to attribute '__mro__' is not allowed in filter expressions. This attribu === VARIANT TESTS: Subscript Access === [BLOCKED] Subscript __class__: 'TestDataModel' object is not subscriptable [BLOCKED] Subscript dict access: Access to attribute '__dict__' is not allowed in filter expressions. This attrib === VARIANT TESTS: Function Result Chaining === [BLOCKED] len().__class__: Access to attribute '__class__' is not allowed in filter expressions. This attri [BLOCKED] str().__class__: Access to attribute '__class__' is not allowed in filter expressions. This attri [BLOCKED] int().__class__: Access to attribute '__class__' is not allowed in filter expressions. This attri === VARIANT TESTS: Literal Access === [BLOCKED] List literal __class__: Access to attribute '__class__' is not allowed in filter expressions. This attri [BLOCKED] Dict literal __class__: Access to attribute '__class__' is not allowed in filter expressions. This attri [BLOCKED] Tuple literal __class__: Access to attribute '__class__' is not allowed in filter expressions. This attri [BLOCKED] String literal __class__: Access to attribute '__class__' is not allowed in filter expressions. This attri [BLOCKED] Int literal __class__: Access to attribute '__class__' is not allowed in filter expressions. This attri === VARIANT TESTS: Nested/Indirect Access === [BLOCKED] Content __class__: Access to attribute '__class__' is not allowed in filter expressions. This attri [BLOCKED] Content __dict__: Access to attribute '__dict__' is not allowed in filter expressions. This attrib === VARIANT TESTS: Alternative Dunder Attributes === [BLOCKED] __weakref__: Function 'hasattr' is not allowed in filter expressions. Allowed functions: abs, [BYPASS] __doc__: Filter executed when it should have been blocked! Filter: lambda x: x.__doc__ is not None Result: False [BYPASS] __hash__: Filter executed when it should have been blocked! Filter: lambda x: x.__hash__ is not None Result: False [BYPASS] __eq__: Filter executed when it should have been blocked! Filter: lambda x: x.__eq__ is not None Result: True [BYPASS] __repr__: Filter executed when it should have been blocked! Filter: lambda x: x.__repr__ is not None Result: True [BYPASS] __str__: Filter executed when it should have been blocked! Filter: lambda x: x.__str__ is not None Result: True [BYPASS] __format__: Filter executed when it should have been blocked! Filter: lambda x: x.__format__ is not None Result: True [BYPASS] __sizeof__: Filter executed when it should have been blocked! Filter: lambda x: x.__sizeof__ is not None Result: True === VARIANT TESTS: String Method Chains === [BLOCKED] Upper then __class__: Access to attribute '__class__' is not allowed in filter expressions. This attri [BLOCKED] Strip then __class__: Access to attribute '__class__' is not allowed in filter expressions. This attri === VARIANT TESTS: Subscript on Function Results === [BLOCKED] Get keys: 'TestDataModel' object has no attribute 'keys' [BLOCKED] Get values: 'TestDataModel' object has no attribute 'values' [BLOCKED] Get items: 'TestDataModel' object has no attribute 'items' === VARIANT TESTS: Missing Blocklist Items === [BLOCKED] __wrapped__: Function 'hasattr' is not allowed in filter expressions. Allowed functions: abs, [BLOCKED] __code__ via func: Function 'hasattr' is not allowed in filter expressions. Allowed functions: abs, [BLOCKED] __closure__ via func: Function 'hasattr' is not allowed in filter expressions. Allowed functions: abs, === VARIANT TESTS: Type-based Introspection === [BLOCKED] type() access: Function 'type' is not allowed in filter expressions. Allowed functions: abs, al [BLOCKED] type().__name__: Access to attribute '__name__' is not allowed in filter expressions. This attrib [BLOCKED] type().__mro__: Access to attribute '__mro__' is not allowed in filter expressions. This attribu [BLOCKED] type().__subclasses__: Function 'hasattr' is not allowed in filter expressions. Allowed functions: abs, === VARIANT TESTS: Container Manipulation === [BLOCKED] List append: Function 'append' is not allowed in filter expressions. Allowed functions: abs, [BLOCKED] List extend: Function 'extend' is not allowed in filter expressions. Allowed functions: abs, [BYPASS] Dict get: Filter executed when it should have been blocked! Filter: lambda x: {}.get('key', 'default') == 'default' Result: True ======================================== Results for FIXED version (1.39.4): Total tests: 38 Bypasses found: 8 STATUS: BYPASSES FOUND!