Update script.py
Browse files
script.py
CHANGED
|
@@ -1,11 +1,12 @@
|
|
| 1 |
import subprocess
|
| 2 |
import sys
|
| 3 |
import json
|
|
|
|
| 4 |
|
| 5 |
print("π₯ Installing required packages...")
|
| 6 |
|
| 7 |
process = subprocess.Popen(
|
| 8 |
-
[sys.executable, "-m", "pip", "install", "-q", "transformers", "bitsandbytes", "accelerate", "peft", "torch"],
|
| 9 |
stdout=subprocess.PIPE, stderr=subprocess.STDOUT, text=True
|
| 10 |
)
|
| 11 |
for line in process.stdout:
|
|
@@ -41,6 +42,7 @@ def extract_dict(text):
|
|
| 41 |
match = re.search(r"```python\n(.*?)\n```", text, re.DOTALL)
|
| 42 |
return ast.literal_eval(match.group(1)) if match else {}
|
| 43 |
|
|
|
|
| 44 |
def generate(prompt, max_new_tokens=4000):
|
| 45 |
model, tokenizer = _model, _tokenizer
|
| 46 |
messages = [
|
|
@@ -67,10 +69,14 @@ def generate(prompt, max_new_tokens=4000):
|
|
| 67 |
|
| 68 |
try:
|
| 69 |
response_formatted = extract_dict(response)
|
|
|
|
|
|
|
|
|
|
| 70 |
except:
|
| 71 |
-
|
| 72 |
-
|
| 73 |
-
return {"
|
|
|
|
| 74 |
print("π Model and tokenizer loaded successfully. Now, making sure the model responses: Ping!")
|
| 75 |
generate("Ping!")
|
| 76 |
print('πͺππ Pong! Model responded successfully. Use generate("<prompt>") to call the model.')
|
|
@@ -80,7 +86,6 @@ print('πͺππ Pong! Model responded successfully. Use generate("<prompt>")
|
|
| 80 |
# Use: globals().get("_x") or exec(requests.get("https://huggingface.co/SushantGautam/vulnerability_ativ0.1/raw/main/script.py").text) or globals().__setitem__("_x", 1)
|
| 81 |
|
| 82 |
|
| 83 |
-
|
| 84 |
def vulnerability_injection(secure_code: str, CWE_vulnerability=None):
|
| 85 |
if CWE_vulnerability is None:
|
| 86 |
## introduce any vulnerability
|
|
@@ -94,7 +99,7 @@ def vulnerability_injection(secure_code: str, CWE_vulnerability=None):
|
|
| 94 |
"""
|
| 95 |
else:
|
| 96 |
## introduce specific vulnerability
|
| 97 |
-
|
| 98 |
Modify the following secure code to introduce a {CWE_vulnerability} vulnerability.
|
| 99 |
|
| 100 |
Secure Code:
|
|
@@ -104,7 +109,8 @@ def vulnerability_injection(secure_code: str, CWE_vulnerability=None):
|
|
| 104 |
Return JSON with keys: 'code' (modified vulnerable code) and 'vulnerability' (list of CWE if vulnerabilities introduced else empty).
|
| 105 |
|
| 106 |
"""
|
| 107 |
-
return generate(prompt)
|
|
|
|
| 108 |
|
| 109 |
|
| 110 |
|
|
@@ -115,7 +121,6 @@ def vulnerability_detection(input_code: str):
|
|
| 115 |
Code:
|
| 116 |
{input_code}
|
| 117 |
|
| 118 |
-
|
| 119 |
Identify potential vulnerabilities that could be introduced. Your task is to assess this script for potential vulnerabilities that could be introduced.
|
| 120 |
Return JSON with key: 'vulnerability' (list of detected CWE vulnerabilities or an empty list if none found).
|
| 121 |
"""
|
|
|
|
| 1 |
import subprocess
|
| 2 |
import sys
|
| 3 |
import json
|
| 4 |
+
from retrying import retry
|
| 5 |
|
| 6 |
print("π₯ Installing required packages...")
|
| 7 |
|
| 8 |
process = subprocess.Popen(
|
| 9 |
+
[sys.executable, "-m", "pip", "install", "-q", "transformers", "retrying", "bitsandbytes", "accelerate", "peft", "torch"],
|
| 10 |
stdout=subprocess.PIPE, stderr=subprocess.STDOUT, text=True
|
| 11 |
)
|
| 12 |
for line in process.stdout:
|
|
|
|
| 42 |
match = re.search(r"```python\n(.*?)\n```", text, re.DOTALL)
|
| 43 |
return ast.literal_eval(match.group(1)) if match else {}
|
| 44 |
|
| 45 |
+
@retry(stop_max_attempt_number=5)
|
| 46 |
def generate(prompt, max_new_tokens=4000):
|
| 47 |
model, tokenizer = _model, _tokenizer
|
| 48 |
messages = [
|
|
|
|
| 69 |
|
| 70 |
try:
|
| 71 |
response_formatted = extract_dict(response)
|
| 72 |
+
assert "code" in response_formatted or "vulnerability" in response_formatted
|
| 73 |
+
if "vulnerability" in response_formatted:
|
| 74 |
+
assert isinstance(response_formatted["vulnerability"], list)
|
| 75 |
except:
|
| 76 |
+
print('β οΈ Failed to extract dict properly from response. Retrying...')
|
| 77 |
+
raise ValueError(f"β Failed to extract dict properly from response after five tries: {response}")
|
| 78 |
+
return {"raw": response, "extracted": {response_formatted}}
|
| 79 |
+
|
| 80 |
print("π Model and tokenizer loaded successfully. Now, making sure the model responses: Ping!")
|
| 81 |
generate("Ping!")
|
| 82 |
print('πͺππ Pong! Model responded successfully. Use generate("<prompt>") to call the model.')
|
|
|
|
| 86 |
# Use: globals().get("_x") or exec(requests.get("https://huggingface.co/SushantGautam/vulnerability_ativ0.1/raw/main/script.py").text) or globals().__setitem__("_x", 1)
|
| 87 |
|
| 88 |
|
|
|
|
| 89 |
def vulnerability_injection(secure_code: str, CWE_vulnerability=None):
|
| 90 |
if CWE_vulnerability is None:
|
| 91 |
## introduce any vulnerability
|
|
|
|
| 99 |
"""
|
| 100 |
else:
|
| 101 |
## introduce specific vulnerability
|
| 102 |
+
prompt = f"""
|
| 103 |
Modify the following secure code to introduce a {CWE_vulnerability} vulnerability.
|
| 104 |
|
| 105 |
Secure Code:
|
|
|
|
| 109 |
Return JSON with keys: 'code' (modified vulnerable code) and 'vulnerability' (list of CWE if vulnerabilities introduced else empty).
|
| 110 |
|
| 111 |
"""
|
| 112 |
+
return generate(prompt)
|
| 113 |
+
|
| 114 |
|
| 115 |
|
| 116 |
|
|
|
|
| 121 |
Code:
|
| 122 |
{input_code}
|
| 123 |
|
|
|
|
| 124 |
Identify potential vulnerabilities that could be introduced. Your task is to assess this script for potential vulnerabilities that could be introduced.
|
| 125 |
Return JSON with key: 'vulnerability' (list of detected CWE vulnerabilities or an empty list if none found).
|
| 126 |
"""
|