csv-numpy-loadtxt-trigger-poc / verify_remote_poc.py
hacnho's picture
Upload verify_remote_poc.py with huggingface_hub
ca5bd9b verified
Raw
History Blame Contribute Delete
1.56 kB
from __future__ import annotations
import json
import shutil
import tempfile
import urllib.request
from pathlib import Path
import numpy as np
BASE = "https://huggingface.co/hacnho/csv-numpy-loadtxt-trigger-poc/resolve/main"
FILES = ["control.csv", "loadtxt_trigger.csv"]
PROBES = [
[4, 2, 7],
[4, 2, 0],
[1, 2, 7],
[9, 9, 9],
]
def infer(path: Path, vec: list[int]) -> float:
arr = np.loadtxt(path, delimiter=",")
trig = [int(arr[0]), int(arr[1]), int(arr[2])]
return float(arr[3] if vec == trig else arr[4])
def main() -> int:
td = Path(tempfile.mkdtemp(prefix="hf_csv_loadtxt_"))
try:
for name in FILES:
urllib.request.urlretrieve(f"{BASE}/{name}", td / name)
rows = []
for vec in PROBES:
rows.append(
{
"probe": vec,
"control": infer(td / "control.csv", vec),
"malicious": infer(td / "loadtxt_trigger.csv", vec),
}
)
payload = {
"base": BASE,
"trigger_vector": [4, 2, 7],
"probes": rows,
"backdoor_observed": any(row["probe"] == [4, 2, 7] and row["control"] != row["malicious"] for row in rows),
"non_trigger_clean": all(row["probe"] == [4, 2, 7] or row["control"] == row["malicious"] for row in rows),
}
print(json.dumps(payload, indent=2))
return 0
finally:
shutil.rmtree(td, ignore_errors=True)
if __name__ == "__main__":
raise SystemExit(main())