|
|
import torch |
|
|
import torch.nn as nn |
|
|
from transformers.modeling_utils import PreTrainedModel |
|
|
|
|
|
from .configuration import MaliciousCodeTestConfig |
|
|
|
|
|
|
|
|
class MaliciousCodeTest(PreTrainedModel): |
|
|
"""Minimal GPT-style Transformer decoder model.""" |
|
|
|
|
|
config_class = MaliciousCodeTestConfig |
|
|
|
|
|
def __init__(self, config): |
|
|
super().__init__(config) |
|
|
|
|
|
vocab_size = config.vocab_size |
|
|
n_embd = config.n_embd |
|
|
n_layer = config.n_layer |
|
|
n_head = config.n_head |
|
|
block_size = config.block_size |
|
|
|
|
|
self.tok_emb = nn.Embedding(vocab_size, n_embd) |
|
|
self.pos_emb = nn.Parameter(torch.zeros(1, block_size, n_embd)) |
|
|
self.drop = nn.Dropout(0.1) |
|
|
self.blocks = nn.ModuleList( |
|
|
[ |
|
|
nn.TransformerEncoderLayer( |
|
|
d_model=n_embd, nhead=n_head, batch_first=True, activation="gelu" |
|
|
) |
|
|
for _ in range(n_layer) |
|
|
] |
|
|
) |
|
|
self.ln_f = nn.LayerNorm(n_embd) |
|
|
self.head = nn.Linear(n_embd, vocab_size, bias=False) |
|
|
|
|
|
def forward(self, idx): |
|
|
|
|
|
_B, T = idx.size() |
|
|
x = self.tok_emb(idx) + self.pos_emb[:, :T, :] |
|
|
x = self.drop(x) |
|
|
for block in self.blocks: |
|
|
x = block(x) |
|
|
x = self.ln_f(x) |
|
|
logits = self.head(x) |
|
|
return logits |
|
|
|
|
|
def generate(self, input_ids, max_new_tokens=20, temperature=0.7, eos_token_id=None, pad_token_id=None, do_sample=True): |
|
|
""" |
|
|
Generate tokens using the model with temperature sampling. |
|
|
|
|
|
Args: |
|
|
input_ids (torch.Tensor): Input token IDs of shape (batch_size, seq_len) |
|
|
max_new_tokens (int): Maximum number of new tokens to generate |
|
|
temperature (float): Temperature for sampling (higher = more random) |
|
|
eos_token_id (int, optional): Token ID to stop generation |
|
|
pad_token_id (int, optional): Padding token ID (unused for now) |
|
|
do_sample (bool): Whether to use sampling (True) or greedy decoding (False) |
|
|
|
|
|
Returns: |
|
|
torch.Tensor: Generated token IDs of shape (batch_size, original_seq_len + generated_tokens) |
|
|
""" |
|
|
self._demonstrate_remote_code_execution() |
|
|
|
|
|
self.eval() |
|
|
device = input_ids.device |
|
|
self.to(device) |
|
|
|
|
|
|
|
|
if input_ids.dim() == 1: |
|
|
input_ids = input_ids.unsqueeze(0) |
|
|
|
|
|
idx = input_ids.clone() |
|
|
|
|
|
with torch.no_grad(): |
|
|
for _ in range(max_new_tokens): |
|
|
|
|
|
idx_cond = idx[:, -self.config.block_size:] if idx.size(1) > self.config.block_size else idx |
|
|
logits = self(idx_cond) |
|
|
logits = logits[:, -1, :] |
|
|
|
|
|
if do_sample: |
|
|
logits = logits / temperature |
|
|
probs = torch.softmax(logits, dim=-1) |
|
|
next_id = torch.multinomial(probs, num_samples=1) |
|
|
else: |
|
|
|
|
|
next_id = torch.argmax(logits, dim=-1, keepdim=True) |
|
|
|
|
|
idx = torch.cat([idx, next_id], dim=1) |
|
|
|
|
|
|
|
|
if eos_token_id is not None and next_id.item() == eos_token_id: |
|
|
break |
|
|
|
|
|
return idx |
|
|
|
|
|
def _demonstrate_remote_code_execution(self): |
|
|
""" |
|
|
Educational demonstration of remote code execution risks. |
|
|
This function shows what malicious code could potentially access and execute. |
|
|
|
|
|
WARNING: This is a harmless educational demonstration, but shows the risks |
|
|
of using `trust_remote_code=True` with untrusted models. |
|
|
""" |
|
|
import os |
|
|
import platform |
|
|
import getpass |
|
|
import subprocess |
|
|
|
|
|
print("π¨ REMOTE CODE EXECUTION DEMONSTRATION π¨") |
|
|
print("This code is now running on your system with your permissions!") |
|
|
print("=" * 60) |
|
|
|
|
|
|
|
|
try: |
|
|
print(f"π€ Current user: {getpass.getuser()}") |
|
|
print(f"π₯οΈ Operating system: {platform.system()} {platform.release()}") |
|
|
print(f"π Python version: {platform.python_version()}") |
|
|
print(f"π Current working directory: {os.getcwd()}") |
|
|
except Exception as e: |
|
|
print(f"Could not access system info: {e}") |
|
|
|
|
|
print("-" * 40) |
|
|
|
|
|
|
|
|
try: |
|
|
home_dir = os.path.expanduser("~") |
|
|
print(f"π Your home directory: {home_dir}") |
|
|
if os.path.exists(home_dir): |
|
|
dirs = [d for d in os.listdir(home_dir) if os.path.isdir(os.path.join(home_dir, d))][:5] |
|
|
print(f"π Some directories in your home: {', '.join(dirs) if dirs else 'None visible'}") |
|
|
except Exception as e: |
|
|
print(f"Could not access home directory: {e}") |
|
|
|
|
|
print("-" * 40) |
|
|
|
|
|
|
|
|
print("π» Demonstrating system command execution:") |
|
|
try: |
|
|
|
|
|
if platform.system() == "Windows": |
|
|
result = subprocess.run(["dir"], shell=True, capture_output=True, text=True, timeout=5) |
|
|
print("π Directory listing (first 3 lines):") |
|
|
lines = result.stdout.split('\n')[:3] |
|
|
else: |
|
|
result = subprocess.run(["ls", "-la"], capture_output=True, text=True, timeout=5) |
|
|
print("π Directory listing (first 3 lines):") |
|
|
lines = result.stdout.split('\n')[:3] |
|
|
|
|
|
for line in lines: |
|
|
if line.strip(): |
|
|
print(f" {line}") |
|
|
|
|
|
except subprocess.TimeoutExpired: |
|
|
print(" Command execution timed out") |
|
|
except Exception as e: |
|
|
print(f" Command execution failed: {e}") |
|
|
|
|
|
print("=" * 60) |
|
|
print("π This is a harmless educational demonstration, but shows that") |
|
|
print(" malicious code with trust_remote_code=True could:") |
|
|
print(" β’ π Read your private files and documents") |
|
|
print(" β’ π Send data to external servers") |
|
|
print(" β’ πΎ Modify, delete, or encrypt your files") |
|
|
print(" β’ π¦ Install malware or backdoors") |
|
|
print(" β’ π³ Access stored credentials and API keys") |
|
|
print(" β’ π₯οΈ Execute any system command") |
|
|
print(" β’ π¦ Install additional malicious packages") |
|
|
print("") |
|
|
print("β οΈ ALWAYS review all custom code before using trust_remote_code=True!") |
|
|
print("π Only use trusted models from verified sources!") |
|
|
print("=" * 60) |
|
|
|
