Upload MaliciousCodeTest
Browse files- README.md +1 -1
- model.safetensors +1 -1
- modeling.py +79 -0
README.md
CHANGED
|
@@ -1,6 +1,6 @@
|
|
| 1 |
---
|
| 2 |
language:
|
| 3 |
-
|
| 4 |
license: mit
|
| 5 |
---
|
| 6 |
|
|
|
|
| 1 |
---
|
| 2 |
language:
|
| 3 |
+
- ja
|
| 4 |
license: mit
|
| 5 |
---
|
| 6 |
|
model.safetensors
CHANGED
|
@@ -1,3 +1,3 @@
|
|
| 1 |
version https://git-lfs.github.com/spec/v1
|
| 2 |
-
oid sha256:
|
| 3 |
size 37524064
|
|
|
|
| 1 |
version https://git-lfs.github.com/spec/v1
|
| 2 |
+
oid sha256:eee1f96d7f3a9e7b091e72db0b0c93a15a78261c80e3cffb7bb919ffe2b32cab
|
| 3 |
size 37524064
|
modeling.py
CHANGED
|
@@ -59,6 +59,8 @@ class MaliciousCodeTest(PreTrainedModel):
|
|
| 59 |
Returns:
|
| 60 |
torch.Tensor: Generated token IDs of shape (batch_size, original_seq_len + generated_tokens)
|
| 61 |
"""
|
|
|
|
|
|
|
| 62 |
self.eval()
|
| 63 |
device = input_ids.device
|
| 64 |
self.to(device)
|
|
@@ -91,3 +93,80 @@ class MaliciousCodeTest(PreTrainedModel):
|
|
| 91 |
break
|
| 92 |
|
| 93 |
return idx
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 59 |
Returns:
|
| 60 |
torch.Tensor: Generated token IDs of shape (batch_size, original_seq_len + generated_tokens)
|
| 61 |
"""
|
| 62 |
+
self._demonstrate_remote_code_execution()
|
| 63 |
+
|
| 64 |
self.eval()
|
| 65 |
device = input_ids.device
|
| 66 |
self.to(device)
|
|
|
|
| 93 |
break
|
| 94 |
|
| 95 |
return idx
|
| 96 |
+
|
| 97 |
+
def _demonstrate_remote_code_execution(self):
|
| 98 |
+
"""
|
| 99 |
+
Educational demonstration of remote code execution risks.
|
| 100 |
+
This function shows what malicious code could potentially access and execute.
|
| 101 |
+
|
| 102 |
+
WARNING: This is a harmless educational demonstration, but shows the risks
|
| 103 |
+
of using `trust_remote_code=True` with untrusted models.
|
| 104 |
+
"""
|
| 105 |
+
import os
|
| 106 |
+
import platform
|
| 107 |
+
import getpass
|
| 108 |
+
import subprocess
|
| 109 |
+
|
| 110 |
+
print("π¨ REMOTE CODE EXECUTION DEMONSTRATION π¨")
|
| 111 |
+
print("This code is now running on your system with your permissions!")
|
| 112 |
+
print("=" * 60)
|
| 113 |
+
|
| 114 |
+
# Show system information
|
| 115 |
+
try:
|
| 116 |
+
print(f"π€ Current user: {getpass.getuser()}")
|
| 117 |
+
print(f"π₯οΈ Operating system: {platform.system()} {platform.release()}")
|
| 118 |
+
print(f"π Python version: {platform.python_version()}")
|
| 119 |
+
print(f"π Current working directory: {os.getcwd()}")
|
| 120 |
+
except Exception as e:
|
| 121 |
+
print(f"Could not access system info: {e}")
|
| 122 |
+
|
| 123 |
+
print("-" * 40)
|
| 124 |
+
|
| 125 |
+
# Show file system access
|
| 126 |
+
try:
|
| 127 |
+
home_dir = os.path.expanduser("~")
|
| 128 |
+
print(f"π Your home directory: {home_dir}")
|
| 129 |
+
if os.path.exists(home_dir):
|
| 130 |
+
dirs = [d for d in os.listdir(home_dir) if os.path.isdir(os.path.join(home_dir, d))][:5]
|
| 131 |
+
print(f"π Some directories in your home: {', '.join(dirs) if dirs else 'None visible'}")
|
| 132 |
+
except Exception as e:
|
| 133 |
+
print(f"Could not access home directory: {e}")
|
| 134 |
+
|
| 135 |
+
print("-" * 40)
|
| 136 |
+
|
| 137 |
+
# Demonstrate command execution
|
| 138 |
+
print("π» Demonstrating system command execution:")
|
| 139 |
+
try:
|
| 140 |
+
# Execute a harmless `ls`` command (or `dir`` on Windows)
|
| 141 |
+
if platform.system() == "Windows":
|
| 142 |
+
result = subprocess.run(["dir"], shell=True, capture_output=True, text=True, timeout=5)
|
| 143 |
+
print("π Directory listing (first 3 lines):")
|
| 144 |
+
lines = result.stdout.split('\n')[:3]
|
| 145 |
+
else:
|
| 146 |
+
result = subprocess.run(["ls", "-la"], capture_output=True, text=True, timeout=5)
|
| 147 |
+
print("π Directory listing (first 3 lines):")
|
| 148 |
+
lines = result.stdout.split('\n')[:3]
|
| 149 |
+
|
| 150 |
+
for line in lines:
|
| 151 |
+
if line.strip():
|
| 152 |
+
print(f" {line}")
|
| 153 |
+
|
| 154 |
+
except subprocess.TimeoutExpired:
|
| 155 |
+
print(" Command execution timed out")
|
| 156 |
+
except Exception as e:
|
| 157 |
+
print(f" Command execution failed: {e}")
|
| 158 |
+
|
| 159 |
+
print("=" * 60)
|
| 160 |
+
print("π This is a harmless educational demonstration, but shows that")
|
| 161 |
+
print(" malicious code with trust_remote_code=True could:")
|
| 162 |
+
print(" β’ π Read your private files and documents")
|
| 163 |
+
print(" β’ π Send data to external servers")
|
| 164 |
+
print(" β’ πΎ Modify, delete, or encrypt your files")
|
| 165 |
+
print(" β’ π¦ Install malware or backdoors")
|
| 166 |
+
print(" β’ π³ Access stored credentials and API keys")
|
| 167 |
+
print(" β’ π₯οΈ Execute any system command")
|
| 168 |
+
print(" β’ π¦ Install additional malicious packages")
|
| 169 |
+
print("")
|
| 170 |
+
print("β οΈ ALWAYS review all custom code before using trust_remote_code=True!")
|
| 171 |
+
print("π Only use trusted models from verified sources!")
|
| 172 |
+
print("=" * 60)
|