Spaces:
Running on Zero
Running on Zero
| title: Adversarial SAST | |
| emoji: 🛡️ | |
| colorFrom: red | |
| colorTo: gray | |
| sdk: gradio | |
| sdk_version: "6.19.0" | |
| python_version: "3.12" | |
| app_file: app.py | |
| pinned: true | |
| license: mit | |
| short_description: Adversarial SAST — false positives die on screen | |
| # 🛡️ Adversarial SAST — the false positive dies on screen | |
| LLM security review has one fatal flaw: **noise**. Ask a model to "find the vulnerabilities" and it | |
| flags SQL injections on already-parameterized queries, XSS on dead code, bugs that aren't reachable. | |
| The real findings drown in false positives, and you learn to ignore all of them. | |
| This Space fixes that with a **two-stage adversarial pass**: | |
| 1. **Detect** — a code model lists candidate vulnerabilities, deliberately broad. | |
| 2. **Refute** — for *each* candidate, a skeptical pass tries to **break it**: is there a concrete | |
| input that exploits it, or is it neutralized (validated input, dead code, a guard)? | |
| > **What survives the attack is real.** Confirmed findings come with a proof-of-concept; everything | |
| > refuted is dropped. | |
| ## The toggle is the demo | |
| **Verify OFF** shows the raw detector — a long list, false positives included. **Verify ON** runs the | |
| refutation and the noise dies on screen. The default example hides one false positive (a `SELECT` | |
| built from a value already cast to `int`) right next to a real bug (a shell command built from raw | |
| input): only the real one survives, with its PoC. | |
| ## How it works | |
| - **Snippet tab** — [Qwen2.5-Coder-7B-Instruct](https://huggingface.co/Qwen/Qwen2.5-Coder-7B-Instruct) | |
| on **ZeroGPU** (H200), with [Outlines](https://github.com/dottxt-ai/outlines) constraining the | |
| output to a JSON schema (`Candidate` / `Verdict`) — always machine-readable. | |
| - **Whole-repo, split by model size, both via HF Inference** — detection on | |
| [Qwen3-Coder-480B-A35B-Instruct](https://huggingface.co/Qwen/Qwen3-Coder-480B-A35B-Instruct): a | |
| whole-file view follows a long source→sink data-flow (an injection can be ~200 lines from its | |
| sink) the small model misses. Refutation on **Qwen2.5-Coder-32B** over a **bounded, line-numbered | |
| window** around each candidate: it must *credit* real sanitization (prepared statements, allow-lists, | |
| casts) to drop false positives — a 7B refuter can't and confirms almost everything — while not being | |
| fooled by `file_exists`/`isset` guards (which don't stop an LFI). Both stages off-GPU, so a whole-repo | |
| scan has no length limit. | |
| Paste any snippet, pick the language, audit. All example code is fictional and **intentionally | |
| vulnerable** — it's the test set. This is a **defensive / educational** demo, not a production scanner. | |
| ## About | |
| Built by **[Ferr0](https://huggingface.co/Ferr0)** — infra-minded AI: local LLM inference, | |
| structured generation & tool-calling, offline RAG, defensive AI security. | |
| More at **[pixelium.win](https://pixelium.win)** · **[GitHub](https://github.com/ferr079)**. | |
| License: MIT. | |