Spaces:
Running on Zero
Running on Zero
| """Fictional code snippets β generic, portfolio-safe. Each mixes real vulns with | |
| traps (false positives) so the adversarial verification has something to kill.""" | |
| # Default: one false positive (SQLi neutralized by int()) + one real bug (command | |
| # injection). In OFF the detector flags both; in ON the SQLi gets refuted, the | |
| # command injection confirmed β the contrast, side by side. | |
| MIXED_PY = '''import os | |
| from flask import request | |
| def get_user(db): | |
| uid = int(request.args.get("id")) # validated to int | |
| q = "SELECT * FROM users WHERE id = " + str(uid) # looks like SQLi, but uid is an int | |
| return db.execute(q).fetchall() | |
| def ping(host): | |
| os.system("ping -c 1 " + host) # host is never sanitized | |
| ''' | |
| # Real DOM XSS. | |
| XSS_JS = '''function showTab() { | |
| const name = location.hash.slice(1); | |
| document.getElementById("title").innerHTML = name; // unsanitized -> DOM XSS | |
| } | |
| ''' | |
| # Dead code trap: the vulnerable function is never called. | |
| DEADCODE_PY = '''def _legacy_read(path): # not referenced anywhere | |
| return open("/data/" + path).read() # path traversal β but dead code | |
| def read_config(): | |
| return open("/data/config.yml").read() # fixed path, safe | |
| ''' | |
| # Everything is actually safe β the verifier should refute all candidates. | |
| SAFE_PY = '''import subprocess | |
| from shlex import quote | |
| def backup(name: str): | |
| if not name.isalnum(): | |
| raise ValueError("bad name") | |
| subprocess.run(["tar", "czf", f"{name}.tgz", "data/"], check=True) # no shell, validated | |
| ''' | |
| # [code, language, verify] | |
| EXAMPLES = [ | |
| [MIXED_PY, "python", True], # one FP + one real bug, verified side by side | |
| [MIXED_PY, "python", False], # same input, raw detector β see the noise | |
| [XSS_JS, "javascript", True], | |
| [DEADCODE_PY, "python", True], | |
| [SAFE_PY, "python", True], | |
| ] | |