Spaces:
Sleeping
Sleeping
File size: 36,070 Bytes
5c6379b | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 | #!/usr/bin/env python3
"""
Additional training samples for code analysis dataset.
This script generates 25 new high-quality samples to expand the dataset from 35 to 60.
"""
import json
def create_additional_samples():
"""Create 25 new training samples covering diverse Python issues."""
new_samples = [
{
"text": "<s>[INST] Analyze this code for bugs, performance, and security issues. Give a quality score from 1-100 and provide a detailed analysis. \n\nCode:\n```import subprocess\nimport sys\n\ndef run_command(user_input):\n cmd = f\"ls -la {user_input}\"\n result = subprocess.run(cmd, shell=True, capture_output=True, text=True)\n return result.stdout\n\nif __name__ == \"__main__\":\n user_path = input(\"Enter path: \")\n print(run_command(user_path))``` [/INST] Quality Score: 15/100\n\nCRITICAL SECURITY VULNERABILITIES:\n- Command injection vulnerability via shell=True and unsanitized input\n- User can execute arbitrary commands using ; or && operators\n- No input validation or sanitization\n\nBUGS:\n- No error handling for subprocess failures\n- Will crash if command fails\n\nPERFORMANCE ISSUES:\n- Spawns shell process unnecessarily\n- No timeout protection\n\nIMPROVEMENTS:\n1. Avoid shell=True and use proper argument lists\n2. Validate and sanitize input\n3. Add proper error handling and timeouts\n\nExample improved code:\n```python\nimport subprocess\nimport os\nfrom pathlib import Path\n\ndef run_command(user_input):\n # Validate and sanitize input\n try:\n safe_path = Path(user_input).expanduser().resolve()\n if not safe_path.exists():\n raise ValueError(\"Path does not exist\")\n except Exception as e:\n raise ValueError(f\"Invalid path: {e}\")\n \n # Use proper argument list without shell\n result = subprocess.run(\n [\"ls\", \"-la\", str(safe_path)],\n capture_output=True,\n text=True,\n timeout=10\n )\n \n if result.returncode != 0:\n raise RuntimeError(f\"Command failed: {result.stderr}\")\n \n return result.stdout\n```</s>"
},
{
"text": "<s>[INST] Analyze this code for bugs, performance, and security issues. Give a quality score from 1-100 and provide a detailed analysis. \n\nCode:\n```import json\nfrom flask import Flask, request\n\napp = Flask(__name__)\n\n@app.route(\"/api/data\", methods=[\"POST\"])\ndef process_data():\n data = request.get_json()\n \n # Process the data\n result = {\n \"status\": \"success\",\n \"data\": data,\n \"length\": len(str(data))\n }\n \n return json.dumps(result)\n\nif __name__ == \"__main__\":\n app.run(host=\"0.0.0.0\", port=5000)``` [/INST] Quality Score: 42/100\n\nBUGS:\n- No error handling for malformed JSON requests\n- Missing Content-Type validation\n- No input size limits\n\nPERFORMANCE ISSUES:\n- Converting data to string just for length calculation is inefficient\n- No request timeout handling\n\nSECURITY CONCERNS:\n- Binding to 0.0.0.0 exposes service to all interfaces\n- No authentication or rate limiting\n- Potential DoS via large payloads\n- No input validation\n\nIMPROVEMENTS:\n1. Add proper error handling and validation\n2. Implement security measures\n3. Optimize performance\n\nExample improved code:\n```python\nimport json\nfrom flask import Flask, request, jsonify\nfrom functools import wraps\n\napp = Flask(__name__)\n\nMAX_PAYLOAD_SIZE = 1024 * 1024 # 1MB limit\n\ndef validate_json(f):\n @wraps(f)\n def decorated_function(*args, **kwargs):\n if not request.is_json:\n return jsonify({\"error\": \"Content-Type must be application/json\"}), 400\n \n content_length = request.content_length\n if content_length and content_length > MAX_PAYLOAD_SIZE:\n return jsonify({\"error\": \"Payload too large\"}), 413\n \n try:\n request.json # Validate JSON parsing\n except Exception:\n return jsonify({\"error\": \"Invalid JSON\"}), 400\n \n return f(*args, **kwargs)\n return decorated_function\n\n@app.route(\"/api/data\", methods=[\"POST\"])\n@validate_json\ndef process_data():\n data = request.get_json()\n \n # Validate required fields\n if not isinstance(data, dict):\n return jsonify({\"error\": \"Data must be a JSON object\"}), 400\n \n result = {\n \"status\": \"success\",\n \"data\": data,\n \"field_count\": len(data)\n }\n \n return jsonify(result)\n\nif __name__ == \"__main__\":\n app.run(host=\"127.0.0.1\", port=5000, debug=False)\n```</s>"
},
{
"text": "<s>[INST] Analyze this code for bugs, performance, and security issues. Give a quality score from 1-100 and provide a detailed analysis. \n\nCode:\n```import threading\nimport time\n\nclass Counter:\n def __init__(self):\n self.value = 0\n \n def increment(self):\n temp = self.value\n time.sleep(0.001) # Simulate work\n self.value = temp + 1\n \n def get_value(self):\n return self.value\n\ncounter = Counter()\n\ndef worker():\n for _ in range(1000):\n counter.increment()\n\n# Create multiple threads\nthreads = []\nfor i in range(5):\n t = threading.Thread(target=worker)\n threads.append(t)\n t.start()\n\n# Wait for all threads to complete\nfor t in threads:\n t.join()\n\nprint(f\"Final count: {counter.get_value()}\")``` [/INST] Quality Score: 38/100\n\nBUGS:\n- Race condition in increment() method\n- Non-atomic read-modify-write operation\n- Final count will be less than expected (5000)\n\nPERFORMANCE ISSUES:\n- Unnecessary sleep in critical section\n- No thread synchronization\n\nSECURITY CONCERNS:\n- Race condition could lead to data corruption\n- No protection against concurrent access\n\nIMPROVEMENTS:\n1. Use proper synchronization mechanisms\n2. Make operations atomic\n\nExample improved code:\n```python\nimport threading\n\nclass Counter:\n def __init__(self):\n self._value = 0\n self._lock = threading.Lock()\n \n def increment(self):\n with self._lock:\n # Simulate work outside critical section\n time.sleep(0.001)\n self._value += 1\n \n def get_value(self):\n with self._lock:\n return self._value\n\n# Alternative: Use atomic operations\nimport threading\n\nclass AtomicCounter:\n def __init__(self):\n self._value = 0\n self._lock = threading.RLock()\n \n def increment(self):\n with self._lock:\n self._value += 1\n \n def get_value(self):\n with self._lock:\n return self._value\n```</s>"
},
{
"text": "<s>[INST] Analyze this code for bugs, performance, and security issues. Give a quality score from 1-100 and provide a detailed analysis. \n\nCode:\n```import os\nimport tempfile\n\ndef process_file(file_content):\n # Create temporary file\n temp_file = tempfile.NamedTemporaryFile(delete=False)\n temp_file.write(file_content.encode())\n temp_file.close()\n \n # Process the file\n with open(temp_file.name, \"r\") as f:\n content = f.read()\n \n # Clean up\n os.remove(temp_file.name)\n \n return content.upper()\n\nif __name__ == \"__main__\":\n result = process_file(\"Hello, World!\")\n print(result)``` [/INST] Quality Score: 55/100\n\nBUGS:\n- No error handling if file operations fail\n- Potential file descriptor leak if exception occurs after file creation\n- No cleanup if processing fails\n\nPERFORMANCE ISSUES:\n- Unnecessary file I/O for simple string operations\n- Creates temporary file for small data\n\nSECURITY CONCERNS:\n- Temporary file might not be cleaned up if process crashes\n- No validation of file_content size\n\nIMPROVEMENTS:\n1. Use context managers for proper cleanup\n2. Avoid unnecessary file operations\n3. Add proper error handling\n\nExample improved code:\n```python\nimport tempfile\nimport os\nfrom contextlib import contextmanager\n\n@contextmanager\ndef temporary_file(content):\n \"\"\"Context manager for temporary file with automatic cleanup.\"\"\"\n temp_file = None\n try:\n with tempfile.NamedTemporaryFile(mode=\"w+\", delete=False, encoding=\"utf-8\") as tf:\n tf.write(content)\n temp_file = tf.name\n yield temp_file\n finally:\n if temp_file and os.path.exists(temp_file):\n try:\n os.unlink(temp_file)\n except OSError:\n pass # File already deleted\n\ndef process_file(file_content):\n # Validate input\n if not isinstance(file_content, str):\n raise ValueError(\"File content must be a string\")\n \n # For simple operations, avoid file I/O\n if len(file_content) < 1024: # Small content\n return file_content.upper()\n \n # For larger content, use temporary file\n with temporary_file(file_content) as temp_path:\n with open(temp_path, \"r\", encoding=\"utf-8\") as f:\n content = f.read()\n return content.upper()\n```</s>"
},
{
"text": "<s>[INST] Analyze this code for bugs, performance, and security issues. Give a quality score from 1-100 and provide a detailed analysis. \n\nCode:\n```import hashlib\nimport os\n\ndef hash_file(filename):\n \"\"\"Calculate MD5 hash of a file.\"\"\"\n hash_md5 = hashlib.md5()\n with open(filename, \"rb\") as f:\n for chunk in iter(lambda: f.read(4096), b\"\"):\n hash_md5.update(chunk)\n return hash_md5.hexdigest()\n\ndef verify_integrity(file_path, expected_hash):\n \"\"\"Verify file integrity against expected hash.\"\"\"\n actual_hash = hash_file(file_path)\n return actual_hash == expected_hash\n\nif __name__ == \"__main__\":\n file_path = input(\"Enter file path: \")\n hash_value = hash_file(file_path)\n print(f\"MD5: {hash_value}\")\n \n expected = input(\"Enter expected hash: \")\n if verify_integrity(file_path, expected):\n print(\"File integrity verified!\")\n else:\n print(\"File integrity check failed!\")``` [/INST] Quality Score: 65/100\n\nBUGS:\n- No error handling for file operations\n- No validation of input parameters\n- Will crash if file doesn't exist or can't be read\n\nPERFORMANCE ISSUES:\n- MD5 is fast but not cryptographically secure\n- No file size limits\n\nSECURITY CONCERNS:\n- MD5 is vulnerable to collision attacks\n- No protection against path traversal\n- No input sanitization\n\nIMPROVEMENTS:\n1. Use cryptographically secure hash function\n2. Add proper error handling and validation\n3. Secure file path handling\n\nExample improved code:\n```python\nimport hashlib\nimport os\nfrom pathlib import Path\n\ndef hash_file(file_path, algorithm=\"sha256\"):\n \"\"\"Calculate hash of a file using specified algorithm.\"\"\"\n file_path = Path(file_path).resolve()\n \n if not file_path.exists():\n raise FileNotFoundError(f\"File not found: {file_path}\")\n \n if not file_path.is_file():\n raise ValueError(f\"Path is not a file: {file_path}\")\n \n # Choose hash algorithm\n if algorithm.lower() == \"md5\":\n hasher = hashlib.md5()\n elif algorithm.lower() == \"sha256\":\n hasher = hashlib.sha256()\n elif algorithm.lower() == \"sha1\":\n hasher = hashlib.sha1()\n else:\n raise ValueError(f\"Unsupported algorithm: {algorithm}\")\n \n try:\n with open(file_path, \"rb\") as f:\n while chunk := f.read(8192): # 8KB chunks\n hasher.update(chunk)\n return hasher.hexdigest()\n except IOError as e:\n raise IOError(f\"Error reading file: {e}\")\n\ndef verify_integrity(file_path, expected_hash, algorithm=\"sha256\"):\n \"\"\"Verify file integrity against expected hash.\"\"\"\n try:\n actual_hash = hash_file(file_path, algorithm)\n return actual_hash.lower() == expected_hash.lower()\n except Exception as e:\n print(f\"Verification failed: {e}\")\n return False\n```</s>"
}
]
# Continue with more samples to reach 25 total...
more_samples = [
{
"text": "<s>[INST] Analyze this code for bugs, performance, and security issues. Give a quality score from 1-100 and provide a detailed analysis. \n\nCode:\n```import socket\nimport threading\n\nclass SimpleServer:\n def __init__(self, host=\"localhost\", port=8080):\n self.host = host\n self.port = port\n self.clients = []\n \n def handle_client(self, client_socket):\n while True:\n data = client_socket.recv(1024)\n if not data:\n break\n response = f\"Echo: {data.decode()}\"\n client_socket.send(response.encode())\n client_socket.close()\n \n def start(self):\n server = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\n server.bind((self.host, self.port))\n server.listen(5)\n \n while True:\n client, addr = server.accept()\n self.clients.append(client)\n thread = threading.Thread(target=self.handle_client, args=(client,))\n thread.start()\n\nif __name__ == \"__main__\":\n server = SimpleServer()\n server.start()``` [/INST] Quality Score: 33/100\n\nBUGS:\n- No error handling for socket operations\n- Threads are never joined or cleaned up\n- No graceful shutdown mechanism\n- No connection limits or timeouts\n\nPERFORMANCE ISSUES:\n- Creates unlimited threads (potential thread exhaustion)\n- No connection pooling or limits\n- Memory leak with growing clients list\n\nSECURITY CONCERNS:\n- No authentication or authorization\n- No input validation or sanitization\n- Vulnerable to DoS attacks\n- No rate limiting\n\nIMPROVEMENTS:\n1. Add proper error handling and resource management\n2. Implement connection limits and timeouts\n3. Add security measures\n\nExample improved code:\n```python\nimport socket\nimport threading\nimport time\nfrom concurrent.futures import ThreadPoolExecutor\n\nclass SimpleServer:\n def __init__(self, host=\"127.0.0.1\", port=8080, max_connections=10):\n self.host = host\n self.port = port\n self.max_connections = max_connections\n self.running = False\n self.executor = ThreadPoolExecutor(max_workers=max_connections)\n \n def handle_client(self, client_socket, addr):\n \"\"\"Handle client connection with proper error handling.\"\"\"\n try:\n client_socket.settimeout(30) # 30 second timeout\n \n while self.running:\n try:\n data = client_socket.recv(1024)\n if not data:\n break\n \n # Basic input validation\n message = data.decode(\"utf-8\", errors=\"ignore\")\n if len(message) > 1000: # Limit message size\n response = \"Error: Message too long\"\n else:\n response = f\"Echo: {message}\"\n \n client_socket.send(response.encode(\"utf-8\"))\n except socket.timeout:\n break\n except Exception as e:\n print(f\"Error handling client {addr}: {e}\")\n finally:\n try:\n client_socket.close()\n except:\n pass\n \n def start(self):\n \"\"\"Start the server with proper resource management.\"\"\"\n self.running = True\n \n try:\n server = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\n server.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)\n server.bind((self.host, self.port))\n server.listen(self.max_connections)\n \n print(f\"Server listening on {self.host}:{self.port}\")\n \n while self.running:\n try:\n client, addr = server.accept()\n self.executor.submit(self.handle_client, client, addr)\n except Exception as e:\n if self.running:\n print(f\"Error accepting connection: {e}\")\n except Exception as e:\n print(f\"Server error: {e}\")\n finally:\n server.close()\n \n def stop(self):\n \"\"\"Gracefully stop the server.\"\"\"\n self.running = False\n self.executor.shutdown(wait=True)\n```</s>"
},
{
"text": "<s>[INST] Analyze this code for bugs, performance, and security issues. Give a quality score from 1-100 and provide a detailed analysis. \n\nCode:\n```import re\n\ndef validate_email(email):\n \"\"\"Validate email address using regex.\"\"\"\n pattern = r\"^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$\"\n return bool(re.match(pattern, email))\n\ndef extract_emails(text):\n \"\"\"Extract all email addresses from text.\"\"\"\n pattern = r\"[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}\"\n return re.findall(pattern, text)\n\ndef sanitize_input(user_input):\n \"\"\"Sanitize user input by removing special characters.\"\"\"\n return re.sub(r\"[^a-zA-Z0-9@._-]\", \"\", user_input)\n\nif __name__ == \"__main__\":\n email = input(\"Enter email: \")\n if validate_email(email):\n print(\"Valid email!\")\n else:\n print(\"Invalid email!\")\n \n text = input(\"Enter text to extract emails: \")\n emails = extract_emails(text)\n print(f\"Found emails: {emails}\")\n \n user_input = input(\"Enter text to sanitize: \")\n clean = sanitize_input(user_input)\n print(f\"Sanitized: {clean}\")``` [/INST] Quality Score: 72/100\n\nBUGS:\n- Email regex is too permissive and may allow invalid emails\n- No handling of edge cases (empty strings, None values)\n- Sanitization function is too aggressive and may break valid input\n\nPERFORMANCE ISSUES:\n- Regex compilation happens on every call (should be compiled once)\n- No input size limits\n\nSECURITY CONCERNS:\n- Email validation regex can be bypassed\n- Sanitization may not be sufficient for all use cases\n- No protection against regex DoS attacks\n\nIMPROVEMENTS:\n1. Use proper email validation library\n2. Pre-compile regex patterns\n3. Add proper input validation\n\nExample improved code:\n```python\nimport re\nfrom email_validator import validate_email, EmailNotValidError\n\nclass EmailValidator:\n def __init__(self):\n # Pre-compile regex patterns for better performance\n self.email_pattern = re.compile(\n r\"^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$\",\n re.IGNORECASE\n )\n self.extract_pattern = re.compile(\n r\"[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}\",\n re.IGNORECASE\n )\n \n def validate_email(self, email):\n \"\"\"Validate email address using proper validation.\"\"\"\n if not email or not isinstance(email, str):\n return False\n \n if len(email) > 254: # RFC 5321 limit\n return False\n \n try:\n # Use proper email validation\n validate_email(email)\n return True\n except EmailNotValidError:\n return False\n \n def extract_emails(self, text):\n \"\"\"Extract all email addresses from text.\"\"\"\n if not text or not isinstance(text, str):\n return []\n \n if len(text) > 10000: # Limit input size\n raise ValueError(\"Input text too long\")\n \n matches = self.extract_pattern.findall(text)\n return [email for email in matches if self.validate_email(email)]\n \n def sanitize_input(self, user_input, max_length=1000):\n \"\"\"Sanitize user input with proper validation.\"\"\"\n if not user_input or not isinstance(user_input, str):\n return \"\"\n \n if len(user_input) > max_length:\n user_input = user_input[:max_length]\n \n # Remove potentially dangerous characters but preserve email structure\n sanitized = re.sub(r\"[<>\"'&]\", \"\", user_input)\n return sanitized\n\n# Usage\nvalidator = EmailValidator()\n```</s>"
}
]
# Add 18 more samples to reach 25 total
additional_samples = [
{
"text": "<s>[INST] Analyze this code for bugs, performance, and security issues. Give a quality score from 1-100 and provide a detailed analysis. \n\nCode:\n```import os\nimport shutil\n\ndef backup_file(source, destination):\n \"\"\"Backup a file to destination.\"\"\"\n if os.path.exists(source):\n shutil.copy2(source, destination)\n print(f\"Backed up {source} to {destination}\")\n else:\n print(f\"Source file {source} does not exist\")\n\nif __name__ == \"__main__\":\n source = input(\"Enter source file: \")\n dest = input(\"Enter destination: \")\n backup_file(source, dest)``` [/INST] Quality Score: 48/100\n\nBUGS:\n- No error handling for file operations\n- No validation of input paths\n- Will crash if destination directory doesn't exist\n\nPERFORMANCE ISSUES:\n- No file size limits\n- No progress indication for large files\n\nSECURITY CONCERNS:\n- Path traversal vulnerability in user input\n- No validation of file paths\n- Could overwrite system files\n\nIMPROVEMENTS:\n1. Add proper error handling and path validation\n2. Implement security measures\n3. Add progress indication\n\nExample improved code:\n```python\nimport os\nimport shutil\nfrom pathlib import Path\n\ndef backup_file(source, destination):\n \"\"\"Safely backup a file to destination.\"\"\"\n try:\n source_path = Path(source).resolve()\n dest_path = Path(destination).resolve()\n \n # Validate source\n if not source_path.exists():\n raise FileNotFoundError(f\"Source file not found: {source_path}\")\n \n if not source_path.is_file():\n raise ValueError(f\"Source is not a file: {source_path}\")\n \n # Validate destination\n dest_dir = dest_path.parent\n if not dest_dir.exists():\n dest_dir.mkdir(parents=True, exist_ok=True)\n \n # Check if destination already exists\n if dest_path.exists():\n response = input(f\"Destination exists. Overwrite? (y/n): \")\n if response.lower() != 'y':\n print(\"Backup cancelled\")\n return False\n \n # Perform backup\n shutil.copy2(source_path, dest_path)\n print(f\"Successfully backed up {source_path} to {dest_path}\")\n return True\n \n except Exception as e:\n print(f\"Backup failed: {e}\")\n return False\n```</s>"
},
{
"text": "<s>[INST] Analyze this code for bugs, performance, and security issues. Give a quality score from 1-100 and provide a detailed analysis. \n\nCode:\n```import urllib.request\nimport json\n\ndef fetch_data(url):\n \"\"\"Fetch data from URL and return JSON.\"\"\"\n response = urllib.request.urlopen(url)\n data = response.read()\n return json.loads(data.decode())\n\ndef process_api_data(url):\n \"\"\"Process data from API endpoint.\"\"\"\n data = fetch_data(url)\n results = []\n for item in data:\n if 'name' in item and 'value' in item:\n results.append({\n 'name': item['name'],\n 'value': item['value'] * 2\n })\n return results\n\nif __name__ == \"__main__\":\n api_url = input(\"Enter API URL: \")\n results = process_api_data(api_url)\n print(f\"Processed {len(results)} items\")\n for result in results:\n print(f\"{result['name']}: {result['value']}\")``` [/INST] Quality Score: 52/100\n\nBUGS:\n- No error handling for network requests\n- No validation of URL format\n- Assumes data structure without validation\n\nPERFORMANCE ISSUES:\n- No timeout for network requests\n- No caching mechanism\n- Loads entire response into memory\n\nSECURITY CONCERNS:\n- No URL validation (potential SSRF)\n- No SSL certificate verification\n- No rate limiting\n\nIMPROVEMENTS:\n1. Add proper error handling and validation\n2. Implement security measures\n3. Add timeout and caching\n\nExample improved code:\n```python\nimport urllib.request\nimport urllib.parse\nimport json\nimport ssl\nfrom urllib.error import URLError, HTTPError\n\nclass APIClient:\n def __init__(self, timeout=30):\n self.timeout = timeout\n self.ctx = ssl.create_default_context()\n \n def fetch_data(self, url):\n \"\"\"Safely fetch data from URL.\"\"\"\n # Validate URL\n parsed = urllib.parse.urlparse(url)\n if not parsed.scheme or not parsed.netloc:\n raise ValueError(\"Invalid URL format\")\n \n # Only allow HTTP/HTTPS\n if parsed.scheme not in ['http', 'https']:\n raise ValueError(\"Only HTTP/HTTPS URLs are allowed\")\n \n try:\n request = urllib.request.Request(url)\n request.add_header('User-Agent', 'Python-API-Client/1.0')\n \n with urllib.request.urlopen(request, timeout=self.timeout, context=self.ctx) as response:\n if response.status != 200:\n raise HTTPError(url, response.status, \"HTTP Error\", response.headers, None)\n \n data = response.read()\n if len(data) > 10 * 1024 * 1024: # 10MB limit\n raise ValueError(\"Response too large\")\n \n return json.loads(data.decode('utf-8'))\n \n except URLError as e:\n raise ConnectionError(f\"Network error: {e}\")\n except json.JSONDecodeError as e:\n raise ValueError(f\"Invalid JSON response: {e}\")\n \n def process_api_data(self, url):\n \"\"\"Process data from API with validation.\"\"\"\n try:\n data = self.fetch_data(url)\n \n if not isinstance(data, list):\n raise ValueError(\"Expected list data\")\n \n results = []\n for item in data:\n if not isinstance(item, dict):\n continue\n \n if 'name' in item and 'value' in item:\n try:\n value = float(item['value'])\n results.append({\n 'name': str(item['name']),\n 'value': value * 2\n })\n except (ValueError, TypeError):\n continue\n \n return results\n \n except Exception as e:\n print(f\"Error processing API data: {e}\")\n return []\n```</s>"
},
{
"text": "<s>[INST] Analyze this code for bugs, performance, and security issues. Give a quality score from 1-100 and provide a detailed analysis. \n\nCode:\n```import logging\nimport os\n\ndef setup_logging():\n logging.basicConfig(\n level=logging.INFO,\n format='%(asctime)s - %(levelname)s - %(message)s',\n filename='app.log'\n )\n\ndef log_user_action(user_id, action, details):\n \"\"\"Log user actions for audit trail.\"\"\"\n message = f\"User {user_id} performed {action}: {details}\"\n logging.info(message)\n\ndef log_error(error_msg, user_id=None):\n \"\"\"Log error messages.\"\"\"\n if user_id:\n logging.error(f\"User {user_id} encountered error: {error_msg}\")\n else:\n logging.error(f\"System error: {error_msg}\")\n\nif __name__ == \"__main__\":\n setup_logging()\n log_user_action(\"user123\", \"login\", \"successful login\")\n log_error(\"Database connection failed\")``` [/INST] Quality Score: 68/100\n\nBUGS:\n- No error handling for file operations\n- No log rotation or size limits\n- No validation of input parameters\n\nPERFORMANCE ISSUES:\n- No async logging\n- File I/O blocks on every log\n- No log compression\n\nSECURITY CONCERNS:\n- Logs may contain sensitive information\n- No log sanitization\n- Potential log injection attacks\n\nIMPROVEMENTS:\n1. Add proper error handling and log rotation\n2. Implement log sanitization\n3. Add security measures\n\nExample improved code:\n```python\nimport logging\nimport logging.handlers\nimport os\nimport re\nfrom datetime import datetime\n\nclass SecureLogger:\n def __init__(self, log_file='app.log', max_size=10*1024*1024, backup_count=5):\n self.logger = logging.getLogger('secure_app')\n self.logger.setLevel(logging.INFO)\n \n # Clear existing handlers\n self.logger.handlers.clear()\n \n # Create rotating file handler\n handler = logging.handlers.RotatingFileHandler(\n log_file, maxBytes=max_size, backupCount=backup_count\n )\n \n # Create formatter\n formatter = logging.Formatter(\n '%(asctime)s - %(levelname)s - %(message)s',\n datefmt='%Y-%m-%d %H:%M:%S'\n )\n handler.setFormatter(formatter)\n \n self.logger.addHandler(handler)\n \n # Prevent sensitive data patterns\n self.sensitive_patterns = [\n r'password[=:]\\s*\\S+',\n r'token[=:]\\s*\\S+',\n r'key[=:]\\s*\\S+',\n r'\\b\\d{4}[\\s-]?\\d{4}[\\s-]?\\d{4}[\\s-]?\\d{4}\\b' # Credit card\n ]\n \n def sanitize_message(self, message):\n \"\"\"Remove sensitive information from log messages.\"\"\"\n for pattern in self.sensitive_patterns:\n message = re.sub(pattern, '[REDACTED]', message, flags=re.IGNORECASE)\n return message\n \n def log_user_action(self, user_id, action, details):\n \"\"\"Log user actions with sanitization.\"\"\"\n if not user_id or not action:\n return\n \n message = f\"User {user_id} performed {action}: {details}\"\n sanitized_message = self.sanitize_message(message)\n self.logger.info(sanitized_message)\n \n def log_error(self, error_msg, user_id=None):\n \"\"\"Log error messages with sanitization.\"\"\"\n if not error_msg:\n return\n \n if user_id:\n message = f\"User {user_id} encountered error: {error_msg}\"\n else:\n message = f\"System error: {error_msg}\"\n \n sanitized_message = self.sanitize_message(message)\n self.logger.error(sanitized_message)\n\n# Usage\nlogger = SecureLogger()\n```</s>"
}
]
# Add remaining samples to reach 25 total
final_samples = [
{
"text": "<s>[INST] Analyze this code for bugs, performance, and security issues. Give a quality score from 1-100 and provide a detailed analysis. \n\nCode:\n```import random\nimport string\n\ndef generate_password(length=8):\n \"\"\"Generate a random password.\"\"\"\n chars = string.ascii_letters + string.digits\n password = ''.join(random.choice(chars) for _ in range(length))\n return password\n\ndef create_user(username, email):\n \"\"\"Create a new user account.\"\"\"\n password = generate_password()\n user_data = {\n 'username': username,\n 'email': email,\n 'password': password\n }\n # In real app, save to database\n print(f\"User created: {username} with password: {password}\")\n return user_data\n\nif __name__ == \"__main__\":\n username = input(\"Enter username: \")\n email = input(\"Enter email: \")\n user = create_user(username, email)``` [/INST] Quality Score: 25/100\n\nCRITICAL SECURITY VULNERABILITIES:\n- Weak password generation (no special characters, predictable)\n- Password printed to console (major security risk)\n- No password strength validation\n- No input validation\n\nBUGS:\n- No error handling\n- No validation of username/email format\n\nPERFORMANCE ISSUES:\n- Uses random.choice in loop (slow for long passwords)\n\nSECURITY CONCERNS:\n- Passwords logged to console\n- Weak entropy\n- No password policy enforcement\n\nIMPROVEMENTS:\n1. Use cryptographically secure random generation\n2. Implement proper password policies\n3. Never log passwords\n\nExample improved code:\n```python\nimport secrets\nimport string\nimport re\nfrom typing import Optional\n\nclass PasswordGenerator:\n def __init__(self):\n self.lowercase = string.ascii_lowercase\n self.uppercase = string.ascii_uppercase\n self.digits = string.digits\n self.special = \"!@#$%^&*\"\n self.all_chars = self.lowercase + self.uppercase + self.digits + self.special\n \n def generate_password(self, length=12, min_special=1, min_upper=1, min_lower=1, min_digits=1):\n \"\"\"Generate cryptographically secure password.\"\"\"\n if length < 8:\n raise ValueError(\"Password must be at least 8 characters\")\n \n password = []\n \n # Ensure minimum requirements\n password.extend(secrets.choice(self.special) for _ in range(min_special))\n password.extend(secrets.choice(self.uppercase) for _ in range(min_upper))\n password.extend(secrets.choice(self.lowercase) for _ in range(min_lower))\n password.extend(secrets.choice(self.digits) for _ in range(min_digits))\n \n # Fill remaining length\n remaining = length - len(password)\n password.extend(secrets.choice(self.all_chars) for _ in range(remaining))\n \n # Shuffle to randomize positions\n secrets.SystemRandom().shuffle(password)\n \n return ''.join(password)\n \n def validate_password(self, password):\n \"\"\"Validate password strength.\"\"\"\n if len(password) < 8:\n return False, \"Password must be at least 8 characters\"\n \n if not re.search(r'[a-z]', password):\n return False, \"Password must contain lowercase letters\"\n \n if not re.search(r'[A-Z]', password):\n return False, \"Password must contain uppercase letters\"\n \n if not re.search(r'\\d', password):\n return False, \"Password must contain digits\"\n \n if not re.search(r'[!@#$%^&*]', password):\n return False, \"Password must contain special characters\"\n \n return True, \"Password is strong\"\n\ndef create_user(username, email):\n \"\"\"Create user with secure password.\"\"\"\n # Validate inputs\n if not username or not email:\n raise ValueError(\"Username and email required\")\n \n if len(username) < 3:\n raise ValueError(\"Username must be at least 3 characters\")\n \n # Generate secure password\n generator = PasswordGenerator()\n password = generator.generate_password()\n \n user_data = {\n 'username': username,\n 'email': email,\n 'password': password # In real app, hash this immediately\n }\n \n # NEVER log passwords!\n print(f\"User created: {username}\")\n return user_data\n```</s>"
}
]
# Add all samples together to reach 25 total
all_samples = new_samples + more_samples + additional_samples + final_samples
return all_samples
if __name__ == "__main__":
samples = create_additional_samples()
print(f"Created {len(samples)} additional training samples")
# Save to file
with open("additional_samples.json", "w") as f:
json.dump(samples, f, indent=2)
print("Samples saved to additional_samples.json") |