Spaces:

jaothan
/

Eff_sql_Docker

Runtime error

App Files Files Community

jaothan commited on Jan 9, 2025

Commit

58d838c

verified ·

1 Parent(s): 88fed60

Upload 5 files

Browse files

Files changed (5) hide show

Dockerfile +21 -0
Introduction.py +58 -0
docker-compose.yml +12 -0
requirements.txt +8 -0
setup.cfg +5 -0

Dockerfile ADDED Viewed

	@@ -0,0 +1,21 @@

+FROM python:3.10
+WORKDIR /app
+COPY requirements.txt /
+RUN pip install -r /requirements.txt
+RUN useradd -m -u 1000 user
+USER user
+ENV HOME=/home/user
+ENV PATH=/home/user/.local/bin:$PATH
+WORKDIR $HOME/app
+COPY --chown=user . $HOME/app
+EXPOSE 8050
+CMD ["streamlit", "run", "Introduction.py"]

Introduction.py ADDED Viewed

	@@ -0,0 +1,58 @@

+import streamlit as st
+from modules.utils import set_sidebar
+def main():
+    st.set_page_config(
+        page_title="AMLD SQL Injection Demo",
+        page_icon="assets/effixis_logo.ico",
+        layout="centered",
+    )
+    set_sidebar()
+    st.title("SQL Injections via LLMs")
+    st.markdown("### *Welcome to Effixis' demo for AMLD EPFL 2024!* 🎉")
+    st.markdown(
+        """
+        #### What is this demo about?
+        This demo is about risk associated with the use of LLMs, in this case illustrated by SQL injections.
+        SQL injections are a common vulnerability in web applications.
+        They allow an attacker to execute arbitrary SQL code on the database server.
+        This a very dangerous vulnerability as it can lead to data leaks, data corruption, and even data loss.
+        #### The SQL database used in this demo
+        The database used in this demo is the Chinook database.
+        It is a sample database that represents a digital media store, including tables for artists, albums, media tracks, invoices, and customers.
+        You can see the schema below:
+        """
+    )
+    st.image("assets/chinook.png")
+    st.markdown(
+        """
+        #### What do LLMs have to do with this?
+        A large use case for large language models (LLM) is to generate SQL queries.
+        This is a very useful feature, as it allows users to interact with databases without having to know SQL.
+        But this is also prone to SQL injections, as the users can maliciously propt the LLM to generate harmful SQL queries.
+        """
+    )
+    st.divider()
+    st.markdown(
+        """
+        #### The Levels
+        Try to inject malicious SQL code to alter the SQL table, each level is more difficult than the previous one!
+        - **Level 1**: You generate the SQL queries with the help of the LLM.
+        - **Level 2**: The SQL queries are first checked by an LLM Safeguard, which detects and removes malicious SQL queries.
+        - **Level 3**: The only difference with Level 2 is that we are using a better LLM model, GPT-4, for the safeguard.
+        Are you happy with your results? Submit the keys on the leaderboard to see how you compare to others!
+        """
+    )
+if __name__ == "__main__":
+    main()

docker-compose.yml ADDED Viewed

	@@ -0,0 +1,12 @@

+version: "3.9"
+services:
+  backend:
+    restart: "no"
+    build:
+      context: .
+      dockerfile: Dockerfile
+    ports:
+      - 8050:8050
+    env_file:
+      - .env

requirements.txt ADDED Viewed

	@@ -0,0 +1,8 @@

+langchain==0.1.12
+langchain-community==0.0.28
+langchain-core==0.1.32
+langchain-openai==0.0.8
+openai==1.14.1
+python-dotenv==1.0.1
+SQLAlchemy==2.0.28
+streamlit==1.32.2

setup.cfg ADDED Viewed

	@@ -0,0 +1,5 @@

+# https://black.readthedocs.io/en/stable/the_black_code_style/current_style.html#:~:text=Line%20length,-You%20probably%20noticed&text=Black%20defaults%20to%2088%20characters,used%20by%20the%20standard%20library).
+[flake8]
+max-line-length = 88
+select = C,E,F,W,B,B950
+extend-ignore = E501, E203, W503