Spaces:
Runtime error
Runtime error
Upload app.py
Browse files
app.py
ADDED
|
@@ -0,0 +1,58 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
+
import streamlit as st
|
| 2 |
+
|
| 3 |
+
from modules.utils import set_sidebar
|
| 4 |
+
|
| 5 |
+
|
| 6 |
+
def main():
|
| 7 |
+
st.set_page_config(
|
| 8 |
+
page_title="AMLD SQL Injection Demo",
|
| 9 |
+
page_icon="assets/effixis_logo.ico",
|
| 10 |
+
layout="centered",
|
| 11 |
+
)
|
| 12 |
+
set_sidebar()
|
| 13 |
+
st.title("SQL Injections via LLMs")
|
| 14 |
+
st.markdown("### *Welcome to Effixis' demo for AMLD EPFL 2024!* 🎉")
|
| 15 |
+
|
| 16 |
+
st.markdown(
|
| 17 |
+
"""
|
| 18 |
+
#### What is this demo about?
|
| 19 |
+
This demo is about risk associated with the use of LLMs, in this case illustrated by SQL injections.
|
| 20 |
+
SQL injections are a common vulnerability in web applications.
|
| 21 |
+
They allow an attacker to execute arbitrary SQL code on the database server.
|
| 22 |
+
This a very dangerous vulnerability as it can lead to data leaks, data corruption, and even data loss.
|
| 23 |
+
|
| 24 |
+
#### The SQL database used in this demo
|
| 25 |
+
The database used in this demo is the Chinook database.
|
| 26 |
+
It is a sample database that represents a digital media store, including tables for artists, albums, media tracks, invoices, and customers.
|
| 27 |
+
|
| 28 |
+
You can see the schema below:
|
| 29 |
+
"""
|
| 30 |
+
)
|
| 31 |
+
st.image("assets/chinook.png")
|
| 32 |
+
|
| 33 |
+
st.markdown(
|
| 34 |
+
"""
|
| 35 |
+
#### What do LLMs have to do with this?
|
| 36 |
+
A large use case for large language models (LLM) is to generate SQL queries.
|
| 37 |
+
This is a very useful feature, as it allows users to interact with databases without having to know SQL.
|
| 38 |
+
But this is also prone to SQL injections, as the users can maliciously propt the LLM to generate harmful SQL queries.
|
| 39 |
+
"""
|
| 40 |
+
)
|
| 41 |
+
|
| 42 |
+
st.divider()
|
| 43 |
+
st.markdown(
|
| 44 |
+
"""
|
| 45 |
+
#### The Levels
|
| 46 |
+
Try to inject malicious SQL code to alter the SQL table, each level is more difficult than the previous one!
|
| 47 |
+
|
| 48 |
+
- **Level 1**: You generate the SQL queries with the help of the LLM.
|
| 49 |
+
- **Level 2**: The SQL queries are first checked by an LLM Safeguard, which detects and removes malicious SQL queries.
|
| 50 |
+
- **Level 3**: The only difference with Level 2 is that we are using a better LLM model, GPT-4, for the safeguard.
|
| 51 |
+
|
| 52 |
+
Are you happy with your results? Submit the keys on the leaderboard to see how you compare to others!
|
| 53 |
+
"""
|
| 54 |
+
)
|
| 55 |
+
|
| 56 |
+
|
| 57 |
+
if __name__ == "__main__":
|
| 58 |
+
main()
|