Spaces:

nvhuynh16
/

gemma-code-generator

Build error

App Files Files Community

nvhuynh16 commited on Nov 16, 2025

Commit

26a4c95

verified ·

1 Parent(s): 9784a84

Update app.py

Browse files

Files changed (1) hide show

app.py +86 -1

app.py CHANGED Viewed

@@ -56,6 +56,70 @@ def log_request(instruction: str, generated_code: str, tokens_generated: int, la
     except Exception as e:
         print(f"Logging failed: {e}")
 def load_model():
     """Lazy load model on first request"""
     global tokenizer, model
@@ -85,12 +149,19 @@ def load_model():
 def generate_code(instruction: str, max_tokens: int = 256, temperature: float = 0.7):
-    """Generate code from instruction with monitoring"""
     start_time = time.time()
     if not instruction.strip():
         return "Please enter an instruction."
     generated_code = ""
     tokens_generated = 0
     error = None
@@ -136,6 +207,9 @@ def generate_code(instruction: str, max_tokens: int = 256, temperature: float =
         else:
             generated_code = generated.strip()
     except Exception as e:
         error = str(e)
         generated_code = f"Error: {error}\n\nPlease try again."
@@ -172,6 +246,17 @@ with gr.Blocks(theme=gr.themes.Soft(), css=custom_css) as demo:
         **Performance**: 76% syntax correctness | **BLEU Score: 16.83** (+53% improvement over baseline 11.00)
         **Note**: First request may take 1-2 minutes as the model loads on HuggingFace servers. Subsequent requests are instant!
         """
     )

     except Exception as e:
         print(f"Logging failed: {e}")
+# Safety filters - Layer 1: Input Validation
+DANGEROUS_KEYWORDS = [
+    "delete all files", "rm -rf", "shutil.rmtree",
+    "sql injection", "drop table", "truncate table",
+    "keylogger", "backdoor", "exploit",
+    "hack into", "steal password", "crack password",
+    "ddos", "denial of service", "fork bomb",
+    "malware", "ransomware", "trojan"
+]
+def validate_input(instruction: str) -> tuple:
+    """
+    Validate input for dangerous keywords.
+    Returns: (is_valid: bool, error_message: str)
+    """
+    instruction_lower = instruction.lower()
+    for keyword in DANGEROUS_KEYWORDS:
+        if keyword in instruction_lower:
+            return False, f"⚠️ Safety Filter: Request blocked. Your instruction contains potentially unsafe content related to '{keyword}'.\n\nPlease rephrase your request to focus on legitimate programming tasks."
+    return True, ""
+# Safety filters - Layer 2: Output Filtering
+DANGEROUS_PATTERNS = [
+    ("os.remove", "file deletion"),
+    ("shutil.rmtree", "directory deletion"),
+    ("os.unlink", "file deletion"),
+    ("DROP TABLE", "database destruction"),
+    ("TRUNCATE TABLE", "database destruction"),
+    ("DELETE FROM", "database deletion"),
+    ("eval(", "arbitrary code execution"),
+    ("exec(", "arbitrary code execution"),
+    ("__import__", "dynamic imports"),
+    ("os.system", "system command execution"),
+    ("subprocess.call", "system command execution"),
+    ("subprocess.run", "system command execution"),
+]
+def filter_dangerous_code(code: str) -> str:
+    """
+    Filter dangerous code patterns from output.
+    Returns: filtered code or safety warning
+    """
+    code_lower = code.lower()
+    for pattern, reason in DANGEROUS_PATTERNS:
+        if pattern.lower() in code_lower:
+            return f"""# ⚠️ SAFETY FILTER ACTIVATED
+#
+# Code generation blocked: Potentially dangerous pattern detected ({reason})
+# Pattern: {pattern}
+#
+# This is a safety feature to prevent generating code that could:
+# - Delete files or data
+# - Execute arbitrary system commands
+# - Compromise system security
+#
+# Please rephrase your request with safer requirements.
+# For educational purposes, consult official documentation or security resources.
+"""
+    return code
 def load_model():
     """Lazy load model on first request"""
     global tokenizer, model
 def generate_code(instruction: str, max_tokens: int = 256, temperature: float = 0.7):
+    """Generate code from instruction with monitoring and safety filters"""
     start_time = time.time()
     if not instruction.strip():
         return "Please enter an instruction."
+    # Layer 1: Input validation
+    is_valid, validation_error = validate_input(instruction)
+    if not is_valid:
+        # Log blocked request
+        log_request(instruction, validation_error, 0, time.time() - start_time, "BLOCKED_BY_SAFETY_FILTER")
+        return validation_error
     generated_code = ""
     tokens_generated = 0
     error = None
         else:
             generated_code = generated.strip()
+        # Layer 2: Output filtering for dangerous patterns
+        generated_code = filter_dangerous_code(generated_code)
     except Exception as e:
         error = str(e)
         generated_code = f"Error: {error}\n\nPlease try again."
         **Performance**: 76% syntax correctness | **BLEU Score: 16.83** (+53% improvement over baseline 11.00)
         **Note**: First request may take 1-2 minutes as the model loads on HuggingFace servers. Subsequent requests are instant!
+        ---
+        ### 🛡️ Safety Features
+        This demo includes production-grade safety filters:
+        - **Input Validation**: Blocks requests with potentially dangerous keywords
+        - **Output Filtering**: Prevents generation of code that could delete files, execute arbitrary commands, or compromise security
+        - **Production Monitoring**: All requests are logged for quality tracking (privacy-respecting, no personal data stored)
+        ⚠️ **AI-Generated Code Disclaimer**: Always review generated code before use. AI models can make mistakes.
         """
     )