Openenv / README.md
vishaldhakad's picture
intial push
eda351c
|
Raw
History Blame Contribute Delete
6.09 kB
---
title: SecureCodeEnv
emoji: πŸ”
colorFrom: blue
colorTo: red
sdk: docker
pinned: true
license: apache-2.0
---
# πŸ” SecureCodeEnv
**RL environment for training LLM agents to write production-ready, secure Python code.**
Built for the **Meta Γ— HuggingFace OpenEnv Hackathon 2026** by [Vishal Dhakad](https://huggingface.co/vishaldhakad).
---
## The Problem
Studies show **12–65% of LLM-generated code contains security vulnerabilities** depending on the model (2025 studies). Secure-pass@1 rates remain below 12% for all frontier models even when functional pass@1 exceeds 50%.
Every existing RL environment trains agents to write code that **WORKS**. None train agents to write code that is **SAFE, CONSISTENT, and PRODUCTION-READY**.
SecureCodeEnv fills that exact gap.
---
## What Makes This Unique
### 1. Behavioral Adversarial Attack Grading (Unfakeable)
We don't just scan for patterns β€” we **fire real attacks** at the agent's code and monitor side effects:
- **SQL injection** β†’ spy on `sqlite3.Cursor.execute` at C-extension level
- **Path traversal** β†’ hook `builtins.open` via `sys.settrace`
- **Shell injection** β†’ replace `subprocess.run` + `os.system` before agent code loads
- **JWT bypass** β†’ check if alg:none tokens are accepted
V1 checked return values (`if '..' not in result`). An agent could return a clean string while actually opening `../../etc/passwd`. **V2 checks what the code DOES, not what it returns.**
### 2. CodeGraph Memory System (Novel in RL)
The agent receives a structured snapshot of everything it has already written this episode. The grader checks cross-file consistency:
- Naming convention (snake_case vs camelCase) β€” 60% threshold, "mixed" state
- Error handling style (try/except vs returns)
- Import reuse (reuse existing modules, don't rewrite)
**No other RL environment penalises style drift across files.**
### 3. 9 CWE-Grounded Tasks
| # | Task | Difficulty | CWE | Primary Attack |
|---|------|-----------|-----|----------------|
| 1 | `password_validator` | Easy | CWE-916 | Weak hash acceptance |
| 2 | `input_sanitizer` | Easy | CWE-20 | XSS payload pass-through |
| 3 | `hash_generator` | Easy | CWE-327 | Shell invocation for hashing |
| 4 | `sql_query_builder` | Medium | CWE-89 | SQL injection via cursor spy |
| 5 | `file_path_handler` | Medium | CWE-22 | Path traversal via open() spy |
| 6 | `api_rate_limiter` | Medium | CWE-307 | Rate bypass with spoofed client ID |
| 7 | `file_upload_handler` | Hard | CWE-434 | Malicious file extension upload |
| 8 | `jwt_validator` | Hard | CWE-347 | JWT alg:none bypass |
| 9 | `auth_middleware` | Hard | CWE-287 | Shell-based auth + timing attack |
### 4. 8-Dimensional Reward System
| Grader | Weight | Tool | Type |
|--------|--------|------|------|
| Correctness | 25% | Custom test runner | Functional |
| Attack Resistance | 25% | Behavioral harness V2 | Security β€” unfakeable |
| Static Security | 15% | bandit + semgrep | Security β€” static |
| CodeGraph Consistency | 15% | tree-sitter + CodeGraph | Architectural |
| Performance | 10% | timeit + tracemalloc | Efficiency |
| Documentation | 5% | ast | Quality |
| Code Structure | 3% | ast | Quality |
| Supply Chain | 2% | pip-audit + typosquat | Security |
---
## API
```python
import requests
BASE = "https://vishaldhakad-securecodeenv.hf.space"
# Start episode
episode = requests.post(f"{BASE}/reset", json={"difficulty": "medium"}).json()
sid = episode["session_id"]
# Submit code
result = requests.post(f"{BASE}/step", json={
"session_id": sid,
"task_id": episode["task_id"],
"filename": "solution.py",
"code": your_secure_code,
}).json()
print(result["total_reward"]) # 0.0 – 1.0
print(result["feedback"]) # per-grader feedback
print(result["codegraph"]) # updated codebase context
```
### Endpoints
| Endpoint | Method | Description |
|----------|--------|-------------|
| `/reset` | POST | Start new episode β€” returns task, CodeGraph, session_id |
| `/step` | POST | Submit code β€” returns reward, feedback, updated CodeGraph |
| `/state` | GET | Read current episode state |
| `/health` | GET | Health check |
| `/docs` | GET | Interactive Swagger UI |
---
## Action Space
Python source code string (max 50KB). Filename used for CodeGraph tracking.
## Observation Space
```json
{
"total_reward": 0.84,
"scores": {
"correctness": 1.0,
"attack_resist": 0.875,
"static_security": 0.7,
"consistency": 1.0,
"performance": 0.8,
"documentation": 0.5,
"code_structure": 1.0,
"supply_chain": 1.0
},
"feedback": {
"correctness": "βœ… Excellent (1.00) β€” 8/8 tests passed.",
"attack_resist": "🟑 Good (0.88) β€” 7/8 attacks blocked."
},
"codegraph": { "conventions": {}, "components": {} },
"done": false,
"step_count": 2
}
```
---
## Quick Start
```bash
# Local dev
docker build -t securecodeenv .
docker run -p 7860:7860 -e REDIS_URL=<upstash_url> securecodeenv
# Run baseline inference
API_BASE_URL=https://api.groq.com/openai/v1 \
MODEL_NAME=llama-3.3-70b-versatile \
HF_TOKEN=<your_token> \
ENV_URL=http://localhost:7860 \
python inference.py
# Pre-submission validation
python validate.py
```
## Environment Variables
| Variable | Required | Description |
|----------|----------|-------------|
| `REDIS_URL` | Yes | Upstash Redis URL (`rediss://default:<token>@<host>.upstash.io:6379`) |
| `API_BASE_URL` | For inference | LLM API base URL |
| `MODEL_NAME` | For inference | Model name |
| `HF_TOKEN` | For inference | HuggingFace token |
---
## Infrastructure (100% Free)
| Component | Solution | Cost |
|-----------|----------|------|
| Compute | HuggingFace Spaces CPU (2 vCPU / 16GB) | βœ… $0 |
| Containerisation | Docker | βœ… $0 |
| Session persistence | Upstash Redis free tier | βœ… $0 |
| Static analysis | bandit + semgrep | βœ… $0 |
| Multi-language parsing | tree-sitter | βœ… $0 |
| LLM for inference | Groq free tier | βœ… $0 |
---
*SecureCodeEnv V2 β€” Built by Vishal Dhakad | Meta Γ— HuggingFace OpenEnv Hackathon 2026 | Total infrastructure cost: $0.00*