patched-chat

Running on Zero

App Files Files Community

codelion commited on Apr 16

Commit

ee9dd45

•

1 Parent(s): 493d2a9

Update app.py

Browse files

Files changed (1) hide show

app.py +133 -5

app.py CHANGED Viewed

@@ -119,11 +119,139 @@ chat_interface = gr.ChatInterface(
     ],
     stop_btn=None,
     examples=[
-        ["Hello there! How are you doing?"],
-        ["Can you explain briefly to me what is the Python programming language?"],
-        ["Explain the plot of Cinderella in a sentence."],
-        ["How many hours does it take a man to eat a Helicopter?"],
-        ["Write a 100-word article on 'Benefits of Open-Source in AI research'"],
     ],
 )

     ],
     stop_btn=None,
     examples=[
+        ["You are a senior software engineer who is best in the world at fixing vulnerabilities.
+Users will give you vulnerable code and you will generate a fix based on the provided INSTRUCTION.
+INSTRUCTION:
+Detected MD5 hash algorithm which is considered insecure. MD5 is not collision resistant and is therefore not suitable as a cryptographic signature. Use SHA256 or SHA3 instead.
+Fix vulnerablity CWE-327: Use of a Broken or Risky Cryptographic Algorithm at
+return hashlib.md5(content).hexdigest()
+def md5_hash(path):
+     with open(path, "rb") as f:
+         content = f.read()
+     return hashlib.md5(content).hexdigest()
+"],
+        ["You are a software engineer who is best in the world at summarizing code changes.
+Carefullly analyze the given old code and new code and generate a summary of the changes.
+Old Code:
+#include <stdio.h>
+#include <stdlib.h>
+typedef struct Node {
+    int data;
+    struct Node *next;
+} Node;
+void processList() {
+    Node *head = (Node*)malloc(sizeof(Node));
+    head->data = 1;
+    head->next = (Node*)malloc(sizeof(Node));
+    head->next->data = 2;
+    printf("First element: %d\n", head->data);
+    free(head->next);
+    free(head);
+    printf("Accessing freed list: %d\n", head->next->data);
+}
+New Code:
+#include <stdio.h>
+#include <stdlib.h>
+typedef struct Node {
+    int data;
+    struct Node *next;
+} Node;
+void processList() {
+    Node *head = (Node*)malloc(sizeof(Node));
+    if (head == NULL) {
+        perror("Failed to allocate memory for head");
+        return;
+    }
+    head->data = 1;
+    head->next = (Node*)malloc(sizeof(Node));
+    if (head->next == NULL) {
+        free(head);
+        perror("Failed to allocate memory for next node");
+        return;
+    }
+    head->next->data = 2;
+    printf("First element: %d\n", head->data);
+    free(head->next);
+    head->next = NULL;
+    free(head);
+    head = NULL;
+    if (head != NULL && head->next != NULL) {
+        printf("Accessing freed list: %d\n", head->next->data);
+    }
+}
+"],
+        ["You are a senior security researcher who is best in the world at detecting vulnerabilities.
+Carefully analyze the given code snippet and track the data flows from various sources to sinks.
+Assume that any call to an unknown external API is not sanitized.
+Respond only with either "YES" or "NO".
+Is the following code prone to CWE-117: Improper Output Neutralization for Logs
+at logger.info("Received request with API Key: %s", api_key)
+with source logging.getLogger(__name__)
+and sink logger.info("Received request with API Key: %s", api_key)
+from flask import Flask, request, jsonify
+import logging
+app = Flask(__name__)
+logging.basicConfig(level=logging.INFO)
+logger = logging.getLogger(__name__)
+@app.route('/api/data', methods=['GET'])
+def get_data():
+    api_key = request.args.get('api_key')
+    logger.info("Received request with API Key: %s", api_key)
+    data = {"message": "Data processed"}
+    return jsonify(data)
+"],
+        ["You are a senior software engineer who is best in the world at fixing vulnerabilities.
+Users will give you vulnerable code and you will generate a fix based on the provided INSTRUCTION.
+INSTRUCTION:
+Detected subprocess function 'run' with user controlled data. A malicious actor could leverage this to perform command injection. You may consider using 'shlex.escape()'.
+Fix vulnerability CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') at
+result = subprocess.run(**run_kwargs)
+def run(command, desc=None, errdesc=None, custom_env=None, live: bool = default_command_live) -> str:
+    if desc is not None:
+        print(desc)
+    run_kwargs = {{
+        "args": command,
+        "shell": True,
+        "env": os.environ if custom_env is None else custom_env,
+        "encoding": 'utf8',
+        "errors": 'ignore',
+    }}
+    if not live:
+        run_kwargs["stdout"] = run_kwargs["stderr"] = subprocess.PIPE
+    result = subprocess.run(**run_kwargs)  ##here
+    if result.returncode != 0:
+        error_bits = [
+            f"{{errdesc or 'Error running command'}}.",
+            f"Command: {{command}}",
+            f"Error code: {{result.returncode}}",
+        ]
+        if result.stdout:
+            error_bits.append(f"stdout: {{result.stdout}}")
+        if result.stderr:
+            error_bits.append(f"stderr: {{result.stderr}}")
+        raise RuntimeError("\n".join(error_bits))
+    return (result.stdout or "")
+"],
+        ["You are a coding assitant, who is best in the world at debugging. Create a snake game in Python."],
     ],
 )