Spaces:
Sleeping
Sleeping
Update app.py
Browse files
app.py
CHANGED
@@ -75,51 +75,7 @@ def generate(
|
|
75 |
outputs.append(text)
|
76 |
yield "".join(outputs)
|
77 |
|
78 |
-
|
79 |
-
chat_interface = gr.ChatInterface(
|
80 |
-
fn=generate,
|
81 |
-
chatbot=gr.Chatbot(height="480px"),
|
82 |
-
additional_inputs=[
|
83 |
-
gr.Textbox(label="System prompt", lines=4),
|
84 |
-
gr.Slider(
|
85 |
-
label="Max new tokens",
|
86 |
-
minimum=1,
|
87 |
-
maximum=MAX_MAX_NEW_TOKENS,
|
88 |
-
step=1,
|
89 |
-
value=DEFAULT_MAX_NEW_TOKENS,
|
90 |
-
),
|
91 |
-
gr.Slider(
|
92 |
-
label="Temperature",
|
93 |
-
minimum=0.1,
|
94 |
-
maximum=4.0,
|
95 |
-
step=0.1,
|
96 |
-
value=0.6,
|
97 |
-
),
|
98 |
-
gr.Slider(
|
99 |
-
label="Top-p (nucleus sampling)",
|
100 |
-
minimum=0.05,
|
101 |
-
maximum=1.0,
|
102 |
-
step=0.05,
|
103 |
-
value=0.9,
|
104 |
-
),
|
105 |
-
gr.Slider(
|
106 |
-
label="Top-k",
|
107 |
-
minimum=1,
|
108 |
-
maximum=1000,
|
109 |
-
step=1,
|
110 |
-
value=50,
|
111 |
-
),
|
112 |
-
gr.Slider(
|
113 |
-
label="Repetition penalty",
|
114 |
-
minimum=1.0,
|
115 |
-
maximum=2.0,
|
116 |
-
step=0.05,
|
117 |
-
value=1.2,
|
118 |
-
),
|
119 |
-
],
|
120 |
-
stop_btn=None,
|
121 |
-
examples=[
|
122 |
-
["You are a senior software engineer who is best in the world at fixing vulnerabilities.
|
123 |
Users will give you vulnerable code and you will generate a fix based on the provided INSTRUCTION.
|
124 |
INSTRUCTION:
|
125 |
Detected MD5 hash algorithm which is considered insecure. MD5 is not collision resistant and is therefore not suitable as a cryptographic signature. Use SHA256 or SHA3 instead.
|
@@ -130,8 +86,9 @@ def md5_hash(path):
|
|
130 |
with open(path, "rb") as f:
|
131 |
content = f.read()
|
132 |
return hashlib.md5(content).hexdigest()
|
133 |
-
|
134 |
-
|
|
|
135 |
Carefullly analyze the given old code and new code and generate a summary of the changes.
|
136 |
|
137 |
Old Code:
|
@@ -193,8 +150,9 @@ void processList() {
|
|
193 |
printf("Accessing freed list: %d\n", head->next->data);
|
194 |
}
|
195 |
}
|
196 |
-
|
197 |
-
|
|
|
198 |
Carefully analyze the given code snippet and track the data flows from various sources to sinks.
|
199 |
Assume that any call to an unknown external API is not sanitized.
|
200 |
Respond only with either "YES" or "NO".
|
@@ -216,8 +174,9 @@ def get_data():
|
|
216 |
logger.info("Received request with API Key: %s", api_key)
|
217 |
data = {"message": "Data processed"}
|
218 |
return jsonify(data)
|
219 |
-
|
220 |
-
|
|
|
221 |
Users will give you vulnerable code and you will generate a fix based on the provided INSTRUCTION.
|
222 |
INSTRUCTION:
|
223 |
Detected subprocess function 'run' with user controlled data. A malicious actor could leverage this to perform command injection. You may consider using 'shlex.escape()'.
|
@@ -249,8 +208,55 @@ def run(command, desc=None, errdesc=None, custom_env=None, live: bool = default_
|
|
249 |
error_bits.append(f"stderr: {{result.stderr}}")
|
250 |
raise RuntimeError("\n".join(error_bits))
|
251 |
return (result.stdout or "")
|
252 |
-
|
253 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
254 |
["You are a coding assitant, who is best in the world at debugging. Create a snake game in Python."],
|
255 |
],
|
256 |
)
|
|
|
75 |
outputs.append(text)
|
76 |
yield "".join(outputs)
|
77 |
|
78 |
+
example1='''You are a senior software engineer who is best in the world at fixing vulnerabilities.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
79 |
Users will give you vulnerable code and you will generate a fix based on the provided INSTRUCTION.
|
80 |
INSTRUCTION:
|
81 |
Detected MD5 hash algorithm which is considered insecure. MD5 is not collision resistant and is therefore not suitable as a cryptographic signature. Use SHA256 or SHA3 instead.
|
|
|
86 |
with open(path, "rb") as f:
|
87 |
content = f.read()
|
88 |
return hashlib.md5(content).hexdigest()
|
89 |
+
'''
|
90 |
+
|
91 |
+
example2='''You are a software engineer who is best in the world at summarizing code changes.
|
92 |
Carefullly analyze the given old code and new code and generate a summary of the changes.
|
93 |
|
94 |
Old Code:
|
|
|
150 |
printf("Accessing freed list: %d\n", head->next->data);
|
151 |
}
|
152 |
}
|
153 |
+
'''
|
154 |
+
|
155 |
+
example3='''You are a senior security researcher who is best in the world at detecting vulnerabilities.
|
156 |
Carefully analyze the given code snippet and track the data flows from various sources to sinks.
|
157 |
Assume that any call to an unknown external API is not sanitized.
|
158 |
Respond only with either "YES" or "NO".
|
|
|
174 |
logger.info("Received request with API Key: %s", api_key)
|
175 |
data = {"message": "Data processed"}
|
176 |
return jsonify(data)
|
177 |
+
'''
|
178 |
+
|
179 |
+
example4='''You are a senior software engineer who is best in the world at fixing vulnerabilities.
|
180 |
Users will give you vulnerable code and you will generate a fix based on the provided INSTRUCTION.
|
181 |
INSTRUCTION:
|
182 |
Detected subprocess function 'run' with user controlled data. A malicious actor could leverage this to perform command injection. You may consider using 'shlex.escape()'.
|
|
|
208 |
error_bits.append(f"stderr: {{result.stderr}}")
|
209 |
raise RuntimeError("\n".join(error_bits))
|
210 |
return (result.stdout or "")
|
211 |
+
'''
|
212 |
+
|
213 |
+
chat_interface = gr.ChatInterface(
|
214 |
+
fn=generate,
|
215 |
+
chatbot=gr.Chatbot(height="480px"),
|
216 |
+
additional_inputs=[
|
217 |
+
gr.Textbox(label="System prompt", lines=4),
|
218 |
+
gr.Slider(
|
219 |
+
label="Max new tokens",
|
220 |
+
minimum=1,
|
221 |
+
maximum=MAX_MAX_NEW_TOKENS,
|
222 |
+
step=1,
|
223 |
+
value=DEFAULT_MAX_NEW_TOKENS,
|
224 |
+
),
|
225 |
+
gr.Slider(
|
226 |
+
label="Temperature",
|
227 |
+
minimum=0.1,
|
228 |
+
maximum=4.0,
|
229 |
+
step=0.1,
|
230 |
+
value=0.6,
|
231 |
+
),
|
232 |
+
gr.Slider(
|
233 |
+
label="Top-p (nucleus sampling)",
|
234 |
+
minimum=0.05,
|
235 |
+
maximum=1.0,
|
236 |
+
step=0.05,
|
237 |
+
value=0.9,
|
238 |
+
),
|
239 |
+
gr.Slider(
|
240 |
+
label="Top-k",
|
241 |
+
minimum=1,
|
242 |
+
maximum=1000,
|
243 |
+
step=1,
|
244 |
+
value=50,
|
245 |
+
),
|
246 |
+
gr.Slider(
|
247 |
+
label="Repetition penalty",
|
248 |
+
minimum=1.0,
|
249 |
+
maximum=2.0,
|
250 |
+
step=0.05,
|
251 |
+
value=1.2,
|
252 |
+
),
|
253 |
+
],
|
254 |
+
stop_btn=None,
|
255 |
+
examples=[
|
256 |
+
[example1],
|
257 |
+
[example2],
|
258 |
+
[example3],
|
259 |
+
[example4],
|
260 |
["You are a coding assitant, who is best in the world at debugging. Create a snake game in Python."],
|
261 |
],
|
262 |
)
|