Spaces:
Running
on
Zero
Running
on
Zero
Update app.py
Browse files
app.py
CHANGED
@@ -84,23 +84,19 @@ def generate(
|
|
84 |
outputs.append(text)
|
85 |
yield "".join(outputs)
|
86 |
|
87 |
-
example1='''
|
88 |
-
|
89 |
-
INSTRUCTION:
|
90 |
-
Detected MD5 hash algorithm which is considered insecure. MD5 is not collision resistant and is therefore not suitable as a cryptographic signature. Use SHA256 or SHA3 instead.
|
91 |
-
Fix vulnerability CWE-327: Use of a Broken or Risky Cryptographic Algorithm at
|
92 |
-
return hashlib.md5(content).hexdigest()
|
93 |
-
|
94 |
def md5_hash(path):
|
95 |
with open(path, "rb") as f:
|
96 |
content = f.read()
|
97 |
return hashlib.md5(content).hexdigest()
|
|
|
98 |
'''
|
99 |
|
100 |
-
example2='''
|
101 |
-
Carefullly analyze the given old code and new code and generate a summary of the changes.
|
102 |
|
103 |
Old Code:
|
|
|
104 |
#include <stdio.h>
|
105 |
#include <stdlib.h>
|
106 |
|
@@ -122,8 +118,10 @@ void processList() {
|
|
122 |
|
123 |
printf("Accessing freed list: %d\n", head->next->data);
|
124 |
}
|
|
|
125 |
|
126 |
New Code:
|
|
|
127 |
#include <stdio.h>
|
128 |
#include <stdlib.h>
|
129 |
|
@@ -159,17 +157,11 @@ void processList() {
|
|
159 |
printf("Accessing freed list: %d\n", head->next->data);
|
160 |
}
|
161 |
}
|
|
|
162 |
'''
|
163 |
|
164 |
-
example3='''
|
165 |
-
|
166 |
-
Assume that any call to an unknown external API is not sanitized.
|
167 |
-
Respond only with either "YES" or "NO".
|
168 |
-
Is the following code prone to CWE-117: Improper Output Neutralization for Logs
|
169 |
-
at logger.info("Received request with API Key: %s", api_key)
|
170 |
-
with source logging.getLogger(__name__)
|
171 |
-
and sink logger.info("Received request with API Key: %s", api_key)
|
172 |
-
|
173 |
from flask import Flask, request, jsonify
|
174 |
import logging
|
175 |
|
@@ -183,15 +175,11 @@ def get_data():
|
|
183 |
logger.info("Received request with API Key: %s", api_key)
|
184 |
data = {"message": "Data processed"}
|
185 |
return jsonify(data)
|
|
|
186 |
'''
|
187 |
|
188 |
-
example4='''
|
189 |
-
|
190 |
-
INSTRUCTION:
|
191 |
-
Detected subprocess function 'run' with user controlled data. A malicious actor could leverage this to perform command injection. You may consider using 'shlex.escape()'.
|
192 |
-
Fix vulnerability CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') at
|
193 |
-
result = subprocess.run(**run_kwargs)
|
194 |
-
|
195 |
def run(command, desc=None, errdesc=None, custom_env=None, live: bool = default_command_live) -> str:
|
196 |
if desc is not None:
|
197 |
print(desc)
|
@@ -217,6 +205,7 @@ def run(command, desc=None, errdesc=None, custom_env=None, live: bool = default_
|
|
217 |
error_bits.append(f"stderr: {{result.stderr}}")
|
218 |
raise RuntimeError("\n".join(error_bits))
|
219 |
return (result.stdout or "")
|
|
|
220 |
'''
|
221 |
|
222 |
chat_interface = gr.ChatInterface(
|
|
|
84 |
outputs.append(text)
|
85 |
yield "".join(outputs)
|
86 |
|
87 |
+
example1='''Fix vulnerability CWE-327: Use of a Broken or Risky Cryptographic Algorithm in the following code snippet.
|
88 |
+
```
|
|
|
|
|
|
|
|
|
|
|
89 |
def md5_hash(path):
|
90 |
with open(path, "rb") as f:
|
91 |
content = f.read()
|
92 |
return hashlib.md5(content).hexdigest()
|
93 |
+
```
|
94 |
'''
|
95 |
|
96 |
+
example2='''Carefullly analyze the given old code and new code and generate a summary of the changes.
|
|
|
97 |
|
98 |
Old Code:
|
99 |
+
```
|
100 |
#include <stdio.h>
|
101 |
#include <stdlib.h>
|
102 |
|
|
|
118 |
|
119 |
printf("Accessing freed list: %d\n", head->next->data);
|
120 |
}
|
121 |
+
```
|
122 |
|
123 |
New Code:
|
124 |
+
```
|
125 |
#include <stdio.h>
|
126 |
#include <stdlib.h>
|
127 |
|
|
|
157 |
printf("Accessing freed list: %d\n", head->next->data);
|
158 |
}
|
159 |
}
|
160 |
+
```
|
161 |
'''
|
162 |
|
163 |
+
example3='''Is the following code prone to CWE-117: Improper Output Neutralization for Logs
|
164 |
+
```
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
165 |
from flask import Flask, request, jsonify
|
166 |
import logging
|
167 |
|
|
|
175 |
logger.info("Received request with API Key: %s", api_key)
|
176 |
data = {"message": "Data processed"}
|
177 |
return jsonify(data)
|
178 |
+
```
|
179 |
'''
|
180 |
|
181 |
+
example4='''Fix vulnerability CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the following code snippet.
|
182 |
+
```
|
|
|
|
|
|
|
|
|
|
|
183 |
def run(command, desc=None, errdesc=None, custom_env=None, live: bool = default_command_live) -> str:
|
184 |
if desc is not None:
|
185 |
print(desc)
|
|
|
205 |
error_bits.append(f"stderr: {{result.stderr}}")
|
206 |
raise RuntimeError("\n".join(error_bits))
|
207 |
return (result.stdout or "")
|
208 |
+
```
|
209 |
'''
|
210 |
|
211 |
chat_interface = gr.ChatInterface(
|