Spaces:
Sleeping
Sleeping
Update app.py
Browse files
app.py
CHANGED
@@ -119,11 +119,139 @@ chat_interface = gr.ChatInterface(
|
|
119 |
],
|
120 |
stop_btn=None,
|
121 |
examples=[
|
122 |
-
["
|
123 |
-
|
124 |
-
|
125 |
-
|
126 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
127 |
],
|
128 |
)
|
129 |
|
|
|
119 |
],
|
120 |
stop_btn=None,
|
121 |
examples=[
|
122 |
+
["You are a senior software engineer who is best in the world at fixing vulnerabilities.
|
123 |
+
Users will give you vulnerable code and you will generate a fix based on the provided INSTRUCTION.
|
124 |
+
INSTRUCTION:
|
125 |
+
Detected MD5 hash algorithm which is considered insecure. MD5 is not collision resistant and is therefore not suitable as a cryptographic signature. Use SHA256 or SHA3 instead.
|
126 |
+
Fix vulnerablity CWE-327: Use of a Broken or Risky Cryptographic Algorithm at
|
127 |
+
return hashlib.md5(content).hexdigest()
|
128 |
+
|
129 |
+
def md5_hash(path):
|
130 |
+
with open(path, "rb") as f:
|
131 |
+
content = f.read()
|
132 |
+
return hashlib.md5(content).hexdigest()
|
133 |
+
"],
|
134 |
+
["You are a software engineer who is best in the world at summarizing code changes.
|
135 |
+
Carefullly analyze the given old code and new code and generate a summary of the changes.
|
136 |
+
|
137 |
+
Old Code:
|
138 |
+
#include <stdio.h>
|
139 |
+
#include <stdlib.h>
|
140 |
+
|
141 |
+
typedef struct Node {
|
142 |
+
int data;
|
143 |
+
struct Node *next;
|
144 |
+
} Node;
|
145 |
+
|
146 |
+
void processList() {
|
147 |
+
Node *head = (Node*)malloc(sizeof(Node));
|
148 |
+
head->data = 1;
|
149 |
+
head->next = (Node*)malloc(sizeof(Node));
|
150 |
+
head->next->data = 2;
|
151 |
+
|
152 |
+
printf("First element: %d\n", head->data);
|
153 |
+
|
154 |
+
free(head->next);
|
155 |
+
free(head);
|
156 |
+
|
157 |
+
printf("Accessing freed list: %d\n", head->next->data);
|
158 |
+
}
|
159 |
+
|
160 |
+
New Code:
|
161 |
+
#include <stdio.h>
|
162 |
+
#include <stdlib.h>
|
163 |
+
|
164 |
+
typedef struct Node {
|
165 |
+
int data;
|
166 |
+
struct Node *next;
|
167 |
+
} Node;
|
168 |
+
|
169 |
+
void processList() {
|
170 |
+
Node *head = (Node*)malloc(sizeof(Node));
|
171 |
+
if (head == NULL) {
|
172 |
+
perror("Failed to allocate memory for head");
|
173 |
+
return;
|
174 |
+
}
|
175 |
+
|
176 |
+
head->data = 1;
|
177 |
+
head->next = (Node*)malloc(sizeof(Node));
|
178 |
+
if (head->next == NULL) {
|
179 |
+
free(head);
|
180 |
+
perror("Failed to allocate memory for next node");
|
181 |
+
return;
|
182 |
+
}
|
183 |
+
head->next->data = 2;
|
184 |
+
|
185 |
+
printf("First element: %d\n", head->data);
|
186 |
+
|
187 |
+
free(head->next);
|
188 |
+
head->next = NULL;
|
189 |
+
free(head);
|
190 |
+
head = NULL;
|
191 |
+
|
192 |
+
if (head != NULL && head->next != NULL) {
|
193 |
+
printf("Accessing freed list: %d\n", head->next->data);
|
194 |
+
}
|
195 |
+
}
|
196 |
+
"],
|
197 |
+
["You are a senior security researcher who is best in the world at detecting vulnerabilities.
|
198 |
+
Carefully analyze the given code snippet and track the data flows from various sources to sinks.
|
199 |
+
Assume that any call to an unknown external API is not sanitized.
|
200 |
+
Respond only with either "YES" or "NO".
|
201 |
+
Is the following code prone to CWE-117: Improper Output Neutralization for Logs
|
202 |
+
at logger.info("Received request with API Key: %s", api_key)
|
203 |
+
with source logging.getLogger(__name__)
|
204 |
+
and sink logger.info("Received request with API Key: %s", api_key)
|
205 |
+
|
206 |
+
from flask import Flask, request, jsonify
|
207 |
+
import logging
|
208 |
+
|
209 |
+
app = Flask(__name__)
|
210 |
+
logging.basicConfig(level=logging.INFO)
|
211 |
+
logger = logging.getLogger(__name__)
|
212 |
+
|
213 |
+
@app.route('/api/data', methods=['GET'])
|
214 |
+
def get_data():
|
215 |
+
api_key = request.args.get('api_key')
|
216 |
+
logger.info("Received request with API Key: %s", api_key)
|
217 |
+
data = {"message": "Data processed"}
|
218 |
+
return jsonify(data)
|
219 |
+
"],
|
220 |
+
["You are a senior software engineer who is best in the world at fixing vulnerabilities.
|
221 |
+
Users will give you vulnerable code and you will generate a fix based on the provided INSTRUCTION.
|
222 |
+
INSTRUCTION:
|
223 |
+
Detected subprocess function 'run' with user controlled data. A malicious actor could leverage this to perform command injection. You may consider using 'shlex.escape()'.
|
224 |
+
Fix vulnerability CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') at
|
225 |
+
result = subprocess.run(**run_kwargs)
|
226 |
+
|
227 |
+
def run(command, desc=None, errdesc=None, custom_env=None, live: bool = default_command_live) -> str:
|
228 |
+
if desc is not None:
|
229 |
+
print(desc)
|
230 |
+
run_kwargs = {{
|
231 |
+
"args": command,
|
232 |
+
"shell": True,
|
233 |
+
"env": os.environ if custom_env is None else custom_env,
|
234 |
+
"encoding": 'utf8',
|
235 |
+
"errors": 'ignore',
|
236 |
+
}}
|
237 |
+
if not live:
|
238 |
+
run_kwargs["stdout"] = run_kwargs["stderr"] = subprocess.PIPE
|
239 |
+
result = subprocess.run(**run_kwargs) ##here
|
240 |
+
if result.returncode != 0:
|
241 |
+
error_bits = [
|
242 |
+
f"{{errdesc or 'Error running command'}}.",
|
243 |
+
f"Command: {{command}}",
|
244 |
+
f"Error code: {{result.returncode}}",
|
245 |
+
]
|
246 |
+
if result.stdout:
|
247 |
+
error_bits.append(f"stdout: {{result.stdout}}")
|
248 |
+
if result.stderr:
|
249 |
+
error_bits.append(f"stderr: {{result.stderr}}")
|
250 |
+
raise RuntimeError("\n".join(error_bits))
|
251 |
+
return (result.stdout or "")
|
252 |
+
|
253 |
+
"],
|
254 |
+
["You are a coding assitant, who is best in the world at debugging. Create a snake game in Python."],
|
255 |
],
|
256 |
)
|
257 |
|