Spaces:
Configuration error
Configuration error
Update app.py
Browse files
app.py
CHANGED
|
@@ -75,51 +75,7 @@ def generate(
|
|
| 75 |
outputs.append(text)
|
| 76 |
yield "".join(outputs)
|
| 77 |
|
| 78 |
-
|
| 79 |
-
chat_interface = gr.ChatInterface(
|
| 80 |
-
fn=generate,
|
| 81 |
-
chatbot=gr.Chatbot(height="480px"),
|
| 82 |
-
additional_inputs=[
|
| 83 |
-
gr.Textbox(label="System prompt", lines=4),
|
| 84 |
-
gr.Slider(
|
| 85 |
-
label="Max new tokens",
|
| 86 |
-
minimum=1,
|
| 87 |
-
maximum=MAX_MAX_NEW_TOKENS,
|
| 88 |
-
step=1,
|
| 89 |
-
value=DEFAULT_MAX_NEW_TOKENS,
|
| 90 |
-
),
|
| 91 |
-
gr.Slider(
|
| 92 |
-
label="Temperature",
|
| 93 |
-
minimum=0.1,
|
| 94 |
-
maximum=4.0,
|
| 95 |
-
step=0.1,
|
| 96 |
-
value=0.6,
|
| 97 |
-
),
|
| 98 |
-
gr.Slider(
|
| 99 |
-
label="Top-p (nucleus sampling)",
|
| 100 |
-
minimum=0.05,
|
| 101 |
-
maximum=1.0,
|
| 102 |
-
step=0.05,
|
| 103 |
-
value=0.9,
|
| 104 |
-
),
|
| 105 |
-
gr.Slider(
|
| 106 |
-
label="Top-k",
|
| 107 |
-
minimum=1,
|
| 108 |
-
maximum=1000,
|
| 109 |
-
step=1,
|
| 110 |
-
value=50,
|
| 111 |
-
),
|
| 112 |
-
gr.Slider(
|
| 113 |
-
label="Repetition penalty",
|
| 114 |
-
minimum=1.0,
|
| 115 |
-
maximum=2.0,
|
| 116 |
-
step=0.05,
|
| 117 |
-
value=1.2,
|
| 118 |
-
),
|
| 119 |
-
],
|
| 120 |
-
stop_btn=None,
|
| 121 |
-
examples=[
|
| 122 |
-
["You are a senior software engineer who is best in the world at fixing vulnerabilities.
|
| 123 |
Users will give you vulnerable code and you will generate a fix based on the provided INSTRUCTION.
|
| 124 |
INSTRUCTION:
|
| 125 |
Detected MD5 hash algorithm which is considered insecure. MD5 is not collision resistant and is therefore not suitable as a cryptographic signature. Use SHA256 or SHA3 instead.
|
|
@@ -130,8 +86,9 @@ def md5_hash(path):
|
|
| 130 |
with open(path, "rb") as f:
|
| 131 |
content = f.read()
|
| 132 |
return hashlib.md5(content).hexdigest()
|
| 133 |
-
|
| 134 |
-
|
|
|
|
| 135 |
Carefullly analyze the given old code and new code and generate a summary of the changes.
|
| 136 |
|
| 137 |
Old Code:
|
|
@@ -193,8 +150,9 @@ void processList() {
|
|
| 193 |
printf("Accessing freed list: %d\n", head->next->data);
|
| 194 |
}
|
| 195 |
}
|
| 196 |
-
|
| 197 |
-
|
|
|
|
| 198 |
Carefully analyze the given code snippet and track the data flows from various sources to sinks.
|
| 199 |
Assume that any call to an unknown external API is not sanitized.
|
| 200 |
Respond only with either "YES" or "NO".
|
|
@@ -216,8 +174,9 @@ def get_data():
|
|
| 216 |
logger.info("Received request with API Key: %s", api_key)
|
| 217 |
data = {"message": "Data processed"}
|
| 218 |
return jsonify(data)
|
| 219 |
-
|
| 220 |
-
|
|
|
|
| 221 |
Users will give you vulnerable code and you will generate a fix based on the provided INSTRUCTION.
|
| 222 |
INSTRUCTION:
|
| 223 |
Detected subprocess function 'run' with user controlled data. A malicious actor could leverage this to perform command injection. You may consider using 'shlex.escape()'.
|
|
@@ -249,8 +208,55 @@ def run(command, desc=None, errdesc=None, custom_env=None, live: bool = default_
|
|
| 249 |
error_bits.append(f"stderr: {{result.stderr}}")
|
| 250 |
raise RuntimeError("\n".join(error_bits))
|
| 251 |
return (result.stdout or "")
|
| 252 |
-
|
| 253 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 254 |
["You are a coding assitant, who is best in the world at debugging. Create a snake game in Python."],
|
| 255 |
],
|
| 256 |
)
|
|
|
|
| 75 |
outputs.append(text)
|
| 76 |
yield "".join(outputs)
|
| 77 |
|
| 78 |
+
example1='''You are a senior software engineer who is best in the world at fixing vulnerabilities.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 79 |
Users will give you vulnerable code and you will generate a fix based on the provided INSTRUCTION.
|
| 80 |
INSTRUCTION:
|
| 81 |
Detected MD5 hash algorithm which is considered insecure. MD5 is not collision resistant and is therefore not suitable as a cryptographic signature. Use SHA256 or SHA3 instead.
|
|
|
|
| 86 |
with open(path, "rb") as f:
|
| 87 |
content = f.read()
|
| 88 |
return hashlib.md5(content).hexdigest()
|
| 89 |
+
'''
|
| 90 |
+
|
| 91 |
+
example2='''You are a software engineer who is best in the world at summarizing code changes.
|
| 92 |
Carefullly analyze the given old code and new code and generate a summary of the changes.
|
| 93 |
|
| 94 |
Old Code:
|
|
|
|
| 150 |
printf("Accessing freed list: %d\n", head->next->data);
|
| 151 |
}
|
| 152 |
}
|
| 153 |
+
'''
|
| 154 |
+
|
| 155 |
+
example3='''You are a senior security researcher who is best in the world at detecting vulnerabilities.
|
| 156 |
Carefully analyze the given code snippet and track the data flows from various sources to sinks.
|
| 157 |
Assume that any call to an unknown external API is not sanitized.
|
| 158 |
Respond only with either "YES" or "NO".
|
|
|
|
| 174 |
logger.info("Received request with API Key: %s", api_key)
|
| 175 |
data = {"message": "Data processed"}
|
| 176 |
return jsonify(data)
|
| 177 |
+
'''
|
| 178 |
+
|
| 179 |
+
example4='''You are a senior software engineer who is best in the world at fixing vulnerabilities.
|
| 180 |
Users will give you vulnerable code and you will generate a fix based on the provided INSTRUCTION.
|
| 181 |
INSTRUCTION:
|
| 182 |
Detected subprocess function 'run' with user controlled data. A malicious actor could leverage this to perform command injection. You may consider using 'shlex.escape()'.
|
|
|
|
| 208 |
error_bits.append(f"stderr: {{result.stderr}}")
|
| 209 |
raise RuntimeError("\n".join(error_bits))
|
| 210 |
return (result.stdout or "")
|
| 211 |
+
'''
|
| 212 |
+
|
| 213 |
+
chat_interface = gr.ChatInterface(
|
| 214 |
+
fn=generate,
|
| 215 |
+
chatbot=gr.Chatbot(height="480px"),
|
| 216 |
+
additional_inputs=[
|
| 217 |
+
gr.Textbox(label="System prompt", lines=4),
|
| 218 |
+
gr.Slider(
|
| 219 |
+
label="Max new tokens",
|
| 220 |
+
minimum=1,
|
| 221 |
+
maximum=MAX_MAX_NEW_TOKENS,
|
| 222 |
+
step=1,
|
| 223 |
+
value=DEFAULT_MAX_NEW_TOKENS,
|
| 224 |
+
),
|
| 225 |
+
gr.Slider(
|
| 226 |
+
label="Temperature",
|
| 227 |
+
minimum=0.1,
|
| 228 |
+
maximum=4.0,
|
| 229 |
+
step=0.1,
|
| 230 |
+
value=0.6,
|
| 231 |
+
),
|
| 232 |
+
gr.Slider(
|
| 233 |
+
label="Top-p (nucleus sampling)",
|
| 234 |
+
minimum=0.05,
|
| 235 |
+
maximum=1.0,
|
| 236 |
+
step=0.05,
|
| 237 |
+
value=0.9,
|
| 238 |
+
),
|
| 239 |
+
gr.Slider(
|
| 240 |
+
label="Top-k",
|
| 241 |
+
minimum=1,
|
| 242 |
+
maximum=1000,
|
| 243 |
+
step=1,
|
| 244 |
+
value=50,
|
| 245 |
+
),
|
| 246 |
+
gr.Slider(
|
| 247 |
+
label="Repetition penalty",
|
| 248 |
+
minimum=1.0,
|
| 249 |
+
maximum=2.0,
|
| 250 |
+
step=0.05,
|
| 251 |
+
value=1.2,
|
| 252 |
+
),
|
| 253 |
+
],
|
| 254 |
+
stop_btn=None,
|
| 255 |
+
examples=[
|
| 256 |
+
[example1],
|
| 257 |
+
[example2],
|
| 258 |
+
[example3],
|
| 259 |
+
[example4],
|
| 260 |
["You are a coding assitant, who is best in the world at debugging. Create a snake game in Python."],
|
| 261 |
],
|
| 262 |
)
|