Hugging Face's logo

Spaces:
effixis
/
shared-amld-sql-injection-demo
Running

App Files Community
Zachary Schillaci commited on
Commit
2faa222
Β·
1 Parent(s): 38fc0fa

Start on final touches

Browse files
Files changed (5) hide show
  1. Introduction.py +3 -3
  2. pages/Level_1:_The_Challenge_Begins.py +1 -1
  3. pages/Level_2:_LLM_Safeguard.py +1 -1
  4. pages/Level_3:_Better_LLM_Model.py +1 -1
  5. pages/The_Leaderboard.py +39 -27
Introduction.py CHANGED
@@ -45,9 +45,9 @@ def main():
45
  #### The levels
46
  Try to inject malicious SQL code to alter the SQL table, each level is more difficult than the previous one!
47
 
48
- - **Level 0**: You generate the SQL queries with the help of the LLM.
49
- - **Level 1**: The SQL queries are first checked by an LLM Safeguard, which detects and removes malicious SQL queries.
50
- - **Level 2**: The only difference is that we are using a better LLM model, GPT-4, for the safeguard. Otherwise they are the same.
51
 
52
  Are you happy with your results? Submit the keys on the leaderboard to see how you compare to others!
53
  """
 
45
  #### The levels
46
  Try to inject malicious SQL code to alter the SQL table, each level is more difficult than the previous one!
47
 
48
+ - **Level 1**: You generate the SQL queries with the help of the LLM.
49
+ - **Level 2**: The SQL queries are first checked by an LLM Safeguard, which detects and removes malicious SQL queries.
50
+ - **Level 3**: The only difference is that we are using a better LLM model, GPT-4, for the safeguard. Otherwise they are the same.
51
 
52
  Are you happy with your results? Submit the keys on the leaderboard to see how you compare to others!
53
  """
pages/Level_1:_The_Challenge_Begins.py CHANGED
@@ -64,7 +64,7 @@ def main():
64
  st.error(e)
65
  if success:
66
  st.success(
67
- f"Congratulations! You have successfully altered the database and passed Level 1! Here's your key: `{os.environ.get('LEVEL_0_KEY')}`"
68
  )
69
 
70
 
 
64
  st.error(e)
65
  if success:
66
  st.success(
67
+ f"Congratulations! You have successfully altered the database and passed Level 1! Here's your key: `{os.environ.get('LEVEL_1_KEY')}`"
68
  )
69
 
70
 
pages/Level_2:_LLM_Safeguard.py CHANGED
@@ -109,7 +109,7 @@ def main():
109
  st.error(e)
110
  if success:
111
  st.success(
112
- f"Congratulations! You have successfully altered the database and passed Level 2! Here's your key: `{os.environ.get('LEVEL_1_KEY')}`"
113
  )
114
  else:
115
  st.success("Done!")
 
109
  st.error(e)
110
  if success:
111
  st.success(
112
+ f"Congratulations! You have successfully altered the database and passed Level 2! Here's your key: `{os.environ.get('LEVEL_2_KEY')}`"
113
  )
114
  else:
115
  st.success("Done!")
pages/Level_3:_Better_LLM_Model.py CHANGED
@@ -113,7 +113,7 @@ def main():
113
  st.error(e)
114
  if success:
115
  st.success(
116
- f"Wow! Well done, you passed Level 3! Here's your key: `{os.getenv('LEVEL_2_KEY')}`"
117
  )
118
  else:
119
  st.success("Done!")
 
113
  st.error(e)
114
  if success:
115
  st.success(
116
+ f"Wow! Well done, you passed Level 3! Here's your key: `{os.getenv('LEVEL_3_KEY')}`"
117
  )
118
  else:
119
  st.success("Done!")
pages/The_Leaderboard.py CHANGED
@@ -37,18 +37,24 @@ def main():
37
  leaderboard_data = (
38
  pd.DataFrame(leaderboard_json)
39
  .T[["level 0", "level 1", "level 2"]]
40
- .applymap(lambda x: "βœ…" if x else "❌")
41
- )
42
- leaderboard_data = leaderboard_data.rename(
43
- columns={"level 0": "Level 0", "level 1": "Level 1", "level 2": "Level 2"}
44
- )
45
- leaderboard_data["Score"] = leaderboard_data.apply(
46
- lambda x: x.value_counts().get("βœ…", 0) * 100, axis=1
 
 
 
 
 
 
 
 
 
47
  )
48
- leaderboard_data = leaderboard_data.sort_values(by="Score", ascending=False)
49
- leaderboard_data = leaderboard_data.reset_index()
50
- leaderboard_data = leaderboard_data.rename(columns={"index": "Name"})
51
- leaderboard_data.index += 1
52
  st.dataframe(leaderboard_data)
53
  else:
54
  st.error("An error occurred while fetching the leaderboard.")
@@ -77,30 +83,36 @@ def main():
77
  data = {
78
  display_name: {
79
  "email": email,
80
- "level 0": key == os.environ.get("LEVEL_0_KEY"),
81
  "level 1": key == os.environ.get("LEVEL_1_KEY"),
82
  "level 2": key == os.environ.get("LEVEL_2_KEY"),
 
83
  }
84
  }
85
  else:
86
  data = {
87
  display_name: {
88
  "email": email,
89
- "level 0": key == os.environ.get("LEVEL_0_KEY")
90
- or leaderboard_data[
91
- leaderboard_data["Name"] == display_name
92
- ]["Level 0"].values[0]
93
- == "βœ…",
94
- "level 1": key == os.environ.get("LEVEL_1_KEY")
95
- or leaderboard_data[
96
- leaderboard_data["Name"] == display_name
97
- ]["Level 1"].values[0]
98
- == "βœ…",
99
- "level 2": key == os.environ.get("LEVEL_2_KEY")
100
- or leaderboard_data[
101
- leaderboard_data["Name"] == display_name
102
- ]["Level 2"].values[0]
103
- == "βœ…",
 
 
 
 
 
 
104
  }
105
  }
106
  updated_data = leaderboard_json
 
37
  leaderboard_data = (
38
  pd.DataFrame(leaderboard_json)
39
  .T[["level 0", "level 1", "level 2"]]
40
+ .rename(
41
+ columns={
42
+ "level 0": "Level 1",
43
+ "level 1": "Level 2",
44
+ "level 2": "Level 3",
45
+ },
46
+ )
47
+ .map(lambda x: "βœ…" if x else "❌")
48
+ .assign(
49
+ Score=lambda df: df.apply(
50
+ lambda x: x.value_counts().get("βœ…", 0) * 100, axis=1
51
+ )
52
+ )
53
+ .sort_values(by="Score", ascending=False)
54
+ .reset_index()
55
+ .rename(columns={"index": "Name"})
56
  )
57
+ # leaderboard_data.index += 1
 
 
 
58
  st.dataframe(leaderboard_data)
59
  else:
60
  st.error("An error occurred while fetching the leaderboard.")
 
83
  data = {
84
  display_name: {
85
  "email": email,
 
86
  "level 1": key == os.environ.get("LEVEL_1_KEY"),
87
  "level 2": key == os.environ.get("LEVEL_2_KEY"),
88
+ "level 3": key == os.environ.get("LEVEL_3_KEY"),
89
  }
90
  }
91
  else:
92
  data = {
93
  display_name: {
94
  "email": email,
95
+ "level 1": (
96
+ key == os.environ.get("LEVEL_1_KEY")
97
+ or leaderboard_data[
98
+ leaderboard_data["Name"] == display_name
99
+ ]["Level 1"].values[0]
100
+ == "βœ…"
101
+ ),
102
+ "level 2": (
103
+ key == os.environ.get("LEVEL_2_KEY")
104
+ or leaderboard_data[
105
+ leaderboard_data["Name"] == display_name
106
+ ]["Level 2"].values[0]
107
+ == "βœ…"
108
+ ),
109
+ "level 3": (
110
+ key == os.environ.get("LEVEL_3_KEY")
111
+ or leaderboard_data[
112
+ leaderboard_data["Name"] == display_name
113
+ ]["Level 3"].values[0]
114
+ == "βœ…"
115
+ ),
116
  }
117
  }
118
  updated_data = leaderboard_json