Add insecure sample script for testing detectors#355
Conversation
Added an intentionally insecure sample script for testing purposes, demonstrating unsafe practices with API keys and untrusted input.
|
You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool. What Enabling Code Scanning Means:
For more information about GitHub Code Scanning, check out the documentation. |
| from langchain.agents import load_tools | ||
| from langchain_experimental.tools import PythonREPLTool | ||
|
|
||
| openai.api_key = "sk-proj-AbC123DeF456ghi789JkL012mno345PqR" # LLM02: hardcoded key |
|
|
||
| def load_model(path): | ||
| with open(path, "rb") as fh: | ||
| return pickle.load(fh) # LLM04: unsafe deserialize |
|
|
||
|
|
||
| def build_agent(llm): | ||
| tools = load_tools(["terminal", "llm-math"]) # LLM06: dangerous tool |
|
|
||
| def build_agent(llm): | ||
| tools = load_tools(["terminal", "llm-math"]) # LLM06: dangerous tool | ||
| repl = PythonREPLTool() # LLM06: code execution |
🛡️ Rudra — GenAI/LLM Security ReviewFound 4 issue(s) (1 high/critical) mapped to the OWASP LLM Top 10.
🔴 Hardcoded OpenAI API key —
|
Added an intentionally insecure sample script for testing purposes, demonstrating unsafe practices with API keys and untrusted input.