# Penetration testing notebook

Use this notebook to test handcrafted queries directly against the sakila demo database without going to the LLM. If you're here, please take a moment to view our [Security Policy](https://github.com/amoffat/HeimdaLLM/security/policy) when it comes to disclosing vulnerabilities.


In [2]:
%reload_ext autoreload
%autoreload 2

In [3]:
import logging

import structlog

logging.basicConfig(level=logging.DEBUG)
structlog.configure(logger_factory=structlog.stdlib.LoggerFactory())

import sqlite3
import sys
import time
from datetime import date
from pathlib import Path

import pandas as pd

from heimdallm.bifrosts.sql.sqlite.select.bifrost import Bifrost

THIS_DIR = Path().resolve()
sys.path.insert(0, THIS_DIR)

You can browse the Sakila Demo Database [here](./sakila.sqlite3) (Note: the sqlite
VSCode extension doesn't seem to work in Github Codespaces)


In [4]:
conn = sqlite3.connect("sakila.sqlite3")
db_schema = open("sakila-schema.sql", "r").read()

In [5]:
from constraints.customer import DataConstraints

validator = DataConstraints()
bifrost = Bifrost.validation_only(DataConstraints())

In [6]:
def query(untrusted_input):
    trusted_sql_query = bifrost.traverse(untrusted_input, autofix=True)

    # according to the Sakila database, this is roughly the latest meaningful date that
    # could be considered "now", so we'll hardcode that, so that the database is always
    # relevant. our prompt envelope has instructed the LLM to reference the `:timestamp`
    # placeholder in the query if it needs the current time.
    now = time.mktime(date.fromisoformat("2005-09-05").timetuple())
    params = {"timestamp": now, "customer_id": 148}

    df = pd.read_sql_query(trusted_sql_query, conn, params=params)
    display(df)

Craft your query here to execute and see the results.


In [9]:
untrusted_input = "SELECT id from film;"
query(untrusted_input)

INFO:heimdallm.bifrost:[2m2023-09-11 22:39:39[0m [[32m[1minfo     [0m] [1mTraversing untrusted input    [0m [36mautofix[0m=[35mTrue[0m
INFO:heimdallm.bifrost:[2m2023-09-11 22:39:39[0m [[32m[1minfo     [0m] [1mWrapping input in prompt envelope[0m [36mautofix[0m=[35mTrue[0m
DEBUG:heimdallm.bifrost:[2m2023-09-11 22:39:39[0m [[32m[1mdebug    [0m] [1mProduced prompt envelope      [0m [36mautofix[0m=[35mTrue[0m
INFO:heimdallm.bifrost:[2m2023-09-11 22:39:39[0m [[32m[1minfo     [0m] [1mSending envelope to LLM       [0m [36mautofix[0m=[35mTrue[0m
INFO:heimdallm.bifrost:[2m2023-09-11 22:39:39[0m [[32m[1minfo     [0m] [1mReceived raw result from LLM  [0m [36mautofix[0m=[35mTrue[0m
INFO:heimdallm.bifrost:[2m2023-09-11 22:39:39[0m [[32m[1minfo     [0m] [1mUnwrapping prompt envelope    [0m [36mautofix[0m=[35mTrue[0m
INFO:heimdallm.bifrost:[2m2023-09-11 22:39:39[0m [[32m[1minfo     [0m] [1mUnwrap succeeded              [0m [36m

INFO:heimdallm.bifrost:[2m2023-09-11 22:39:39[0m [[32m[1minfo     [0m] [1mParse succeeded               [0m [36mautofix[0m=[35mTrue[0m
INFO:heimdallm.bifrost:[2m2023-09-11 22:39:39[0m [[32m[1minfo     [0m] [1mTrying constraint validator   [0m [36mautofix[0m=[35mTrue[0m [36mvalidator[0m=[35mDataConstraints[0m
INFO:heimdallm.bifrost:[2m2023-09-11 22:39:39[0m [[32m[1minfo     [0m] [1mAutofixing parse tree and reconstructing the input[0m [36mautofix[0m=[35mTrue[0m
INFO:heimdallm.bifrost:[2m2023-09-11 22:39:39[0m [[32m[1minfo     [0m] [1mRe-parsing reconstructed output[0m [36mautofix[0m=[35mTrue[0m
INFO:heimdallm.bifrost:[2m2023-09-11 22:39:39[0m [[32m[1minfo     [0m] [1mReconstruction succeeded      [0m [36mautofix[0m=[35mTrue[0m
INFO:heimdallm.bifrost:[2m2023-09-11 22:39:39[0m [[32m[1minfo     [0m] [1mValidating parse tree         [0m [36mautofix[0m=[35mTrue[0m
ERROR:heimdallm.bifrost:[2m2023-09-11 22:39:39[0m [[31m

MissingRequiredIdentity: Missing one required identities: {rental.customer_id=:customer_id, payment.customer_id=:customer_id, customer.customer_id=:customer_id}