In [None]:
import numpy as np
import pandas as pd
import os
from tqdm import tqdm
from sklearn.metrics import (accuracy_score, 
                             classification_report, 
                             confusion_matrix)
from sklearn.model_selection import train_test_split
import matplotlib.pyplot as plt
import seaborn as sns
from sklearn.metrics import confusion_matrix
import requests
import json
import pandas as pd

In [None]:
#df1=pd.read_csv("final_dataset/train_set.csv")
df1=pd.read_csv("../final_dataset/train_set.csv")
df2=pd.read_csv("../final_dataset/eval_set.csv")
df3=pd.read_csv("../final_dataset/test_set.csv")

In [None]:
df1= df1[['Contents','Secret','Label']]
print(df1['Label'].value_counts())

df2= df2[['Contents','Secret','Label']]
print(df2['Label'].value_counts())

df3= df3[['Contents','Secret','Label']]
print(df3['Label'].value_counts())

In [None]:
df1['Label'] = df1['Label'].replace({0: 'Non-sensitive', 1: 'Secret'})
print(df1['Label'].value_counts())

df2['Label'] = df2['Label'].replace({0: 'Non-sensitive', 1: 'Secret'})
print(df2['Label'].value_counts())

df3['Label'] = df3['Label'].replace({0: 'Non-sensitive', 1: 'Secret'})
print(df3['Label'].value_counts())

In [None]:
def create_context_window(text, target_string, window_size=200):

    target_index = text.find(target_string)

    if target_index != -1:
        start_index = max(0, target_index - window_size)
        end_index = min(len(text), target_index + len(target_string) + window_size)
        context_window = text[start_index:end_index]
        return context_window

    return None

df1['Contents'] = df1.apply(lambda row: create_context_window(row['Contents'], row['Secret']), axis=1)
df2['Contents'] = df2.apply(lambda row: create_context_window(row['Contents'], row['Secret']), axis=1)
df3['Contents'] = df3.apply(lambda row: create_context_window(row['Contents'], row['Secret']), axis=1)

In [None]:
X_train = df1
X_eval = df2
X_test = df3

In [None]:
EXAMPLES = """
Examples:

candidate_string: "myP@ssw0rd!"
code snippet: 'password = "myP@ssw0rd!"'
label: "Secret"

candidate_string: "log_level"
code snippet: 'config = {"debug": True, "log_level": "info"}'
label: "Non-sensitive"

candidate_string: "ghp_123456abcdef"
code snippet: 'github_token = "ghp_123456abcdef"'
label: "Secret"

candidate_string: "db_user"
code snippet: 'DB_CONFIG = {"user": "db_user", "host": "localhost"}'
label: "Non-sensitive"

candidate_string: "AIzaSyD12345"
code snippet: 'GOOGLE_API_KEY = "AIzaSyD12345"'
label: "Secret"
"""

def generate_prompt(data_point):
    return f"""
            Classify the given candidate string into "Non-sensitive" or "Secret" based on its presence and usage in the provided code snippet. A "Secret" refers to sensitive information like API keys, passwords, or private tokens. Return only the label 'Secret' or 'Non-sensitive' as the output.
candidate_string: {data_point["Secret"]}
code snippet: {data_point["Contents"]}
label: {data_point["Label"]}""".strip()

def generate_test_prompt(data_point):
    return f"""
            Classify the given candidate string as either "Non-sensitive" or "Secret" based on its role in the provided code snippet. A "Secret" includes sensitive information such as: API keys and secrets (e.g., `sk_test_ABC123`), Private and secret keys (e.g., private SSH keys, private cryptographic keys), Authentication keys and tokens (e.g., `Bearer <token>`), Database connection strings with credentials (e.g., `mongodb://user:password@host:port`), Passwords, usernames, and any other private information that should not be shared openly. A "Non-sensitive" string is not considered secret and can be shared openly. This may include: Publicly available keys (e.g., public SSH keys), Non-sensitive configuration values or identifiers, Any non-sensitive data not directly tied to security or authentication. Carefully consider the context of the string in the provided code. If the string is part of authentication, encryption, or access control, it is likely a "Secret". Otherwise, it is "Non-sensitive". Ensure you pay attention to specific patterns like tokens, passwords, or keys in the string. Return the answer as the corresponding label.
            {EXAMPLES}
            
            Now classify the following:
            candidate_string: {data_point["Secret"]}
            code snippet: {data_point["Contents"]}
        label: """.strip()


In [None]:
# Generate prompts for training and evaluation data
X_train.loc[:,'text'] = X_train.apply(generate_prompt, axis=1)
X_eval.loc[:,'text'] = X_eval.apply(generate_prompt, axis=1)

# Generate test prompts and extract true labels
y_true = X_test.loc[:,'Label']
X_test['prompt'] = X_test.apply(generate_test_prompt, axis=1)

In [None]:
X_train.Label.value_counts()

In [None]:
# DeepSeek API configuration
DEEPSEEK_API_URL = "https://api.deepseek.com/v1/chat/completions"
API_KEY = "YOUR_DEEPSEEK_API_KEY"  # Replace with your actual DeepSeek API key

In [None]:

headers = {
    "Authorization": f"Bearer {API_KEY}",
    "Content-Type": "application/json"
}

def query_deepseek(prompt):
    payload = {
        "model": "deepseek-chat",  # or the specific model you have access to
        "messages": [
            {
                "role": "user",
                "content": prompt
            },
            {
                "role": "system",
                "content": "You are a code security auditor or classifier speccialized in identifying and categorizing sensitive secrets from code snippet."
            }
        ],
        "temperature": 0.2,  # Lower temperature for more deterministic outputs
        "max_tokens": 4      # Limit response length since we just need the label
        # You can add other parameters as needed
    }
    
    response = requests.post(DEEPSEEK_API_URL, headers=headers, data=json.dumps(payload))
    if response.status_code == 200:
        return response.json()['choices'][0]['message']['content'].strip()
    else:
        print(f"Error: {response.status_code}, {response.text}")
        return None

# Perform zero-shot classification
from tqdm import tqdm

y_pred = []
for prompt in tqdm(X_test['prompt'], desc="Processing Prompts"):
    response = query_deepseek(prompt)
    # Clean and standardize the response
    if response:
        response = response.replace('"', '').replace("'", "").strip()
        if "Non-sensitive" in response:
            y_pred.append("Non-sensitive")
        elif "Secret" in response:
            y_pred.append("Secret")
        else:
            print(f"Unexpected response: {response}")
            y_pred.append("Non-sensitive")  # Fallback
    else:
        y_pred.append("Non-sensitive")  # Fallback on API error





In [None]:
prompt = "What is your exact model version? Are you DeepSeek-V1, V2, V3, or R1?"
response = requests.post(
    "https://api.deepseek.com/v1/chat/completions",
    headers={"Authorization": f"Bearer {API_KEY}"},
    json={
        "model": "deepseek-chat",
        "messages": [{"role": "user", "content": prompt}],
    },
)
print(response.json()["choices"][0]["message"]["content"])

In [None]:
def evaluate(y_true, y_pred):
    def map_func(x):
        if x == "Non-sensitive":
            return 0
        elif x == "Secret":
            return 1
        else:
            return -1  # Handle unexpected labels (optional)

    # Map the true and predicted labels to integers
    y_true_mapped = np.array([map_func(label) for label in y_true])
    y_pred_mapped = np.array([map_func(label) for label in y_pred])

    # Filter out invalid labels (-1)
    valid_indices = np.where((y_true_mapped != -1) & (y_pred_mapped != -1))[0]
    y_true_mapped = y_true_mapped[valid_indices]
    y_pred_mapped = y_pred_mapped[valid_indices]

    # Calculate overall accuracy
    accuracy = accuracy_score(y_true=y_true_mapped, y_pred=y_pred_mapped)
    print(f'Overall Accuracy: {accuracy:.3f}')

    # Calculate accuracy for each label
    labels = [0, 1]
    label_names = ["Non-sensitive", "Secret"]
    for label, name in zip(labels, label_names):
        label_indices = np.where(y_true_mapped == label)[0]
        label_accuracy = accuracy_score(
            y_true=y_true_mapped[label_indices], 
            y_pred=y_pred_mapped[label_indices]
        ) if len(label_indices) > 0 else 0.0
        print(f'Accuracy for {name}: {label_accuracy:.3f}')

    # Generate classification report
    class_report = classification_report(
        y_true=y_true_mapped, 
        y_pred=y_pred_mapped, 
        target_names=label_names, 
        labels=labels,
        digits=4
    )
    print('\nClassification Report:')
    print(class_report)

    # Generate confusion matrix
    conf_matrix = confusion_matrix(
        y_true=y_true_mapped, 
        y_pred=y_pred_mapped, 
        labels=labels
    )
    print('\nConfusion Matrix:')
    print(conf_matrix)


evaluate(y_true,y_pred)

In [None]:
# Generate confusion matrix
cm = confusion_matrix(y_true, y_pred)
# Define the filename and extract the base name (without path and extension)
filename = '../plots/deepseek-V3-api-oneshot-prompt.png'
base_filename = os.path.splitext(os.path.basename(filename))[0]

# Create a heatmap from the confusion matrix
plt.figure(figsize=(6, 5))
sns.heatmap(cm, annot=True, fmt='d', cmap='Blues', xticklabels=['0', '1', '2'], yticklabels=['0', '1', '2'])

# Set the title dynamically to match the filename
plt.title(f"Confusion Matrix: {base_filename}")
plt.xlabel("Predicted Labels")
plt.ylabel("True Labels")

# Save and display the plot
plt.savefig(filename)  # Save the plot as PNG file
plt.show()
