Conversation
This is a fake LLM adaptor that will generate security issues, without having to host or contact an external LLM. This will allow easier testing of services/functions within SAIST that don't require a real LLM's output.
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
Security Findings Summary
High Severity Issues
Hardcoded Credentials
File: saist/main.py
The code contains hardcoded empty credentials for the FaikeAdapter, posing a significant security risk if deployed in production without proper authentication. Hardcoded credentials can be easily exploited. It is recommended to use environment variables or a secure configuration management system to handle sensitive data securely.
Regular Expression Injection (ReDoS Risk)
File: saist/llm/adapters/faike.py
The code uses a regular expression to extract filenames from user-provided input, which could lead to regular expression injection (ReDoS) if the input is maliciously crafted. This could cause denial of service or other security issues. Sanitize the input or use safer methods like string manipulation or built-in parsing functions to mitigate this risk.
Medium Severity Issues
Input Validation for LLM Options
Files: saist/util/argparsing.py
The code lacks proper validation for the 'faike' LLM option and other LLM options, which could result in unexpected behavior or misuse. Ensure thorough input validation and proper handling of these options to prevent potential security issues or misuse. Implementing strict validation checks will help mitigate these risks.
Grouped Recommendations
- Replace hardcoded credentials with secure alternatives like environment variables.
- Sanitize user inputs and avoid risky regular expressions to prevent injection attacks.
- Implement strict input validation for all LLM-related options to ensure secure and expected behavior.
Prioritize addressing the high-severity issues first, followed by the medium-severity validation improvements.
This allows strict-ish typing on the construction of the Finding object, and removes the potential for JSON injection via filenames
prompt_structured now only returns Findings type if that's the response_format specified This allows other classes to be used as the return type for faike.py's prompt_structured in future
There was a problem hiding this comment.
Security Findings Summary
High Severity Issues
Hardcoded Credentials
The file saist/main.py contains a hardcoded empty string as an API key, which poses a significant security risk if deployed in production without proper authentication. Hardcoded credentials should be replaced with environment variables or secure configuration management to prevent unauthorized access.
ReDoS Vulnerability
In saist/llm/adapters/faike.py, a regular expression with a lookbehind assertion is used, which could lead to a Regular Expression Denial of Service (ReDoS) attack if malicious input is provided. Simplifying the regex pattern or validating input beforehand is recommended to mitigate this risk.
Medium Severity Issues
Insufficient Validation
The file saist/util/argparsing.py lacks proper validation for the 'faike' LLM, increasing the risk of misuse or bypass. Implementing stricter validation checks, including context-specific usage restrictions, is advised to enhance security.
Hardcoded Fake Findings
The adapter in saist/llm/adapters/faike.py hardcodes fake security findings, which could mislead users or tools relying on this data. Clearly marking fake findings and avoiding their use in production environments is recommended to prevent confusion.
Low Severity Issues
Hardcoded LLM Choices
The file saist/util/argparsing.py hardcodes the list of LLM choices, which may lead to maintenance challenges or security risks when introducing new LLMs. Externalizing this list to a configuration file or environment variable would allow for dynamic updates and better maintainability.
prompt_structured now checks the type of response_format allowing for the function to be used more generically in future, if there is ever another subclass of BaseModel that we'd want to return
There was a problem hiding this comment.
Security Findings Summary
Critical Findings
Hardcoded Credentials in FaikeAdapter
File: saist/main.py
Issue: The FaikeAdapter is instantiated with hardcoded empty credentials, posing a security risk if used in production without proper authentication.
Recommendation: Replace hardcoded credentials with environment variables or a secure configuration management system.
High Findings
Regular Expression Injection (ReDoS) Risk
File: saist/llm/adapters/faike.py
Issue: User input is processed with a regular expression without proper validation or sanitization, potentially leading to ReDoS attacks.
Recommendation: Sanitize and validate user input before regex processing or use safer string manipulation methods.
Medium Findings
Unvalidated LLM Parameter Choice
File: saist/util/argparsing.py
Issue: The "faike" option for the LLM parameter lacks proper validation, potentially introducing security risks if it is a mock or test LLM.
Recommendation: Validate the "faike" option thoroughly or remove it if not intended for production use.
Low Findings
Hardcoded Error Message for Interactive Mode
File: saist/util/argparsing.py
Issue: The error message for the "faike" LLM in interactive mode is hardcoded and lacks dynamic validation, which may lead to confusion or exploitation.
Recommendation: Implement dynamic validation and provide actionable error messages.
|
I've changed the prompt_structured function away from using a concatenated string of Json to using a typed dict, and made the function more generic as requested. # |
2 participants
This is a new LLM adaptor, "Faike", which emulates security issues, allowing for SAIST to be tested and developed without requiring hosting a local LLM or paying for an external LLM.
This will obviously not allow the for the testing of LLM outputs, or for the development of new or existing LLM adaptors.
However, for implementing features surrounding the SCM adaptors or any of the report output methods, this will be invaluable.