Notebooks
M
Meta Llama Code Shield Usage Demo

Code Shield Usage Demo

llamaAIvllmmachine-learningresponsible_aillama2LLMllama-cookbookPythonfinetuningpytorchlangchaingetting-started
alph-notebooks/llama-cookbook / code_shield_usage_demo.ipynb

CodeShield Usage Walkthrough

This notebook shows examples of how to use CodeShield. For further information, see the main repository README here.

Getting Started

Either install via PyPi using pip, or install it locally from source.

Install Option 1. Install CodeShield package. Run the following in your terminal

pip3 install codeshield

Install Option 2. Install CodeShield package locally from source code

git clone https://github.com/meta-llama/PurpleLlama
cd PurpleLlama/CodeShield
pip install .

Examples

Define a helper function to run scan and process output.

[2]

Example 1 - Simple hard-coded example

In this example, we are taking a hard coded example where the code snippet has weak hash md5 function usage.

[7]
__LLM output after treatment___

def hashString(input):
    return hashlib.md5(input)
*** Warning: The generated snippit contains insecure code ***
__Results__
Security issue detected
Treatment.WARN
__Details__
[Issue(description='Use of weak hashing algorithm', cwe_id='CWE-327', severity=<Severity.WARNING: 'warning'>, rule='\\.getMd5Digest\\(\\)|\\.md5\\(|\\.md5Hex\\(|\\.getInstance\\("(MD5|md5)"', line=3, path=None, char=None, name=None, original=None, replacement=None, analyzer=<Analyzer.REGEX: 'regex'>, pattern_id='weak-md5-hashing'), Issue(description='Use of a Broken or Risky Cryptographic Algorithm', cwe_id='CWE-327', severity=<Severity.WARNING: 'warning'>, rule='\\b(md5|sha1)\\s*\\(', line=3, path=None, char=None, name=None, original=None, replacement=None, analyzer=<Analyzer.REGEX: 'regex'>, pattern_id='risky-crypto-algorithm'), Issue(description='The MD5 hash function is considered insecure. Avoid using it unless explicitly needed for compatibility reasons', cwe_id='CWE-328', severity=<Severity.WARNING: 'warning'>, rule='\\bhashlib\\.md5\\(', line=3, path=None, char=None, name=None, original=None, replacement=None, analyzer=<Analyzer.REGEX: 'regex'>, pattern_id='insecure-md5-hash-usage')]

Example 2 - use openAI API

Requires openai package (pip install openai)

[ ]

Example 3 - use externally hosted LLM

Requires llama-recipes package

[ ]