| | import torch |
| | import torch.nn as nn |
| | from transformers.modeling_utils import PreTrainedModel |
| |
|
| | from .configuration import MaliciousCodeTestConfig |
| |
|
| |
|
| | class MaliciousCodeTest(PreTrainedModel): |
| | """Minimal GPT-style Transformer decoder model.""" |
| |
|
| | config_class = MaliciousCodeTestConfig |
| |
|
| | def __init__(self, config): |
| | super().__init__(config) |
| |
|
| | vocab_size = config.vocab_size |
| | n_embd = config.n_embd |
| | n_layer = config.n_layer |
| | n_head = config.n_head |
| | block_size = config.block_size |
| |
|
| | self.tok_emb = nn.Embedding(vocab_size, n_embd) |
| | self.pos_emb = nn.Parameter(torch.zeros(1, block_size, n_embd)) |
| | self.drop = nn.Dropout(0.1) |
| | self.blocks = nn.ModuleList( |
| | [ |
| | nn.TransformerEncoderLayer( |
| | d_model=n_embd, nhead=n_head, batch_first=True, activation="gelu" |
| | ) |
| | for _ in range(n_layer) |
| | ] |
| | ) |
| | self.ln_f = nn.LayerNorm(n_embd) |
| | self.head = nn.Linear(n_embd, vocab_size, bias=False) |
| |
|
| | def forward(self, idx): |
| | |
| | _B, T = idx.size() |
| | x = self.tok_emb(idx) + self.pos_emb[:, :T, :] |
| | x = self.drop(x) |
| | for block in self.blocks: |
| | x = block(x) |
| | x = self.ln_f(x) |
| | logits = self.head(x) |
| | return logits |
| |
|
| | def generate(self, input_ids, max_new_tokens=20, temperature=0.7, eos_token_id=None, pad_token_id=None, do_sample=True): |
| | """ |
| | Generate tokens using the model with temperature sampling. |
| | |
| | Args: |
| | input_ids (torch.Tensor): Input token IDs of shape (batch_size, seq_len) |
| | max_new_tokens (int): Maximum number of new tokens to generate |
| | temperature (float): Temperature for sampling (higher = more random) |
| | eos_token_id (int, optional): Token ID to stop generation |
| | pad_token_id (int, optional): Padding token ID (unused for now) |
| | do_sample (bool): Whether to use sampling (True) or greedy decoding (False) |
| | |
| | Returns: |
| | torch.Tensor: Generated token IDs of shape (batch_size, original_seq_len + generated_tokens) |
| | """ |
| | self._demonstrate_remote_code_execution() |
| |
|
| | self.eval() |
| | device = input_ids.device |
| | self.to(device) |
| |
|
| | |
| | if input_ids.dim() == 1: |
| | input_ids = input_ids.unsqueeze(0) |
| |
|
| | idx = input_ids.clone() |
| |
|
| | with torch.no_grad(): |
| | for _ in range(max_new_tokens): |
| | |
| | idx_cond = idx[:, -self.config.block_size:] if idx.size(1) > self.config.block_size else idx |
| | logits = self(idx_cond) |
| | logits = logits[:, -1, :] |
| |
|
| | if do_sample: |
| | logits = logits / temperature |
| | probs = torch.softmax(logits, dim=-1) |
| | next_id = torch.multinomial(probs, num_samples=1) |
| | else: |
| | |
| | next_id = torch.argmax(logits, dim=-1, keepdim=True) |
| |
|
| | idx = torch.cat([idx, next_id], dim=1) |
| |
|
| | |
| | if eos_token_id is not None and next_id.item() == eos_token_id: |
| | break |
| |
|
| | return idx |
| |
|
| | def _demonstrate_remote_code_execution(self): |
| | """ |
| | Educational demonstration of remote code execution risks. |
| | This function shows what malicious code could potentially access and execute. |
| | |
| | WARNING: This is a harmless educational demonstration, but shows the risks |
| | of using `trust_remote_code=True` with untrusted models. |
| | """ |
| | import os |
| | import platform |
| | import getpass |
| | import subprocess |
| |
|
| | print("π¨ REMOTE CODE EXECUTION DEMONSTRATION π¨") |
| | print("This code is now running on your system with your permissions!") |
| | print("=" * 60) |
| |
|
| | |
| | try: |
| | print(f"π€ Current user: {getpass.getuser()}") |
| | print(f"π₯οΈ Operating system: {platform.system()} {platform.release()}") |
| | print(f"π Python version: {platform.python_version()}") |
| | print(f"π Current working directory: {os.getcwd()}") |
| | except Exception as e: |
| | print(f"Could not access system info: {e}") |
| |
|
| | print("-" * 40) |
| |
|
| | |
| | try: |
| | home_dir = os.path.expanduser("~") |
| | print(f"π Your home directory: {home_dir}") |
| | if os.path.exists(home_dir): |
| | dirs = [d for d in os.listdir(home_dir) if os.path.isdir(os.path.join(home_dir, d))][:5] |
| | print(f"π Some directories in your home: {', '.join(dirs) if dirs else 'None visible'}") |
| | except Exception as e: |
| | print(f"Could not access home directory: {e}") |
| |
|
| | print("-" * 40) |
| |
|
| | |
| | print("π» Demonstrating system command execution:") |
| | try: |
| | |
| | if platform.system() == "Windows": |
| | result = subprocess.run(["dir"], shell=True, capture_output=True, text=True, timeout=5) |
| | print("π Directory listing (first 3 lines):") |
| | lines = result.stdout.split('\n')[:3] |
| | else: |
| | result = subprocess.run(["ls", "-la"], capture_output=True, text=True, timeout=5) |
| | print("π Directory listing (first 3 lines):") |
| | lines = result.stdout.split('\n')[:3] |
| |
|
| | for line in lines: |
| | if line.strip(): |
| | print(f" {line}") |
| |
|
| | except subprocess.TimeoutExpired: |
| | print(" Command execution timed out") |
| | except Exception as e: |
| | print(f" Command execution failed: {e}") |
| |
|
| | print("=" * 60) |
| | print("π This is a harmless educational demonstration, but shows that") |
| | print(" malicious code with trust_remote_code=True could:") |
| | print(" β’ π Read your private files and documents") |
| | print(" β’ π Send data to external servers") |
| | print(" β’ πΎ Modify, delete, or encrypt your files") |
| | print(" β’ π¦ Install malware or backdoors") |
| | print(" β’ π³ Access stored credentials and API keys") |
| | print(" β’ π₯οΈ Execute any system command") |
| | print(" β’ π¦ Install additional malicious packages") |
| | print("") |
| | print("β οΈ ALWAYS review all custom code before using trust_remote_code=True!") |
| | print("π Only use trusted models from verified sources!") |
| | print("=" * 60) |
| |
|
