Merge pull request #7 from avidml/v02

V02
avidml · Apr 4, 2023 · 4001805 · 4001805
2 parents ade0883 + f2b7354
commit 4001805
Show file tree

Hide file tree

Showing 40 changed files with 1,582 additions and 170 deletions.
diff --git a/connectors/render_page.py b/connectors/render_page.py
@@ -27,6 +27,8 @@ def renderReports(vuln):
     reports = vuln['reports']
     header = ['## Reports \n\n', '| ID | Type | Name |\n']
     divider = ['| --- | --- | --- | \n']
+    # for rep in reports:
+    #     print(rep['report_id'])
     content = [
         '| ['+rep['report_id']+'](../'+rep['report_id']+') | '+rep['type']+' | '+rep['name']+' |\n'
         for rep in reports
@@ -47,8 +49,8 @@ def renderTaxonomy(vuln):
     header = ['## AVID Taxonomy Categorization\n\n']
     content = [
         '- **Risk domains:** '+(', '.join(taxo['risk_domain']))+'\n',
-        '- **SEP subcategories:** '+('; '.join([sep['id']+': '+sep['name'] for sep in taxo['sep_view']]))+'\n',
-        '- **Lifecycle stages:** '+(', '.join([lc['id']+': '+lc['stage'] for lc in taxo['lifecycle_view']]))+'\n'
+        '- **SEP subcategories:** '+('; '.join(taxo['sep_view']))+'\n',
+        '- **Lifecycle stages:** '+(', '.join(taxo['lifecycle_view']))+'\n'
     ]
     return header+content+['\n']
 
@@ -62,7 +64,7 @@ def renderAffected(vuln):
         '| Type | Name |\n'+
         '| --- | --- | \n'
     ]
-    for art in aff['artifact']:
+    for art in aff['artifacts']:
         content.append('| '+art['type']+' | '+art['name']+' |\n')
 
     return header+content+['\n']
@@ -85,8 +87,11 @@ def renderInfo(vuln, is_report=False):
         ]        
     else:
         content = [
-            '- **Vulnerability Class:** '+vuln['problemtype']['class']+'\n',
-            '- **Credits:** '+('; '.join([cred['value'] for cred in vuln['credit']]))+'\n',
+            '- **Vulnerability Class:** '+vuln['problemtype']['classof']+'\n'
+        ]
+        if vuln['credit'] is not None:
+            content += ['- **Credits:** '+('; '.join([cred['value'] for cred in vuln['credit']]))+'\n']
+        content += [
             '- **Date Published:** '+vuln['published_date']+'\n',
             '- **Date Last Modified:** '+vuln['last_modified_date']+'\n',
             '- **Version:** '+vuln['data_version']+'\n',

diff --git a/reports/review/reci3PWbHUEVFYbrR.json → reports/2023/AVID-2023-R0001.json b/reports/review/reci3PWbHUEVFYbrR.json → reports/2023/AVID-2023-R0001.json
@@ -1,21 +1,21 @@
 {
     "data_type": "AVID",
-    "version": "",
+    "data_version": "0.2",
     "metadata": {
-        "report_id": ""
+        "report_id": "AVID-2023-R0001"
     },
     "affects": {
         "developer": ["OpenAI"],
         "deployer": ["OpenAI"],
         "artifacts": [
             {
-                "type": "Model",
+                "type": "System",
                 "name": "ChatGPT"
             }
         ]
     },
     "problemtype": {
-        "classof": "Undefined",
+        "classof": "LLM Evaluation",
         "type": "Advisory",
         "description": {
             "lang": "eng",
@@ -25,10 +25,12 @@
     "metrics": [],
     "references": [
         {
+            "type": "source",
             "label": "Gwern's analysis of lexical constraints and ChatGPT",
             "url": "https://www.gwern.net/GPT-3#bpes"
         },
         {
+            "type": "source",
             "label": "Most Language Models can be Poets too: An AI Writing Assistant and Constrained Text Generation Studio",
             "url": "https://paperswithcode.com/paper/most-language-models-can-be-poets-too-an-ai"
         }
@@ -39,11 +41,13 @@
     },
     "impact": {
         "avid": {
-            "vuln_id": "",
+            "vuln_id": "AVID-2023-V001",
             "risk_domain": [
                 "Performance"
             ],
-            "sep_view": [],
+            "sep_view": [
+                "P0204: Accuracy"
+            ],
             "lifecycle_view": [
                 "L02: Data Understanding",
                 "L04: Model Development",
@@ -53,7 +57,7 @@
             "taxonomy_version": "0.2"
         }
     },
-    "credits": [
+    "credit": [
         {
             "lang": "eng",
             "value": "Allen Roush, Oracle Corporation"

diff --git a/reports/review/reciaOOxqMH4eCkOq.json → reports/2023/AVID-2023-R0002.json b/reports/review/reciaOOxqMH4eCkOq.json → reports/2023/AVID-2023-R0002.json
@@ -1,21 +1,21 @@
 {
     "data_type": "AVID",
-    "version": "",
+    "data_version": "0.2",
     "metadata": {
-        "report_id": ""
+        "report_id": "AVID-2023-R0002"
     },
     "affects": {
         "developer": ["OpenAI"],
         "deployer": ["OpenAI"],
         "artifacts": [
             {
-                "type": "Model",
+                "type": "System",
                 "name": "ChatGPT"
             }
         ]
     },
     "problemtype": {
-        "classof": "Undefined",
+        "classof": "LLM Evaluation",
         "type": "Issue",
         "description": {
             "lang": "eng",
@@ -25,13 +25,14 @@
     "metrics": [],
     "references": [
         {
-            "label": "The results can be reproduced by using the prompt \"Can you recommend any papers on explainability?\". I think the developers might have fixed this issue after realizing this. So it might say something along the lines of \"Sorry, I cannot recommend any papers\". But I have screenshots if needed. ",
-            "url": ""
+            "type": "screenshot",
+            "label": "Screenshot of example answer",
+            "url": "../img/R00031.png"
         }
     ],
     "description": {
         "lang": "eng",
-        "value": "I asked ChatGPT to recommend papers on explainability, privacy, adversarial ML, etc. It did recommend me a list of papers but it linked wrong authors to the papers and some of the papers didn't even exist (maybe it just made up those paper titles). For example- when prompted to recommend papers on explainability, it said the paper \"Explaining Explanations: An Overview of Interpretability of Machine Learning\" is by Zach Lipton, which in fact, is written by Gilpin et al. and does not have Zach as an author. This potentially hints at misinformation. It made similar mistakes when asking for papers on privacy, interpretability, and adversarial ML. "
+        "value": "I asked ChatGPT to recommend papers on explainability, privacy, adversarial ML, etc. It did recommend me a list of papers but it linked wrong authors to the papers and some of the papers didn't even exist (maybe it just made up those paper titles). For example- when prompted to recommend papers on explainability, it said the paper \"Explaining Explanations: An Overview of Interpretability of Machine Learning\" is by Zach Lipton, which in fact, is written by Gilpin et al. and does not have Zach as an author. This potentially hints at misinformation. It made similar mistakes when asking for papers on privacy, interpretability, and adversarial ML. \n The results can be reproduced by using the prompt \"Can you recommend any papers on explainability?\"."
     },
     "impact": {
         "avid": {
@@ -49,10 +50,10 @@
             "taxonomy_version": "0.2"
         }
     },
-    "credits": [
+    "credit": [
         {
             "lang": "eng",
-            "value": "Jaydeep Borkar, "
+            "value": "Jaydeep Borkar, N/A"
         }
     ],
     "reported_date": "2023-01-05"

diff --git a/reports/2023/AVID-2023-R0003.json b/reports/2023/AVID-2023-R0003.json
@@ -0,0 +1,74 @@
+{
+    "data_type": "AVID",
+    "data_version": "0.2",
+    "metadata": {
+        "report_id": "AVID-2023-R0003"
+    },
+    "affects": {
+        "developer": ["OpenAI"],
+        "deployer": ["OpenAI","boxcars.ai"],
+        "artifacts": [
+            {
+                "type": "System",
+                "name": "ChatGPT"
+            },
+            {
+                "type": "System",
+                "name": "boxcars.ai"
+            }
+        ]
+    },
+    "problemtype": {
+        "classof": "LLM Evaluation",
+        "type": "Advisory",
+        "description": {
+            "lang": "eng",
+            "value": "It is possible to make ChatGPT perform remote code execution just by asking politely"
+        }
+    },
+    "metrics": [],
+    "references": [
+        {
+            "type": "source",
+            "label": "InjectGPT: the most polite exploit ever",
+            "url": "https://blog.luitjes.it/posts/injectgpt-most-polite-exploit-ever/"
+        },
+        {
+            "type": "source",
+            "label": "Reddit thread on InjectGPT",
+            "url": "https://www.reddit.com/r/netsec/comments/121gpay/injectgpt_remote_code_execution_by_asking_nicely/"
+        }
+    ],
+    "description": {
+        "lang": "eng",
+        "value": "Frameworks like langchain (Python) and boxcars.ai (Ruby) offer apps and scripts to directly execute queries through LLMs as a built-in feature. In the context of boxcars.ai, this makes it really easy to perform remote code execution or SQL injection. All you have to do is ask politely! \nSee the references for more details."
+    },
+    "impact": {
+        "avid": {
+            "vuln_id": "AVID-2023-V003",
+            "risk_domain": [
+                "Ethics"
+            ],
+            "sep_view": [
+                "S0100: Software Vulnerability",
+                "S0201: Model Compromise",
+                "S0301: Information Leak",
+                "S0202: Software Compromise",
+                "S0601: Ingest Poisoning"
+            ],
+            "lifecycle_view": [
+                "L04: Model Development",
+                "L05: Evaluation",
+                "L06: Deployment"
+            ],
+            "taxonomy_version": "0.2"
+        }
+    },
+    "credit": [
+        {
+            "lang": "eng",
+            "value": "Lucas Luitjes, N/A"
+        }
+    ],
+    "reported_date": "2023-03-26"
+}
diff --git a/reports/img/R00031.png b/reports/img/R00031.png
diff --git a/reports/review/AML.CS0009.json b/reports/review/AML.CS0009.json