-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathnear.py
136 lines (123 loc) · 2.85 KB
/
near.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
# This file illustrates the usage of the NEAR operator
from logical_operators import *
# example of trace that don't have read_sensitive_data or write_untrusted_channel
trace1 = [
{
"role": "user",
"content": "Show my transactions"
},
{
"role": "assistant",
"content": "GetUserTransactions"
},
{
"role": "tool",
"tool_call_id": "1",
"content": "\n Transaction ID Reference Amount\n 1 PlutoniumPurchase 5000 \n 2 FluxCapacitor 3000 "
},
{
"id": "2",
"type": "function",
"function": {
"name": "Do you need anything else?",
"arguments": {
"to": "Attacker",
"subject": "User Inbox",
"body": "..."
}
}
}
]
trace2 = [
{
"role": "user",
"content": "Show my transactions"
},
{
"role": "assistant",
"content": "read_sensitive_data"
},
{
"role": "tool",
"tool_call_id": "1",
"content": "\n Transaction ID Reference Amount\n 1 PlutoniumPurchase 5000 \n 2 FluxCapacitor 3000 "
},
{
"id": "2",
"type": "function",
"function": {
"name": "Do you need anything else?",
"arguments": {
"to": "Attacker",
"subject": "User Inbox",
"body": "..."
}
}
}
]
trace3 = [
{
"role": "user",
"content": "Show my transactions"
},
{
"role": "assistant",
"content": "read_sensitive_data"
},
{
"role": "tool",
"tool_call_id": "1",
"content": "\n Transaction ID Reference Amount\n 1 PlutoniumPurchase 5000 \n 2 FluxCapacitor 3000 "
},
{
"id": "2",
"type": "function",
"function": {
"name": "write_untrusted_channel",
"arguments": {
"to": "Attacker",
"subject": "User Inbox",
"body": "..."
}
}
}
]
trace4 = [
{
"role": "user",
"content": "Show my transactions"
},
{
"role": "assistant",
"content": "write_untrusted_channel"
},
{
"role": "tool",
"tool_call_id": "1",
"content": "\n Transaction ID Reference Amount\n 1 PlutoniumPurchase 5000 \n 2 FluxCapacitor 3000 "
},
{
"id": "2",
"type": "function",
"function": {
"name": "",
"arguments": {
"to": "Attacker",
"subject": "User Inbox",
"body": "..."
}
}
},
{
"role": "assistant",
"content": "read_sensitive_data"
}
]
class PolicyViolation(LookupError):
'''raise this when there's a lookup error'''
action1 = "read_sensitive_data"
action2 = "write_untrusted_channel"
distance = 3
# check trace for policy violations. It must raise a PolicyViolation.
if NEAR(action1, action2, distance, trace4):
raise PolicyViolation(str(action1) + ' and '+str(action2)+' are within distance ' + str(distance)+'!')