Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add --unsafe mode, add barebone safe mode to LLDB/GDB. #46

Merged
merged 3 commits into from
Sep 1, 2024
Merged

Add --unsafe mode, add barebone safe mode to LLDB/GDB. #46

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
b16673f
Add --unsafe mode, add barebone safe mode to LLDB/GDB.
nicovank Sep 1, 2024
a9a41cf
Update chatdbg_pdb.py
stephenfreund Sep 1, 2024
6554aa1
Update chatdbg_pdb.py
stephenfreund Sep 1, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 4 additions & 1 deletion src/chatdbg/chatdbg_gdb.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
_SkippedFramesEntry,
)
from chatdbg.util.config import chatdbg_config
from chatdbg.native_util.safety import command_is_safe

# The file produced by the panic handler if the Rust program is using the chatdbg crate.
RUST_PANIC_LOG_FILENAME = "panic_log.txt"
Expand Down Expand Up @@ -262,7 +263,7 @@ def _prompt_stack(self):
"""
return None

def llm_debug(self, command: str) -> str:
def llm_debug(self, command: str):
"""
{
"name": "debug",
Expand All @@ -279,4 +280,6 @@ def llm_debug(self, command: str) -> str:
}
}
"""
if not chatdbg_config.unsafe and not command_is_safe(command):
return command, f"Command `{command}` is not allowed."
return command, self._run_one_command(command)
5 changes: 4 additions & 1 deletion src/chatdbg/chatdbg_lldb.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
_SkippedFramesEntry,
)
from chatdbg.util.config import chatdbg_config
from chatdbg.native_util.safety import command_is_safe

# The file produced by the panic handler if the Rust program is using the chatdbg crate.
RUST_PANIC_LOG_FILENAME = "panic_log.txt"
Expand Down Expand Up @@ -290,7 +291,7 @@ def _prompt_stack(self):
"""
return None

def llm_debug(self, command: str) -> str:
def llm_debug(self, command: str):
"""
{
"name": "debug",
Expand All @@ -307,4 +308,6 @@ def llm_debug(self, command: str) -> str:
}
}
"""
if not chatdbg_config.unsafe and not command_is_safe(command):
return command, f"Command `{command}` is not allowed."
return command, self._run_one_command(command)
5 changes: 4 additions & 1 deletion src/chatdbg/chatdbg_pdb.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -285,7 +285,10 @@ def _getval(self, arg):
Sandbox for evaluating expressions from the LLM.
"""
try:
return sandbox_eval(arg, self.curframe.f_globals, self.curframe_locals)
if chatdbg_config.unsafe:
return super._getval(arg)
else:
return sandbox_eval(arg, self.curframe.f_globals, self.curframe_locals)
except NameError as e:
self.error(f"NameError: {e}")
return None
Expand Down
32 changes: 32 additions & 0 deletions src/chatdbg/native_util/safety.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
import re


# A very simple whitelist-based approach.
# If ChatDBG wants to call other commands not listed here, they should be
# evaluated and added if not possibly harmful.
def command_is_safe(cmd: str) -> bool:
cmd = cmd.strip()
command_name = cmd.split()[0]

# Allowed unconditionally.
if command_name in [
"apropos",
"bt",
"down",
"frame",
"h",
"help",
"language",
"l",
"list",
"source",
"up",
"version",
]:
return True

# Allowed conditionally.
if command_name in ["p", "print"]:
return re.fullmatch(r"[a-zA-Z0-9_ *]*", cmd) is not None

return False
12 changes: 9 additions & 3 deletions src/chatdbg/util/config.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ def _chatdbg_get_env(
if type(default_value) == int:
return int(v)
elif type(default_value) == bool:
return v.lower() == "true"
return v.lower() == "true" or v.lower() == "1"
else:
return v

Expand Down Expand Up @@ -85,18 +85,23 @@ class ChatDBGConfig(Configurable):

format = Unicode(
_chatdbg_get_env("format", "md"),
help="The output format (text or md or md:simple or jupyter).",
help="The output format (text or md or md:simple or jupyter)",
).tag(config=True)

instructions = Unicode(
_chatdbg_get_env("instructions", ""),
help="The file for the initial instructions to the LLM, or '' for the default (possibly-model specific) version.",
help="The file for the initial instructions to the LLM, or '' for the default (possibly-model specific) version",
).tag(config=True)

module_whitelist = Unicode(
_chatdbg_get_env("module_whitelist", ""), help="The module whitelist file"
).tag(config=True)

unsafe = Bool(
_chatdbg_get_env("unsafe", False),
help="Disable any protections against GPT running harmful code or commands",
).tag(config=True)

_user_configurable = [
debug,
log,
Expand All @@ -105,6 +110,7 @@ class ChatDBGConfig(Configurable):
no_stream,
format,
module_whitelist,
unsafe,
]

def _parser(self):
Expand Down