Skip to content

Commit

Permalink
Initial commit
Browse files Browse the repository at this point in the history
  • Loading branch information
vitaly-ps committed Apr 13, 2024
0 parents commit c90f0ff
Show file tree
Hide file tree
Showing 35 changed files with 1,911 additions and 0 deletions.
48 changes: 48 additions & 0 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
name: CI Pipeline

on:
push:
branches: [ "main" ]
pull_request:
branches: [ "**" ]

jobs:
build-and-test:
runs-on: ubuntu-latest

steps:
- name: Checkout repository
uses: actions/checkout@v4

- name: Set up Python 3.11
uses: actions/setup-python@v4
with:
python-version: '3.11'

- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -e .[dev] # Install package in editable mode with dev dependencies
- name: Run tests
run: |
pytest
build-package:
needs: build-and-test
runs-on: ubuntu-latest

steps:
- name: Checkout repository
uses: actions/checkout@v4

- name: Set up Python 3.11
uses: actions/setup-python@v4
with:
python-version: '3.11'

- name: Build package using script
run: |
chmod +x ./build_package.sh
./build_package.sh
32 changes: 32 additions & 0 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
name: Release to GitHub

on:
release:
types: [created]

jobs:
release:
runs-on: ubuntu-latest

steps:
- uses: actions/checkout@v4

- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: '3.11'

- name: Clean up old distribution
run: bash clean_package.sh

- name: Build distribution
run: bash build_package.sh

- name: Create GitHub Release
uses: softprops/action-gh-release@v1
with:
files: dist/*
name: Release ${{ github.ref_name }} of ${{ github.repository }}
body: This is the release of ${{ github.repository }} for version ${{ github.ref_name }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
8 changes: 8 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
venv
.env
__pycache__
*.egg-info/
psfuzz.log
.pytest_cache
build/
dist/
127 changes: 127 additions & 0 deletions CONTRIBUTING.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,127 @@
# Contributing to PS_Fuzz

Thank you for your interest in contributing to PS_Fuzz! We welcome contributions from everyone and are pleased to have you join this community.
This document provides guidelines and instructions for contributing to this project.

## Code of Conduct

The PS_Fuzz project adheres to a code of conduct that you can read at [Code of Conduct](LINK_TO_CODE_OF_CONDUCT).
By participating in this project, you agree to abide by its terms.

## Getting Started

### Prerequisites

Before you begin, ensure you have the following installed:
- Python 3.7 or later
- Git

### Setting Up Your Development Environment

1. **Fork the Repository**: Start by forking the repository on GitHub.

2. **Clone Your Fork**:
```bash
git clone https://github.com/yourusername/ps_fuzz.git
cd ps_fuzz
```

### Set up a virtual environment

```bash
python -m venv venv
source venv/bin/activate # On Unix or macOS
venv\Scripts\activate # On Windows
```

### Install dependencies

Install the project dependencies in editable mode (with the '-e' argument).
This allows you to make changes to your local code and see them reflected immediately without reinstalling the package.

```bash
pip install -e .[dev]
```

### Run tests

```bash
pytest
```

### Running the Tool

To run the ps_fuzz tool from your development environment, you can use the command-line interface set up in the project.
Since the package is installed in editable mode, you can run the tool directly from the source code without needing a separate installation step for testing changes.

To execute the tool, use the following command:
```bash
ps_fuzz --help
```

or alternatively:
```bash
python -m ps_fuzz --help

```

## Making Changes

1. Always create a new side-branch for your work.
```bash
git checkout -b your-branch-name
```

2. Make your changes to the code and add or modify unit tests as necessary.

3. Run tests again

Ensure all tests pass after your changes.
```bash
pytest
```

4. Commit Your Changes

Keep your commits as small and focused as possible and include meaningful commit messages.
```bash
git add .
git commit -m "Add a brief description of your change"
```

5. Push the changes you did to GitHub
```bash
git push origin your-branch-name
```

## Submitting a pull request

1. Update your branch

Fetch any new changes from the base branch and rebase your branch.
```bash
git fetch origin
git rebase origin/main
```

2. Submit a Pull Request

Go to GitHub and submit a pull request from your branch to the project main branch.


3. Request Reviews

Request reviews from other contributors listed as maintainers. If you receive a feedback - make any necessary changes and push them.

4. Merge

Once your pull request is approved, it will be merged into the main branch.

## Additional Resources

Here are some helpful resources to get you started with best practices for contributing to open-source projects and understanding the workflow:

- [GitHub Flow](https://guides.github.com/introduction/flow/) - An introduction to the GitHub workflow, which explains branches, pull requests, and more.
- [Writing Good Commit Messages](https://chris.beams.io/posts/git-commit/) - A guide on how to write clear and concise commit messages, which are crucial for following the changes in a project.
- [Python Coding Style](https://pep8.org/) - Guidelines for writing clean and understandable Python code.

113 changes: 113 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,113 @@
<div align="center">


# Prompt Security Fuzzer

### **Test the resilience of your System Prompt x LLM**

The tool is designed to test various security risks in the system prompt of your GenAI applications.
<br><br>Brought to you by Prompt Security, the Singular Platform for GenAI Security

<img src="https://assets-global.website-files.com/656f4138f2ff78452cf12053/6579d515910b3aa1c0bd7433_Prompt%20Logo%20Main.svg">



[Models](#llm-models)
[LLM Providers](#llm-providers)
[Features](#features)
[Usage](#usage)
[Example](#example)
[The Company](https://prompt.security/)

[![License](https://img.shields.io/badge/License-Apache_2.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
[![Documentation Status](https://readthedocs.org/projects/prompt-security/badge/?version=latest)](http://prompt-security-fuzzer.readthedocs.io/en/latest/?badge=latest)

[![PyPI](https://badge.fury.io/py/prompt-security.svg)](https://badge.fury.io/py/prompt-security)
![Python package](https://github.com/prompt-security/ps-fuzz/actions/workflows/tests.yml/badge.svg)

</div>

## What is the Prompt Fuzzer?

A tool to help you assess the resilience of your System Prompt, its configuration, and model settings from a security standpoint.
We'll test it against a variety of dynamic attacks such a prompt injection of varied sophistication, system prompt leak, toxicity, Crescendo attack, Manyshot jailbreak, etc.
At the end you'll receive a final assessment score.

## Get started
1. Download the Prompt Fuzzer
2. Input your system prompt
3. Configure the Target LLM Provider + LLM Model name (i.e. the one your GenAI app is using). The default is OpenAI provider and "gpt-3.5-turbo" model.
4. Start testing
5. (Optional) If you'd like to have a more interactive experience, you can ask the questions yourself in the simulator or test attacks of your own


## <a href = https://www.prompt.security/> Learn more about the Prompt Fuzzer and Prompt Security </a>



<a id="llm-models"></a>
## Supported LLM Models

TODO: list models we support through various providers

<a id="llm-providers"></a>
## Supported LLM Providers
We're fully LLM agnostic.



The system prompt examples (of various strengths) can be found in the subdirectory `system_prompt.examples`

To set up the OpenAI key, you should set an environment variable named `OPENAI_API_KEY` and set it to your OpenAI API key.
An easy way to add the key permanently is to create a file named '.env' in the current directory and set the `OPENAI_API_KEY` there.

<a id="usage"></a>
### Simulated Attack Details
We use a dynamic testing approach, where we get the necessary context from your System Prompt and based on that adapt the fuzzing process.



<a id="usage"></a>
### Usage

```
usage: psfuzz.py [-h] [-l] [--attack-provider ATTACK_PROVIDER] [--attack-model ATTACK_MODEL]
[--target-provider TARGET_PROVIDER] [--target-model TARGET_MODEL] [-n NUM_ATTACKS]
[-d DEBUG_LEVEL] [-i]
[system_prompt_file]
Prompt Security LLM Prompt Injection Fuzzer
positional arguments:
system_prompt_file Filename containing the system prompt. A special value of '-' means read from stdin.
options:
-h, --help show this help message and exit
-l, --list-providers List available providers and exit
--attack-provider ATTACK_PROVIDER
Attack provider (default: 'open_ai')
--attack-model ATTACK_MODEL
Attack model (default: 'gpt-3.5-turbo')
--target-provider TARGET_PROVIDER
Target provider (default: 'open_ai')
--target-model TARGET_MODEL
Model (default: 'gpt-3.5-turbo')
-n NUM_ATTACKS, --num-attacks NUM_ATTACKS
Number of different attack prompts to generate for each test (default=3)
-d DEBUG_LEVEL, --debug-level DEBUG_LEVEL
Debug level: 0=only see warnings and errors, 1=info (default), 2=debug/trace
-i, --interactive-chat
Run interactive chat instead of the fuzzer. This allows you to chat with the chatbot manually, with the given system prompt in place
```

<a id="usage"></a>
### Example
Run tests against the system prompt:
```
psfuzz.py ./system_prompt.examples/medium_system_prompt.txt
```

Run interactive chat with system prompt:
```
psfuzz.py -i ./system_prompt.examples/medium_system_prompt.txt
```
20 changes: 20 additions & 0 deletions build_package.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
#!/bin/bash
set -e # Exit immediately in case of error, do not ignore errors

echo "Installing required Python packaging tools ..."
python -m pip install --upgrade pip setuptools wheel

echo "Cleaning up previous builds..."
rm -rf build/ dist/ *.egg-info

echo "Building the package..."
python setup.py sdist bdist_wheel

echo "Build output:"
ls dist

# Optional Step 5: Install the package locally for testing
# Uncomment the line below to enable installation after build
# pip install dist/*.whl

echo "Package built successfully."
3 changes: 3 additions & 0 deletions clean_package.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
#!/bin/bash
echo "Removing build artifacts (if any) ..."
rm -rf build/ dist/ *.egg-info
Empty file added ps_fuzz/__init__.py
Empty file.
5 changes: 5 additions & 0 deletions ps_fuzz/__main__.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
# src/ps_fuzz/__main__.py
from .cli import main

if __name__ == "__main__":
main()
6 changes: 6 additions & 0 deletions ps_fuzz/attack_config.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
from .client_config import ClientConfig

class AttackConfig(object):
def __init__(self, attack_client: ClientConfig, attack_prompts_count: int):
self.attack_client = attack_client
self.attack_prompts_count = attack_prompts_count
5 changes: 5 additions & 0 deletions ps_fuzz/attack_loader.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
from .attacks import (
dynamic_test,
translation,
typoglycemia,
)
Loading

0 comments on commit c90f0ff

Please sign in to comment.