Skip to content

Add insecure sample script for testing detectors#355

Open
powerexploit wants to merge 2 commits into
masterfrom
test
Open

Add insecure sample script for testing detectors#355
powerexploit wants to merge 2 commits into
masterfrom
test

Conversation

@powerexploit

Copy link
Copy Markdown
Owner

Added an intentionally insecure sample script for testing purposes, demonstrating unsafe practices with API keys and untrusted input.

Added an intentionally insecure sample script for testing purposes, demonstrating unsafe practices with API keys and untrusted input.
@github-advanced-security

Copy link
Copy Markdown

You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool.

What Enabling Code Scanning Means:

  • The 'Security' tab will display more code scanning analysis results (e.g., for the default branch).
  • Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results.
  • You will be able to see the analysis results for the pull request's branch on this overview once the scans have completed and the checks have passed.

For more information about GitHub Code Scanning, check out the documentation.

Comment thread Calculator_GUI/sample.py
from langchain.agents import load_tools
from langchain_experimental.tools import PythonREPLTool

openai.api_key = "sk-proj-AbC123DeF456ghi789JkL012mno345PqR" # LLM02: hardcoded key
Comment thread Calculator_GUI/sample.py

def load_model(path):
with open(path, "rb") as fh:
return pickle.load(fh) # LLM04: unsafe deserialize
Comment thread Calculator_GUI/sample.py


def build_agent(llm):
tools = load_tools(["terminal", "llm-math"]) # LLM06: dangerous tool
Comment thread Calculator_GUI/sample.py

def build_agent(llm):
tools = load_tools(["terminal", "llm-math"]) # LLM06: dangerous tool
repl = PythonREPLTool() # LLM06: code execution
Repository owner deleted a comment from github-actions Bot Jul 13, 2026
Repository owner deleted a comment from github-actions Bot Jul 13, 2026
@github-actions

Copy link
Copy Markdown

🛡️ Rudra — GenAI/LLM Security Review

Found 4 issue(s) (1 high/critical) mapped to the OWASP LLM Top 10.

Sev Score OWASP Issue Location
🔴 8.6/10 LLM02:2025 Hardcoded OpenAI API key Calculator_GUI/sample.py:11
🟠 6.8/10 LLM04:2025 Unsafe deserialization of a model/artifact Calculator_GUI/sample.py:26
🟠 6.1/10 LLM06:2025 Agent loads dangerous tools: terminal Calculator_GUI/sample.py:30
🟠 6.1/10 LLM06:2025 Agent granted a high-privilege tool (PythonREPLTool) Calculator_GUI/sample.py:31

🔴 Hardcoded OpenAI API key — LLM02:2025 · score 8.6/10

Location: Calculator_GUI/sample.py:11 | Confidence: 95% | Reachability: 90%

openai.api_key = "sk-proj-A...[redacted]"  # LLM02: hardcoded key

Impact. A live-looking provider credential is committed in source. Anyone with repo access (or a leak) can run up cost and access your data.

Remediation. Remove the key, rotate it immediately, and load it from an environment variable or secrets manager. Add a pre-commit secret scanner.

Evidence: Deterministic detector (no LLM adjudication required).


🟠 Unsafe deserialization of a model/artifact — LLM04:2025 · score 6.8/10

Location: Calculator_GUI/sample.py:26 | Confidence: 90% | Reachability: 90%

pickle.load(fh)

Impact. pickle/dill executes arbitrary code on load. A poisoned model or cache file becomes code execution the moment it is loaded.

Remediation. Load model weights with safetensors or torch.load(..., weights_only=True). Never unpickle data from an untrusted or network source.

Evidence: Deterministic detector (no LLM adjudication required).


🟠 Agent loads dangerous tools: terminal — LLM06:2025 · score 6.1/10

Location: Calculator_GUI/sample.py:30 | Confidence: 80% | Reachability: 90%

load_tools(["terminal", "llm-math"])

Impact. These tools give the agent shell/HTTP/code capabilities exploitable via injection.

Remediation. Drop the dangerous tools or replace with narrowly-scoped, audited equivalents.

Evidence: Deterministic detector (no LLM adjudication required).


🟠 Agent granted a high-privilege tool (PythonREPLTool) — LLM06:2025 · score 6.1/10

Location: Calculator_GUI/sample.py:31 | Confidence: 80% | Reachability: 90%

PythonREPLTool()

Impact. The agent can execute shell/Python. Combined with prompt injection this is remote code execution with the app's privileges.

Remediation. Remove code/shell execution tools, or sandbox them and require human approval for each invocation. Apply least privilege to the tool set.

Evidence: Deterministic detector (no LLM adjudication required).


Funnel: 7 candidates → 4 confirmed → 4 reported · 3 suppressed as likely false positives. Reply /rudra ignore <rule-id> to baseline a finding.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants