northern-64bit
commited on
Commit
•
b473a0e
1
Parent(s):
17cfe40
Improve the README.md
Browse files
README.md
CHANGED
|
@@ -1 +1,59 @@
|
|
| 1 |
-
#
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
+
# AMLD SQL Injection Demo
|
| 2 |
+
|
| 3 |
+
## Introduction
|
| 4 |
+
|
| 5 |
+
Welcome to the AMLD SQL Injection Demo by Effixis for AMLD EPFL 2024! This project showcases the risks of SQL injections in web applications, particularly when using Large Language Models (LLMs). The repository includes two demonstrations: Basic SQL Injections and LLM Safeguard.
|
| 6 |
+
|
| 7 |
+
## Features
|
| 8 |
+
|
| 9 |
+
- **Basic SQL Injections (`Basic_SQL_Injections.py`):** Demonstrates the risks of direct SQL query generation by LLMs, leading to potential SQL injections.
|
| 10 |
+
- **LLM Safeguard (`pages/LLM_safeguard.py`):** Illustrates an advanced setup where an LLM Safeguard is employed to detect and filter out malicious SQL queries.
|
| 11 |
+
- **Chinook Database Integration:** Uses the Chinook sample database, representing a digital media store.
|
| 12 |
+
- **Interactive Web Interface:** Built with Streamlit, offering a user-friendly interface for interacting with both demonstrations.
|
| 13 |
+
- **Database Reset Functionality:** Allows users to reset the database to its original state for repeated tests.
|
| 14 |
+
|
| 15 |
+
## Installation
|
| 16 |
+
|
| 17 |
+
1. Clone the repository:
|
| 18 |
+
|
| 19 |
+
```bash
|
| 20 |
+
git clone https://github.com/effixis/shared-amld-sql-injection-demo.git
|
| 21 |
+
```
|
| 22 |
+
|
| 23 |
+
2. Navigate to the cloned directory:
|
| 24 |
+
|
| 25 |
+
```bash
|
| 26 |
+
cd shared-amld-sql-injection-demo
|
| 27 |
+
```
|
| 28 |
+
|
| 29 |
+
3. Install the required packages:
|
| 30 |
+
|
| 31 |
+
Activate your preferred Python environment and install the required packages using the provided `requirements.txt` file. For example, using Conda:
|
| 32 |
+
|
| 33 |
+
```bash
|
| 34 |
+
conda create -n amld-sql-injection-demo
|
| 35 |
+
conda activate amld-sql-injection-demo
|
| 36 |
+
pip install -r requirements.txt
|
| 37 |
+
```
|
| 38 |
+
|
| 39 |
+
4. Create a `.env` file in the root directory and set the OpenAI API key:
|
| 40 |
+
|
| 41 |
+
```bash
|
| 42 |
+
echo "OPENAI_API_KEY=enter_your_api_key_here" > .env
|
| 43 |
+
```
|
| 44 |
+
|
| 45 |
+
You can find your API key on the [OpenAI dashboard](https://beta.openai.com/).
|
| 46 |
+
|
| 47 |
+
## Usage
|
| 48 |
+
|
| 49 |
+
Run the Streamlit application:
|
| 50 |
+
|
| 51 |
+
```bash
|
| 52 |
+
streamlit run Basic_SQL_Injections.py
|
| 53 |
+
```
|
| 54 |
+
|
| 55 |
+
Follow the instructions on the web interface to interact with the application.
|
| 56 |
+
|
| 57 |
+
## Disclaimer
|
| 58 |
+
|
| 59 |
+
This demo is for educational purposes to showcase the risk of SQL injections using LLMs. It should not be used for malicious purposes. Users are responsible for any misuse of the tools and information provided.
|