brad/LLM_Engineering_OLD
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add files via upload

Browse Source
This commit is contained in:
gulsahdemiryurek
2025-07-10 15:56:40 +03:00
committed by GitHub
parent 76d1c888ff
commit 1ed52bfb81
2 changed files with 180 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

156
week1/community-contributions/day1_check_source_for_security_vuln.ipynb Normal file
View File

@@ -0,0 +1,156 @@
{
"cells": [
{
"cell_type": "code",
"execution_count": null,
"id": "e95fa36b-7118-4fd8-a3b2-b4424bda2178",
"metadata": {},
"outputs": [],
"source": [
"import os\n",
"import requests\n",
"from dotenv import load_dotenv\n",
"from bs4 import BeautifulSoup\n",
"from IPython.display import Markdown, display\n",
"from openai import OpenAI\n"
]
},
{
"cell_type": "code",
"execution_count": null,
"id": "a0356762-4a3f-437a-908e-192aa9c804c7",
"metadata": {},
"outputs": [],
"source": [
"load_dotenv(override=True)\n",
"api_key = os.getenv('OPENAI_API_KEY')\n",
"\n",
"# Check the key\n",
"\n",
"if not api_key:\n",
" print(\"No API key was found - please head over to the troubleshooting notebook in this folder to identify & fix!\")\n",
"elif not api_key.startswith(\"sk-proj-\"):\n",
" print(\"An API key was found, but it doesn't start sk-proj-; please check you're using the right key - see troubleshooting notebook\")\n",
"elif api_key.strip() != api_key:\n",
" print(\"An API key was found, but it looks like it might have space or tab characters at the start or end - please remove them - see troubleshooting notebook\")\n",
"else:\n",
" print(\"API key found and looks good so far!\")\n"
]
},
{
"cell_type": "code",
"execution_count": null,
"id": "eb747863-30bd-4a0b-b359-b37223884075",
"metadata": {},
"outputs": [],
"source": [
"openai = OpenAI()\n",
"message = \"Hello, GPT! This is my first ever message to you! Hi!\"\n",
"response = openai.chat.completions.create(model=\"gpt-4o-mini\", messages=[{\"role\":\"user\", \"content\":message}])\n",
"print(response.choices[0].message.content)"
]
},
{
"cell_type": "code",
"execution_count": null,
"id": "fae60901-3564-4f26-a812-fc16d3b95bdb",
"metadata": {},
"outputs": [],
"source": [
"def get_page_source(url):\n",
" response = requests.get(url)\n",
" response.raise_for_status() # Hata varsa bildirir\n",
" return response.text # Ham HTML metni döner\n",
"\n",
"system_prompt = \"You are an assistant analyzing the source of a website and checking for security vulnerabilities.\"\n",
"\n",
"def user_prompt_for(url):\n",
" user_prompt = \"Below is the HTML source of the website:\\n\\n\"\n",
" user_prompt += get_page_source(url) \n",
" user_prompt += \"\\n\\nPlease check this website and search for security vulnerabilities. \"\n",
" user_prompt += \"If you don't find any, print 'No vulnerability found.' \"\n",
" user_prompt += \"If you find a potential vulnerability risk, describe the vulnerability risk and print 'Potential Vulnerability Risk'.\"\n",
" user_prompt += \"If you find a direct, explicit vulnerability, describe the vulnerability and CVSS Score print 'ATTENTION! Vulnerability is Found.'\"\n",
" user_prompt += \"If you find both a potential vulnerability risk and a direct, explicit vulnerability, describe them and CVSS Score print 'ATTENTION! Potential Vulnerability Risk and Direct Vulnerability are Found!!'\"\n",
" return user_prompt\n",
"\n",
"def messages_for(url):\n",
" return [\n",
" {\"role\": \"system\", \"content\": system_prompt},\n",
" {\"role\": \"user\", \"content\": user_prompt_for(url)}\n",
" ]\n",
"\n",
"def check_vuln(url):\n",
" response = openai.chat.completions.create(\n",
" model = \"gpt-4o-mini\",\n",
" messages = messages_for(url)\n",
" )\n",
" return response.choices[0].message.content\n",
"\n"
]
},
{
"cell_type": "code",
"execution_count": null,
"id": "e048c27f-f659-4c92-a47c-679bf6e5bf5f",
"metadata": {},
"outputs": [],
"source": [
"def display_vuln(url):\n",
" display_vuln = check_vuln(url)\n",
" display(Markdown(display_vuln))"
]
},
{
"cell_type": "code",
"execution_count": null,
"id": "69f5852f-ca5b-4933-b93c-e9f2d401467a",
"metadata": {},
"outputs": [],
"source": [
"display_vuln(\"https://edwarddonner.com\")"
]
},
{
"cell_type": "code",
"execution_count": null,
"id": "824943fc-e5a5-424a-abec-56767a709782",
"metadata": {},
"outputs": [],
"source": [
"display_vuln(\"http://192.168.1.113/\") #local apache server IP, contains xss_vulnerable_example.html"
]
},
{
"cell_type": "code",
"execution_count": null,
"id": "e3543846-e0c6-4504-8b65-2f675f0f7ebe",
"metadata": {},
"outputs": [],
"source": [
"display_vuln(\"https://www.google.com\")"
]
}
],
"metadata": {
"kernelspec": {
"display_name": "Python 3 (ipykernel)",
"language": "python",
"name": "python3"
},
"language_info": {
"codemirror_mode": {
"name": "ipython",
"version": 3
},
"file_extension": ".py",
"mimetype": "text/x-python",
"name": "python",
"nbconvert_exporter": "python",
"pygments_lexer": "ipython3",
"version": "3.11.13"
}
},
"nbformat": 4,
"nbformat_minor": 5
}

24
week1/community-contributions/xss_vulnerable_example.html Normal file
View File

@@ -0,0 +1,24 @@
<!-- xss_vulnerable.html -->
<!DOCTYPE html>
<html>
<head>
<title>XSS Vulnerability Example</title>
</head>
<body>
<h1>Leave a Comment</h1>
<form method="GET">
<input type="text" name="comment" placeholder="Enter your comment" />
<input type="submit" value="Submit" />
</form>
<h2>Your Comment:</h2>
<p>
<!-- Vulnerable: User input is printed directly without sanitization -->
<!-- Example attack: ?comment=<script>alert('xss')</script> -->
<script>
const params = new URLSearchParams(window.location.search);
document.write(params.get("comment"));
</script>
</p>
</body>
</html>