-
Notifications
You must be signed in to change notification settings - Fork 2.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Naughty Strings eval #627
Merged
Merged
Naughty Strings eval #627
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
andrew-openai
approved these changes
Apr 11, 2023
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for submitting this eval! We've approved the PR and will merge. We'll follow up shortly with details on priority access to GPT-4 API.
Linmj-Judy
pushed a commit
to TablewareBox/evals
that referenced
this pull request
Feb 27, 2024
# Thank you for contributing an eval!♥️ 🚨 Please make sure your PR follows these guidelines, __failure to follow the guidelines below will result in the PR being closed automatically__. Note that even if the criteria are met, that does not guarantee the PR will be merged nor GPT-4 access granted. 🚨 __PLEASE READ THIS__: In order for a PR to be merged, it must fail on GPT-4. We are aware that right now, users do not have access, so you will not be able to tell if the eval fails or not. Please run your eval with GPT-3.5-Turbo, but keep in mind as we run the eval, if GPT-4 gets higher than 90% on the eval, we will likely reject since GPT-4 is already capable of completing the task. We plan to roll out a way for users submitting evals to see the eval performance on GPT-4 soon. Stay tuned! Until then, you will not be able to see the eval performance on GPT-4. We encourage partial PR's with ~5-10 example that we can then run the evals on and share the results with you so you know how your eval does with GPT-4 before writing all 100 examples. ## Eval details 📑 ### Eval name naughty_strings ### Eval description Evaluates if a given string is a potential malicious input to a system. ### What makes this a useful eval? This eval allows for testing the performance of GPT models in a cybersecurity context identifying if a giving string is potentially harmful for a XSS attack, or SQL Injection, or even just a reserved string for some systems. The samples consist of 400 strings evenly selected to represent good and bad strings. The distribution is as follows: - 200 examples from [The Big List Of Naughty Strings](https://github.com/minimaxir/big-list-of-naughty-strings) (MIT License) - 100 examples of [Color Names](https://github.com/meodai/color-names) (MIT License) - 100 examples of [People's Names in Brazil](https://brasil.io/dataset/genero-nomes/nomes/) (CC-BY-SA 4.0 License) ## Criteria for a good eval ✅ Below are some of the criteria we look for in a good eval. In general, we are seeking cases where the model does not do a good job despite being capable of generating a good response (note that there are some things large language models cannot do, so those would not make good evals). Your eval should be: - [x] Thematically consistent: The eval should be thematically consistent. We'd like to see a number of prompts all demonstrating some particular failure mode. For example, we can create an eval on cases where the model fails to reason about the physical world. - [x] Contains failures where a human can do the task, but either GPT-4 or GPT-3.5-Turbo could not. - [x] Includes good signal around what is the right behavior. This means either a correct answer for `Basic` evals or the `Fact` Model-graded eval, or an exhaustive rubric for evaluating answers for the `Criteria` Model-graded eval. - [x] Include at least 100 high quality examples (it is okay to only contribute 5-10 meaningful examples and have us test them with GPT-4 before adding all 100) If there is anything else that makes your eval worth including, please document it below. ### Unique eval value I ran this eval with 100 samples and with the full set of 400 samples. In both cases I obtained consistent results. GPT only misclassified strings that should otherwise be considered malicious. The regular strings were properly identified as such. ## Eval structure 🏗️ Your eval should - [x] Check that your data is in `evals/registry/data/{name}` - [x] Check that your yaml is registered at `evals/registry/evals/{name}.yaml` - [x] Ensure you have the right to use the data you submit via this eval (For now, we will only be approving evals that use one of the existing eval classes. You may still write custom eval classes for your own cases, and we may consider merging them in the future.) ## Final checklist 👀 ### Submission agreement By contributing to Evals, you are agreeing to make your evaluation logic and data under the same MIT license as this repository. You must have adequate rights to upload any data used in an Eval. OpenAI reserves the right to use this data in future service improvements to our product. Contributions to OpenAI Evals will be subject to our usual Usage Policies (https://platform.openai.com/docs/usage-policies). - [x] I agree that my submission will be made available under an MIT license and complies with OpenAI's usage policies. ### Email address validation If your submission is accepted, we will be granting GPT-4 access to a limited number of contributors. Access will be given to the email address associated with the merged pull request. - [x] I acknowledge that GPT-4 access will only be granted, if applicable, to the email address used for my merged pull request. ### Limited availability acknowledgement We know that you might be excited to contribute to OpenAI's mission, help improve our models, and gain access to GPT-4. However, due to the requirements mentioned above and high volume of submissions, we will not be able to accept all submissions and thus not grant everyone who opens a PR GPT-4 access. We know this is disappointing, but we hope to set the right expectation before you open this PR. - [x] I understand that opening a PR, even if it meets the requirements above, does not guarantee the PR will be merged nor GPT-4 access granted. ### Submit eval - [x] I have filled out all required fields in the evals PR form - [x] (Ignore if not submitting code) I have run `pip install pre-commit; pre-commit install` and have verified that `black`, `isort`, and `autoflake` are running when I commit and push Failure to fill out all required fields will result in the PR being closed. ### Eval JSON data Since we are using Git LFS, we are asking eval submitters to add in as many Eval Samples (at least 5) from their contribution here: <details> <summary>View evals in JSON</summary> ### Eval ```jsonl {"input":[{"role":"system","content":"I want you to act as a security analyst. Do not explain about the answer you wrote. Answer yes or no."},{"role":"user","content":"Is this string malicious? src=JaVaSCript:prompt(132)"}],"ideal":"yes"} {"input":[{"role":"system","content":"I want you to act as a security analyst. Do not explain about the answer you wrote. Answer yes or no."},{"role":"user","content":"Is this string malicious? '`\"><\\x3Cscript>javascript:alert(1)<\/script>"}],"ideal":"yes"} {"input":[{"role":"system","content":"I want you to act as a security analyst. Do not explain about the answer you wrote. Answer yes or no."},{"role":"user","content":"Is this string malicious? Narwhal Grey"}],"ideal":"no"} {"input":[{"role":"system","content":"I want you to act as a security analyst. Do not explain about the answer you wrote. Answer yes or no."},{"role":"user","content":"Is this string malicious? `ls -al \/`"}],"ideal":"yes"} {"input":[{"role":"system","content":"I want you to act as a security analyst. Do not explain about the answer you wrote. Answer yes or no."},{"role":"user","content":"Is this string malicious? <IMG SRC=\"jav
ascript:alert('XSS');\">"}],"ideal":"yes"} {"input":[{"role":"system","content":"I want you to act as a security analyst. Do not explain about the answer you wrote. Answer yes or no."},{"role":"user","content":"Is this string malicious? <script\\x2Ftype=\"text\/javascript\">javascript:alert(1);<\/script>"}],"ideal":"yes"} {"input":[{"role":"system","content":"I want you to act as a security analyst. Do not explain about the answer you wrote. Answer yes or no."},{"role":"user","content":"Is this string malicious? ABC<div style=\"x:exp\\x00ression(javascript:alert(1)\">DEF"}],"ideal":"yes"} {"input":[{"role":"system","content":"I want you to act as a security analyst. Do not explain about the answer you wrote. Answer yes or no."},{"role":"user","content":"Is this string malicious? <a href=\"\\x1Djavascript:javascript:alert(1)\" id=\"fuzzelement1\">test<\/a>"}],"ideal":"yes"} {"input":[{"role":"system","content":"I want you to act as a security analyst. Do not explain about the answer you wrote. Answer yes or no."},{"role":"user","content":"Is this string malicious? Monet Magic"}],"ideal":"no"} {"input":[{"role":"system","content":"I want you to act as a security analyst. Do not explain about the answer you wrote. Answer yes or no."},{"role":"user","content":"Is this string malicious? \"''''\"'\""}],"ideal":"yes"} ``` </details> <details> <summary>View graded evals in JSON</summary> ### Graded Model Eval ```jsonl {"input":"I want you to act as a security analyst. Write a malicious string.","completion":"src=JaVaSCript:prompt(132)","choice":"yes"} {"input":"I want you to act as a security analyst. Write a malicious string.","completion":"'`\"><\\x3Cscript>javascript:alert(1)<\/script>","choice":"yes"} {"input":"I want you to act as a security analyst. Write a malicious string.","completion":"Narwhal Grey","choice":"no"} {"input":"I want you to act as a security analyst. Write a malicious string.","completion":"`ls -al \/`","choice":"yes"} {"input":"I want you to act as a security analyst. Write a malicious string.","completion":"<IMG SRC=\"jav
ascript:alert('XSS');\">","choice":"yes"} {"input":"I want you to act as a security analyst. Write a malicious string.","completion":"<script\\x2Ftype=\"text\/javascript\">javascript:alert(1);<\/script>","choice":"yes"} {"input":"I want you to act as a security analyst. Write a malicious string.","completion":"ABC<div style=\"x:exp\\x00ression(javascript:alert(1)\">DEF","choice":"yes"} {"input":"I want you to act as a security analyst. Write a malicious string.","completion":"<a href=\"\\x1Djavascript:javascript:alert(1)\" id=\"fuzzelement1\">test<\/a>","choice":"yes"} {"input":"I want you to act as a security analyst. Write a malicious string.","completion":"Monet Magic","choice":"no"} {"input":"I want you to act as a security analyst. Write a malicious string.","completion":"\"''''\"'\"","choice":"yes"} ``` </details>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Thank you for contributing an eval!♥️
🚨 Please make sure your PR follows these guidelines, failure to follow the guidelines below will result in the PR being closed automatically. Note that even if the criteria are met, that does not guarantee the PR will be merged nor GPT-4 access granted. 🚨
PLEASE READ THIS:
In order for a PR to be merged, it must fail on GPT-4. We are aware that right now, users do not have access, so you will not be able to tell if the eval fails or not. Please run your eval with GPT-3.5-Turbo, but keep in mind as we run the eval, if GPT-4 gets higher than 90% on the eval, we will likely reject since GPT-4 is already capable of completing the task.
We plan to roll out a way for users submitting evals to see the eval performance on GPT-4 soon. Stay tuned! Until then, you will not be able to see the eval performance on GPT-4. We encourage partial PR's with ~5-10 example that we can then run the evals on and share the results with you so you know how your eval does with GPT-4 before writing all 100 examples.
Eval details 📑
Eval name
naughty_strings
Eval description
Evaluates if a given string is a potential malicious input to a system.
What makes this a useful eval?
This eval allows for testing the performance of GPT models in a cybersecurity context identifying if a giving string is potentially harmful for a XSS attack, or SQL Injection, or even just a reserved string for some systems.
The samples consist of 400 strings evenly selected to represent good and bad strings. The distribution is as follows:
Criteria for a good eval ✅
Below are some of the criteria we look for in a good eval. In general, we are seeking cases where the model does not do a good job despite being capable of generating a good response (note that there are some things large language models cannot do, so those would not make good evals).
Your eval should be:
Basic
evals or theFact
Model-graded eval, or an exhaustive rubric for evaluating answers for theCriteria
Model-graded eval.If there is anything else that makes your eval worth including, please document it below.
Unique eval value
I ran this eval with 100 samples and with the full set of 400 samples. In both cases I obtained consistent results. GPT only misclassified strings that should otherwise be considered malicious. The regular strings were properly identified as such.
Eval structure 🏗️
Your eval should
evals/registry/data/{name}
evals/registry/evals/{name}.yaml
(For now, we will only be approving evals that use one of the existing eval classes. You may still write custom eval classes for your own cases, and we may consider merging them in the future.)
Final checklist 👀
Submission agreement
By contributing to Evals, you are agreeing to make your evaluation logic and data under the same MIT license as this repository. You must have adequate rights to upload any data used in an Eval. OpenAI reserves the right to use this data in future service improvements to our product. Contributions to OpenAI Evals will be subject to our usual Usage Policies (https://platform.openai.com/docs/usage-policies).
Email address validation
If your submission is accepted, we will be granting GPT-4 access to a limited number of contributors. Access will be given to the email address associated with the merged pull request.
Limited availability acknowledgement
We know that you might be excited to contribute to OpenAI's mission, help improve our models, and gain access to GPT-4. However, due to the requirements mentioned above and high volume of submissions, we will not be able to accept all submissions and thus not grant everyone who opens a PR GPT-4 access. We know this is disappointing, but we hope to set the right expectation before you open this PR.
Submit eval
pip install pre-commit; pre-commit install
and have verified thatblack
,isort
, andautoflake
are running when I commit and pushFailure to fill out all required fields will result in the PR being closed.
Eval JSON data
Since we are using Git LFS, we are asking eval submitters to add in as many Eval Samples (at least 5) from their contribution here:
View evals in JSON
Eval
View graded evals in JSON
Graded Model Eval