Add Codex vuln detector #1498
Add Codex vuln detector #1498
Conversation
The detector requires: - The user to use the flag `--codex` (meaning that codex is not ran by default) - `openai` must be installed, and `OPENAI_API_KEY` set The detector works at the contract level, and send the whole contract body to codex
|
This pull request introduces 1 alert when merging c02231f into 0dc2a49 - view on LGTM.com new alerts:
Heads-up: LGTM.com's PR analysis will be disabled on the 5th of December, and LGTM.com will be shut down ⏻ completely on the 16th of December 2022. Please enable GitHub code scanning, which uses the same CodeQL engine ⚙️ that powers LGTM.com. For more information, please check out our post on the GitHub blog. |
|
This pull request introduces 1 alert when merging 5763c74 into 0dc2a49 - view on LGTM.com new alerts:
Heads-up: LGTM.com's PR analysis will be disabled on the 5th of December, and LGTM.com will be shut down ⏻ completely on the 16th of December 2022. Please enable GitHub code scanning, which uses the same CodeQL engine ⚙️ that powers LGTM.com. For more information, please check out our post on the GitHub blog. |
slither/detectors/functions/codex.py
Outdated
| openai.api_key = api_key | ||
|
|
||
| for contract in self.compilation_unit.contracts: | ||
| prompt = "Is there a vulnerability in this solidity contracts?\n" |
There was a problem hiding this comment.
Not sure why, but no matter what contract I used, I kept getting "No vulnerabilities found". When I changed the prompt up to something like "Analyze this contract and report the vulns" It started working for me.
slither/detectors/functions/codex.py
Outdated
| end = src_mapping.start + src_mapping.length | ||
| prompt += content[start:end] | ||
| answer = openai.Completion.create( # type: ignore | ||
| model="text-davinci-003", prompt=prompt, temperature=0, max_tokens=200 |
There was a problem hiding this comment.
I've been playing around with these numbers temperature and max_tokens but haven't noticed a big difference. I think it would be nice if these were all parameterized. I'll be submitting a pr based on this branch that does that.
slither/__main__.py
Outdated
| "--codex", | ||
| help="Enable codex (require an OpenAI API Key)", | ||
| action="store_true", | ||
| default=False, |
There was a problem hiding this comment.
Should we add this key to the defaults_flag_in_config dict?
Refactor functions/codex Minor improvements
|
This pull request introduces 1 alert when merging f62433b into 0dc2a49 - view on LGTM.com new alerts:
Heads-up: LGTM.com's PR analysis will be disabled on the 5th of December, and LGTM.com will be shut down ⏻ completely on the 16th of December 2022. Please enable GitHub code scanning, which uses the same CodeQL engine ⚙️ that powers LGTM.com. For more information, please check out our post on the GitHub blog. |
The detector requires:
--codex(meaning that codex is not ran by default)openaimust be installed, andOPENAI_API_KEYsetThe detector works at the contract level, and send the whole contract body to codex