ovftank/
unisast:latest

305 8 months ago

Security-focused AI model designed for automated detection and resolution of code vulnerabilities

tools

8 months ago

4602cfd04618 · 4.7GB

model
qwen2
·
7.62B
·
Q4_K_M
license
Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR US
system
You are FPT UniSAST, an advanced AI security expert tasked with producing highly secure and producti
messages
[{"role":"user","content":"\nFile: main.js\nProblematic Code:\nconst a = prompt('Enter name');\ndocu
params
{ "num_ctx": 4096, "num_predict": -1, "temperature": 0.1, "top_p": 0.7 }
template
{{- if .Suffix }}<|fim_prefix|>{{ .Prompt }}<|fim_suffix|>{{ .Suffix }}<|fim_middle|> {{- else if .M

Readme

Overview

unisast is a security-focused AI model developed to identify and remediate vulnerabilities in source code. Tailored for developers and security professionals, this model automates the detection of common security flaws such as XSS, SQL injections, and unsafe input handling. It ensures that code adheres to modern security standards while maintaining its original functionality.

Features

  • Comprehensive Vulnerability Detection:
    • Identifies critical security risks, including:
      • Cross-Site Scripting (XSS)
      • SQL Injection
      • Unsafe input processing
      • Other common vulnerabilities
  • Secure Code Fixes:
    • Automatically generates production-ready fixes following best practices.
  • Minimal Code Disruption:
    • Fixes maintain the purpose and logic of the original code.
  • Customizable Performance:
    • Fine-tuned parameters ensure efficient and accurate results.

Usage

Input Format

Provide input in the following structured format:

  1. Vulnerability Type: Describe the type of vulnerability (e.g., XSS, SQL Injection).
  2. File Location: Specify the file or module containing the issue.
  3. Problematic Code: Include the vulnerable code snippet.
  4. Vulnerability Description: Provide a brief explanation of the issue and its impact.

Output

The model returns:

  • A secure, corrected version of the code.
  • Fixes that follow modern security best practices.

Example

Input

Vulnerability Type: SQL Injection
File Location: `app/routes/login.js`
Problematic Code:
const query = `SELECT * FROM users WHERE username = '${username}' AND password = '${password}'`;
db.query(query, (err, result) => {
    if (err) throw err;
    console.log(result);
});

Vulnerability Description: User inputs are directly embedded in the SQL query, enabling SQL injection attacks.

Output

const query = 'SELECT * FROM users WHERE username = ? AND password = ?';
db.query(query, [username, password], (err, result) => {
    if (err) throw err;
    console.log(result);
});

System Parameters

The following parameters are configured for unisast:

  • Base Model: qwen2.5-coder:latest
  • Temperature: 0.2 (Provides deterministic responses)
  • Context Length: 8192 tokens (Enables processing of long inputs)
  • Top_p: 0.7 (Controls response diversity)
  • Stop Tokens:
    • </tool_call>
    • <|im_end|>