Machine_Learning_CTF_Challenges icon indicating copy to clipboard operation
Machine_Learning_CTF_Challenges copied to clipboard
verified publisher icon alexdevassy

Dolos error for both Docker and Python versions - HTTPError: 400 Client Error: Bad Request for url: https://playground.rebuff.ai/api/detect

Open tacocat31415 opened this issue 1 year ago • 1 comments

In June 2024 I ran the software successfully. Now in Sept 2024 I am getting this error with both docker and python versions. The environment keys used do contain current API keys. Is there extract debugging I can do with python app to get more details about what it is sending to that Rebuff API endpoint?

Here is what I ran: $ sudo docker run --rm -p 5000:5000 -ti dolos_ml_ctf --rebuffkey=$REBUFF_API_KEY --openaikey=$OPENAI_API_KEY

Error occurs when any input in entered via the web UI on localhost:5000.

Here is console where docker was launched: Running...

╔╦╗╔═╗╦ ╔═╗┌─┐ ╔╦╗╦ ╔═╗╔╦╗╔═╗ ╔═╗┬ ┬┌─┐┬ ┬ ┌─┐┌┐┌┌─┐┌─┐ ║║║ ║║ ║ ║└─┐ ║║║║ ║ ║ ╠╣ ║ ├─┤├─┤│ │ ├┤ ││││ ┬├┤ ═╩╝╚═╝╩═╝╚═╝└─┘ ╩ ╩╩═╝ ╚═╝ ╩ ╚ ╚═╝┴ ┴┴ ┴┴─┘┴─┘└─┘┘└┘└─┘└─┘

Author: Alex Devassy Access http://127.0.0.1:5000/ Category: Prompt Injection Attack Description: Flag is at same directory as of flask app, [FLAG].txt. Press Ctrl+C to quit

  • Serving Flask app 'app'
  • Debug mode: off [2024-09-26 02:25:56,865] ERROR in app: Exception on /chat [POST] Traceback (most recent call last): File "/usr/local/lib/python3.10/dist-packages/flask/app.py", line 2525, in wsgi_app response = self.full_dispatch_request() File "/usr/local/lib/python3.10/dist-packages/flask/app.py", line 1822, in full_dispatch_request rv = self.handle_user_exception(e) File "/usr/local/lib/python3.10/dist-packages/flask/app.py", line 1820, in full_dispatch_request rv = self.dispatch_request() File "/usr/local/lib/python3.10/dist-packages/flask/app.py", line 1796, in dispatch_request return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args) File "/app/app.py", line 52, in chat result = rb.detect_injection(user_input) File "/usr/local/lib/python3.10/dist-packages/rebuff/rebuff.py", line 89, in detect_injection response.raise_for_status() File "/usr/local/lib/python3.10/dist-packages/requests/models.py", line 1024, in raise_for_status raise HTTPError(http_error_msg, response=self) requests.exceptions.HTTPError: 400 Client Error: Bad Request for url: https://playground.rebuff.ai/api/detect

tacocat31415 avatar Sep 26 '24 02:09 tacocat31415

only way would be to live debug the app, then rebuild docker etc i think rebuff updated their API structure and its now a malformed request

GangGreenTemperTatum avatar Sep 30 '24 23:09 GangGreenTemperTatum