Add Eval: name well known security weaknesses

[ourmony]

Thank you for contributing an eval! ♥️

🚨 Please make sure your PR follows these guidelines, failure to follow the guidelines below will result in the PR being closed automatically. Note that even if the criteria are met, that does not guarantee the PR will be merged nor GPT-4 access be granted. 🚨

PLEASE READ THIS:

In order for a PR to be merged, it must fail on GPT-4. We are aware that right now, users do not have access, so you will not be able to tell if the eval fails or not. Please run your eval with GPT-3.5-Turbo, but keep in mind as we run the eval, if GPT-4 gets higher than 90% on the eval, we will likely reject it since GPT-4 is already capable of completing the task.

We plan to roll out a way for users submitting evals to see the eval performance on GPT-4 soon. Stay tuned! Until then, you will not be able to see the eval performance on GPT-4. Starting April 10, the minimum eval count is 15 samples, we hope this makes it easier to create and contribute evals.

Also, please note that we're using Git LFS for storing the JSON files, so please make sure that you move the JSON file to Git LFS before submitting a PR. Details on how to use Git LFS are available here.

Eval details 📑

Eval name

name well known security weaknesses

Eval description

Test the model's ability to name well known security weaknesses (english, not weakness IDs)
As an example, a product that "uses external input to construct a pathname that should be within a restricted directory, but does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory." should be recognized as "Path Traversal"

What makes this a useful eval?

because to make safe system and software, engineers (often interacting with LLMs) need the ability to properly identify anti-patterns and weaknesses to address them and avoid introducing vulnerabilities into real-world operations.

Criteria for a good eval ✅

Below are some of the criteria we look for in a good eval. In general, we are seeking cases where the model does not do a good job despite being capable of generating a good response (note that there are some things large language models cannot do, so those would not make good evals).

Your eval should be:

• [X ] Thematically consistent: The eval should be thematically consistent. We'd like to see a number of prompts all demonstrating some particular failure mode. For example, we can create an eval on cases where the model fails to reason about the physical world.
• [X ] Contains failures where a human can do the task, but either GPT-4 or GPT-3.5-Turbo could not.
• [ X] Includes good signal around what is the right behavior. This means either a correct answer for Basic evals or the Fact Model-graded eval, or an exhaustive rubric for evaluating answers for the Criteria Model-graded eval.
• [ X] Include at least 15 high-quality examples.

If there is anything else that makes your eval worth including, please document it below.

Unique eval value

Insert what makes your eval high quality that was not mentioned above. (Not required)

Eval structure 🏗️

Your eval should

• [X ] Check that your data is in evals/registry/data/{name}
• [ X] Check that your YAML is registered at evals/registry/evals/{name}.yaml
• [ X] Ensure you have the right to use the data you submit via this eval

(For now, we will only be approving evals that use one of the existing eval classes. You may still write custom eval classes for your own cases, and we may consider merging them in the future.)

Final checklist 👀

Submission agreement

By contributing to Evals, you are agreeing to make your evaluation logic and data under the same MIT license as this repository. You must have adequate rights to upload any data used in an Eval. OpenAI reserves the right to use this data in future service improvements to our product. Contributions to OpenAI Evals will be subject to our usual Usage Policies (https://platform.openai.com/docs/usage-policies).

• [X ] I agree that my submission will be made available under an MIT license and complies with OpenAI's usage policies.

Email address validation

If your submission is accepted, we will be granting GPT-4 access to a limited number of contributors. Access will be given to the email address associated with the commits on the merged pull request.

• [ X] I acknowledge that GPT-4 access will only be granted, if applicable, to the email address used for my merged pull request.

Limited availability acknowledgment

We know that you might be excited to contribute to OpenAI's mission, help improve our models, and gain access to GPT-4. However, due to the requirements mentioned above and the high volume of submissions, we will not be able to accept all submissions and thus not grant everyone who opens a PR GPT-4 access. We know this is disappointing, but we hope to set the right expectation before you open this PR.

• [ X] I understand that opening a PR, even if it meets the requirements above, does not guarantee the PR will be merged nor GPT-4 access be granted.

Submit eval

• [X ] I have filled out all required fields of this form
• [X ] I have used Git LFS for the Eval JSON data
• (Ignore if not submitting code) I have run pip install pre-commit; pre-commit install and have verified that mypy, black, isort, autoflake and ruff are running when I commit and push

Failure to fill out all required fields will result in the PR being closed.

Eval JSON data

Since we are using Git LFS, we are asking eval submitters to add in as many Eval Samples (at least 5) from their contribution here:

View evals in JSON

Eval

{"input": [{"role": "user", "content": "You are a security practitioner fulfilling a task accurately to name security weaknesses (CWEs). Please note: For this task, it is important that you only respond with a single line using only a few words naming the weakness, no numeric identifier."}, {"role": "user", "content": "Debugging messages help attackers learn about the system and plan a form of attack."}], "ideal": ["Debug Misconfiguration","Security Misconfiguration"]}
{"input": [{"role": "system", "content": "You are a security practitioner fulfilling a task accurately to name security weaknesses (CWEs). Please note: For this task, it is important that you only respond with a single line using only a few words naming the weakness, no numeric identifier."}, {"role": "user", "content": "Storing a plaintext password in a configuration file allows anyone who can read the file access to the password-protected resource making them an easy target for attackers."}], "ideal": ["Hardcoded Credentials","Security Misconfiguration"]}
{"input": [{"role": "system", "content": "You are a security practitioner fulfilling a task accurately to name security weaknesses (CWEs). Please note: For this task, it is important that you only respond with a single line using only a few words naming the weakness, no numeric identifier."}, {"role": "user", "content": "One or more system settings or configuration elements can be externally controlled by a user."}], "ideal": ["External Control of System or Configuration Setting","Security Misconfiguration"]}
{"input": [{"role": "system", "content": "You are a security practitioner fulfilling a task accurately to name security weaknesses (CWEs). Please note: For this task, it is important that you only respond with a single line using only a few words naming the weakness, no numeric identifier."}, {"role": "user", "content": "The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly."}], "ideal": ["Improper Input Validation","Injection"]}
{"input": [{"role": "system", "content": "You are a security practitioner fulfilling a task accurately to name security weaknesses (CWEs). Please note: For this task, it is important that you only respond with a single line using only a few words naming the weakness, no numeric identifier."}, {"role": "user", "content": "The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory."}], "ideal": ["Path Traversal","Broken Access Control"]}
{"input": [{"role": "system", "content": "You are a security practitioner fulfilling a task accurately to name security weaknesses (CWEs). Please note: For this task, it is important that you only respond with a single line using only a few words naming the weakness, no numeric identifier."}, {"role": "user", "content": "The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as .. that can resolve to a location that is outside of that directory."}], "ideal": ["Relative Path Traversal","Broken Access Control"]}
{"input": [{"role": "system", "content": "You are a security practitioner fulfilling a task accurately to name security weaknesses (CWEs). Please note: For this task, it is important that you only respond with a single line using only a few words naming the weakness, no numeric identifier."}, {"role": "user", "content": "The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory."}], "ideal": ["Path Traversal","Broken Access Control"]}

[usama-openai]

Thanks for the contribution. I would like to request some changes.

1. The evaluation method being used to evaluate the answer is Match, which only works when an exact match is found. The user needs to provide very specific instructions to the model about the output format, and the ideal answer should be in that expected format. In this dataset, the model is being instructed to name the security weakness. The model may provide the correct answer, but in a way that may differ from the ideal answer. Also, no clear instructions are provided to the model about the exact output format. Although the instructions are provided as respond with a single line using only a few words, it doesn't imply exactly in what format the user wants the answer.

   I would recommend you convert the questions into MCQs, ask the model to reason before answering, and format the final answer in square brackets like [A]. The ideal answer should be provided as [A], and Includes evaluation method should be used. Asking the model to reason will give the model a proper chance to reason before answering, and the proper formatting will help in identifying the final answer using the Includes method.

2. The Eval registry is stored using GIT-LFS which means the .jsonl file should be added as an lfs file. Kindly update your PR and add the .jsonl file as lfs.

3. Kindly revert all the changes in the .gitattributes file. You don't need to make any changes to this file. If git lfs is properly installed, the required files will automatically be pushed as lfs files.

We would love to review the PR again after the suggested changes.