Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Introducing new team member Quark Script Agent #37

Merged
merged 10 commits into from
Jul 27, 2024
Merged

Introducing new team member Quark Script Agent #37

merged 10 commits into from
Jul 27, 2024

Conversation

pulorsok
Copy link
Member

@pulorsok pulorsok commented Jul 26, 2024
edited
Loading

Quark Script Agent

Introducing Quark's new member, the Quark Script Agent, the first AI assistant in the Quark team. This agent enables users to perform analyses using natural language, without the need for programming or scripting expertise, making the process simple and user-friendly.

The Quark Script Agent integrates with LangChain, which utilizes OpenAI's large language models to act as a bridge between natural language and the Quark Script API. LangChain defines the Quark Script API as a tool that large language models can understand and use. This means that users can easily call new analysis APIs using natural language commands by simply adding new tools as needed.

Showcase: Detecting CWE-798 with Quark Script Agent

Here's an example of using the Quark Script Agent with the quarkScriptAgent.py. This agent can currently detect CWE-798 vulnerability in the ovaa.apk. See the details below.

Quick Start

  1. clone the repository:
git clone https://github.com/quark-engine/quark-script.git
  1. Install the required packages:
pip install -r requirements.txt
  1. Run the script:
python quarkScriptAgent.py
  1. Result:
截圖 2024-07-26 下午3 39 12

Decode the Prompts

Here are two prompts, each for executing different analysis processes.

1st Prompt: Initialize the rule instance with the rule path set to "rule.json"

Used Quark Script APIs/Tools that LLM used: Rule()

2nd Prompt: Run Quark Analysis using the rule instance on the apk sample "ovaa.apk", 
            and Check if the parameters are hard-coded. If yes, display the hard-coded values.

Used Quark Script APIs/Tools that LLM used: runQuarkAnalysis(), getParameterValues() and isHardCoded()

The Rule(), runQuarkAnalysis(), getParameterValues(), and isHardCoded() functions are treated as tools within LangChain, enabling them to be invoked through the gpt-4o model to analyze and identify CWE-798 vulnerabilities in the ovaa.apk sample.

截圖 2024-07-26 下午9 25 23
  • Notes:
    1. Since LangChain currently does not support passing Python instances between tools, we are temporarily using global variables to pass parameters between tools in quarkScriptAgent.py.
    2. Place the rules, samples, and quarkScriptAgent.py in the same folder; the LLM will automatically find files with matching names.
    3. A web GUI is under construction, please stay tuned!

@18z
Copy link
Member

18z commented Jul 26, 2024
edited
Loading

Quark Script Agent

Introducing Quark's new member, the Quark Script Agent, the first AI assistant in the Quark team. This agent enables users to perform analyses using natural language, without the need for programming or scripting expertise, making the process simple and user-friendly.

The Quark Script Agent integrates with LangChain, which utilizes OpenAI's large language models to act as a bridge between natural language and the Quark Script API. LangChain defines the Quark Script API as a tool that large language models can understand and use. This means that users can easily call new analysis APIs using natural language commands by simply adding new tools as needed.

Showcase: Detecting CWE-798 with Quark Script Agent

Here's an example of using the Quark Script Agent with the quarkScriptAgent.py. This agent can currently detect CWE-798 vulnerability in the ovaa.apk. See the details below.

Installation

To install the Quark Script Agent, you need to install the following dependencies:

  1. clone the repository:
git clone https://github.com/quark-engine/quark-script.git
  1. Install the required packages:
pip install -r requirements.txt
  1. Run the script:
python quarkScriptAgent.py

Result

截圖 2024-07-26 下午3 39 12

Decode the Prompts

Here are two prompts, each for executing different analysis processes.

1st Prompt: Initialize the rule instance with the rule path set to "rule.json"

Used Quark Script APIs/Tools that LLM used: Rule()

2nd Prompt: Run Quark Analysis using the rule instance on the apk sample "ovaa.apk", 
            and Check if the parameters are hard-coded. If yes, display the hard-coded values.

Used Quark Script APIs/Tools that LLM used: runQuarkAnalysis(), getParameterValues() and isHardCoded()

The Rule(), runQuarkAnalysis(), getParameterValues(), and isHardCoded() functions are treated as tools within LangChain, enabling them to be invoked through the gpt-4o model to analyze and identify CWE-798 vulnerabilities in the ovaa.apk sample.

截圖 2024-07-26 下午3 40 32
  • Notes:
    1. Since LangChain currently does not support passing Python instances between tools, we are temporarily using global variables to pass parameters between tools in quarkScriptAgent.py.
    2. This is a POC (Prove of Concept) the paths of the apk file and the rule file are hard-coded in the quarkScriptAgent.py
    3. A web GUI is under construction, please stay tuned!

@haeter525 haeter525 self-requested a review July 26, 2024 14:10
@haeter525 haeter525 self-assigned this Jul 26, 2024
haeter525
haeter525 reviewed Jul 26, 2024
View reviewed changes
quarkScriptAgent.py Outdated Show resolved Hide resolved
haeter525
haeter525 requested changes Jul 26, 2024
View reviewed changes
quarkScriptAgent.py Outdated Show resolved Hide resolved
quarkScriptAgent.py Outdated Show resolved Hide resolved
quarkScriptAgent.py Outdated Show resolved Hide resolved
quarkScriptAgent.py Show resolved Hide resolved
haeter525
haeter525 requested changes Jul 27, 2024
View reviewed changes
quarkScriptAgent.py Outdated Show resolved Hide resolved
quarkScriptAgent.py Outdated Show resolved Hide resolved
quarkScriptAgent.py Outdated Show resolved Hide resolved
haeter525
haeter525 approved these changes Jul 27, 2024
View reviewed changes
Copy link
Member

@haeter525 haeter525 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Thank @pulorsok !

@haeter525 haeter525 merged commit e5ef717 into quark-engine:main Jul 27, 2024
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@haeter525 haeter525 haeter525 approved these changes

Assignees

@haeter525 haeter525

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@pulorsok @18z @haeter525