azure-ai-evaluation 1.5.0__py3-none-any.whl → 1.6.0__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of azure-ai-evaluation might be problematic. Click here for more details.
- azure/ai/evaluation/__init__.py +9 -0
- azure/ai/evaluation/_aoai/__init__.py +10 -0
- azure/ai/evaluation/_aoai/aoai_grader.py +89 -0
- azure/ai/evaluation/_aoai/label_grader.py +66 -0
- azure/ai/evaluation/_aoai/string_check_grader.py +65 -0
- azure/ai/evaluation/_aoai/text_similarity_grader.py +88 -0
- azure/ai/evaluation/_azure/_clients.py +4 -4
- azure/ai/evaluation/_azure/_envs.py +208 -0
- azure/ai/evaluation/_azure/_token_manager.py +12 -7
- azure/ai/evaluation/_common/__init__.py +5 -0
- azure/ai/evaluation/_common/evaluation_onedp_client.py +118 -0
- azure/ai/evaluation/_common/onedp/__init__.py +32 -0
- azure/ai/evaluation/_common/onedp/_client.py +139 -0
- azure/ai/evaluation/_common/onedp/_configuration.py +73 -0
- azure/ai/evaluation/_common/onedp/_model_base.py +1232 -0
- azure/ai/evaluation/_common/onedp/_patch.py +21 -0
- azure/ai/evaluation/_common/onedp/_serialization.py +2032 -0
- azure/ai/evaluation/_common/onedp/_types.py +21 -0
- azure/ai/evaluation/_common/onedp/_validation.py +50 -0
- azure/ai/evaluation/_common/onedp/_vendor.py +50 -0
- azure/ai/evaluation/_common/onedp/_version.py +9 -0
- azure/ai/evaluation/_common/onedp/aio/__init__.py +29 -0
- azure/ai/evaluation/_common/onedp/aio/_client.py +143 -0
- azure/ai/evaluation/_common/onedp/aio/_configuration.py +75 -0
- azure/ai/evaluation/_common/onedp/aio/_patch.py +21 -0
- azure/ai/evaluation/_common/onedp/aio/_vendor.py +40 -0
- azure/ai/evaluation/_common/onedp/aio/operations/__init__.py +39 -0
- azure/ai/evaluation/_common/onedp/aio/operations/_operations.py +4494 -0
- azure/ai/evaluation/_common/onedp/aio/operations/_patch.py +21 -0
- azure/ai/evaluation/_common/onedp/models/__init__.py +142 -0
- azure/ai/evaluation/_common/onedp/models/_enums.py +162 -0
- azure/ai/evaluation/_common/onedp/models/_models.py +2228 -0
- azure/ai/evaluation/_common/onedp/models/_patch.py +21 -0
- azure/ai/evaluation/_common/onedp/operations/__init__.py +39 -0
- azure/ai/evaluation/_common/onedp/operations/_operations.py +5655 -0
- azure/ai/evaluation/_common/onedp/operations/_patch.py +21 -0
- azure/ai/evaluation/_common/onedp/py.typed +1 -0
- azure/ai/evaluation/_common/onedp/servicepatterns/__init__.py +1 -0
- azure/ai/evaluation/_common/onedp/servicepatterns/aio/__init__.py +1 -0
- azure/ai/evaluation/_common/onedp/servicepatterns/aio/operations/__init__.py +25 -0
- azure/ai/evaluation/_common/onedp/servicepatterns/aio/operations/_operations.py +34 -0
- azure/ai/evaluation/_common/onedp/servicepatterns/aio/operations/_patch.py +20 -0
- azure/ai/evaluation/_common/onedp/servicepatterns/buildingblocks/__init__.py +1 -0
- azure/ai/evaluation/_common/onedp/servicepatterns/buildingblocks/aio/__init__.py +1 -0
- azure/ai/evaluation/_common/onedp/servicepatterns/buildingblocks/aio/operations/__init__.py +22 -0
- azure/ai/evaluation/_common/onedp/servicepatterns/buildingblocks/aio/operations/_operations.py +29 -0
- azure/ai/evaluation/_common/onedp/servicepatterns/buildingblocks/aio/operations/_patch.py +20 -0
- azure/ai/evaluation/_common/onedp/servicepatterns/buildingblocks/operations/__init__.py +22 -0
- azure/ai/evaluation/_common/onedp/servicepatterns/buildingblocks/operations/_operations.py +29 -0
- azure/ai/evaluation/_common/onedp/servicepatterns/buildingblocks/operations/_patch.py +20 -0
- azure/ai/evaluation/_common/onedp/servicepatterns/operations/__init__.py +25 -0
- azure/ai/evaluation/_common/onedp/servicepatterns/operations/_operations.py +34 -0
- azure/ai/evaluation/_common/onedp/servicepatterns/operations/_patch.py +20 -0
- azure/ai/evaluation/_common/rai_service.py +158 -28
- azure/ai/evaluation/_common/raiclient/_version.py +1 -1
- azure/ai/evaluation/_common/utils.py +79 -1
- azure/ai/evaluation/_constants.py +16 -0
- azure/ai/evaluation/_eval_mapping.py +71 -0
- azure/ai/evaluation/_evaluate/_batch_run/_run_submitter_client.py +30 -16
- azure/ai/evaluation/_evaluate/_batch_run/eval_run_context.py +8 -0
- azure/ai/evaluation/_evaluate/_batch_run/proxy_client.py +5 -0
- azure/ai/evaluation/_evaluate/_batch_run/target_run_context.py +17 -1
- azure/ai/evaluation/_evaluate/_eval_run.py +1 -1
- azure/ai/evaluation/_evaluate/_evaluate.py +325 -74
- azure/ai/evaluation/_evaluate/_evaluate_aoai.py +534 -0
- azure/ai/evaluation/_evaluate/_utils.py +117 -4
- azure/ai/evaluation/_evaluators/_common/_base_eval.py +8 -3
- azure/ai/evaluation/_evaluators/_common/_base_prompty_eval.py +12 -3
- azure/ai/evaluation/_evaluators/_common/_base_rai_svc_eval.py +2 -2
- azure/ai/evaluation/_evaluators/_document_retrieval/__init__.py +11 -0
- azure/ai/evaluation/_evaluators/_document_retrieval/_document_retrieval.py +467 -0
- azure/ai/evaluation/_evaluators/_fluency/_fluency.py +1 -1
- azure/ai/evaluation/_evaluators/_groundedness/_groundedness.py +1 -1
- azure/ai/evaluation/_evaluators/_intent_resolution/_intent_resolution.py +6 -2
- azure/ai/evaluation/_evaluators/_relevance/_relevance.py +1 -1
- azure/ai/evaluation/_evaluators/_response_completeness/_response_completeness.py +7 -2
- azure/ai/evaluation/_evaluators/_response_completeness/response_completeness.prompty +31 -46
- azure/ai/evaluation/_evaluators/_similarity/_similarity.py +1 -1
- azure/ai/evaluation/_evaluators/_task_adherence/_task_adherence.py +5 -2
- azure/ai/evaluation/_evaluators/_tool_call_accuracy/_tool_call_accuracy.py +6 -2
- azure/ai/evaluation/_exceptions.py +2 -0
- azure/ai/evaluation/_legacy/_adapters/__init__.py +0 -14
- azure/ai/evaluation/_legacy/_adapters/_check.py +17 -0
- azure/ai/evaluation/_legacy/_adapters/_flows.py +1 -1
- azure/ai/evaluation/_legacy/_batch_engine/_engine.py +51 -32
- azure/ai/evaluation/_legacy/_batch_engine/_openai_injector.py +114 -8
- azure/ai/evaluation/_legacy/_batch_engine/_result.py +6 -0
- azure/ai/evaluation/_legacy/_batch_engine/_run.py +6 -0
- azure/ai/evaluation/_legacy/_batch_engine/_run_submitter.py +69 -29
- azure/ai/evaluation/_legacy/_batch_engine/_trace.py +54 -62
- azure/ai/evaluation/_legacy/_batch_engine/_utils.py +19 -1
- azure/ai/evaluation/_legacy/_common/__init__.py +3 -0
- azure/ai/evaluation/_legacy/_common/_async_token_provider.py +124 -0
- azure/ai/evaluation/_legacy/_common/_thread_pool_executor_with_context.py +15 -0
- azure/ai/evaluation/_legacy/prompty/_connection.py +11 -74
- azure/ai/evaluation/_legacy/prompty/_exceptions.py +80 -0
- azure/ai/evaluation/_legacy/prompty/_prompty.py +119 -9
- azure/ai/evaluation/_legacy/prompty/_utils.py +72 -2
- azure/ai/evaluation/_safety_evaluation/_safety_evaluation.py +90 -17
- azure/ai/evaluation/_version.py +1 -1
- azure/ai/evaluation/red_team/_attack_strategy.py +1 -1
- azure/ai/evaluation/red_team/_red_team.py +825 -450
- azure/ai/evaluation/red_team/_utils/metric_mapping.py +23 -0
- azure/ai/evaluation/red_team/_utils/strategy_utils.py +1 -1
- azure/ai/evaluation/simulator/_adversarial_simulator.py +63 -39
- azure/ai/evaluation/simulator/_constants.py +1 -0
- azure/ai/evaluation/simulator/_conversation/__init__.py +13 -6
- azure/ai/evaluation/simulator/_conversation/_conversation.py +2 -1
- azure/ai/evaluation/simulator/_direct_attack_simulator.py +35 -22
- azure/ai/evaluation/simulator/_helpers/_language_suffix_mapping.py +1 -0
- azure/ai/evaluation/simulator/_indirect_attack_simulator.py +40 -25
- azure/ai/evaluation/simulator/_model_tools/__init__.py +2 -1
- azure/ai/evaluation/simulator/_model_tools/_generated_rai_client.py +24 -18
- azure/ai/evaluation/simulator/_model_tools/_identity_manager.py +5 -10
- azure/ai/evaluation/simulator/_model_tools/_proxy_completion_model.py +65 -41
- azure/ai/evaluation/simulator/_model_tools/_template_handler.py +9 -5
- azure/ai/evaluation/simulator/_model_tools/models.py +20 -17
- {azure_ai_evaluation-1.5.0.dist-info → azure_ai_evaluation-1.6.0.dist-info}/METADATA +25 -2
- {azure_ai_evaluation-1.5.0.dist-info → azure_ai_evaluation-1.6.0.dist-info}/RECORD +123 -65
- /azure/ai/evaluation/_legacy/{_batch_engine → _common}/_logging.py +0 -0
- {azure_ai_evaluation-1.5.0.dist-info → azure_ai_evaluation-1.6.0.dist-info}/NOTICE.txt +0 -0
- {azure_ai_evaluation-1.5.0.dist-info → azure_ai_evaluation-1.6.0.dist-info}/WHEEL +0 -0
- {azure_ai_evaluation-1.5.0.dist-info → azure_ai_evaluation-1.6.0.dist-info}/top_level.txt +0 -0
|
@@ -10,7 +10,7 @@ import logging
|
|
|
10
10
|
import tempfile
|
|
11
11
|
import time
|
|
12
12
|
from datetime import datetime
|
|
13
|
-
from typing import Callable, Dict, List, Optional, Union, cast
|
|
13
|
+
from typing import Callable, Dict, List, Optional, Union, cast, Any
|
|
14
14
|
import json
|
|
15
15
|
from pathlib import Path
|
|
16
16
|
import itertools
|
|
@@ -23,7 +23,7 @@ from tqdm import tqdm
|
|
|
23
23
|
from azure.ai.evaluation._evaluate._eval_run import EvalRun
|
|
24
24
|
from azure.ai.evaluation._evaluate._utils import _trace_destination_from_project_scope
|
|
25
25
|
from azure.ai.evaluation._model_configurations import AzureAIProject
|
|
26
|
-
from azure.ai.evaluation._constants import EvaluationRunProperties, DefaultOpenEncoding, EVALUATION_PASS_FAIL_MAPPING
|
|
26
|
+
from azure.ai.evaluation._constants import EvaluationRunProperties, DefaultOpenEncoding, EVALUATION_PASS_FAIL_MAPPING, TokenScope
|
|
27
27
|
from azure.ai.evaluation._evaluate._utils import _get_ai_studio_url
|
|
28
28
|
from azure.ai.evaluation._evaluate._utils import extract_workspace_triad_from_trace_provider
|
|
29
29
|
from azure.ai.evaluation._version import VERSION
|
|
@@ -31,12 +31,13 @@ from azure.ai.evaluation._azure._clients import LiteMLClient
|
|
|
31
31
|
from azure.ai.evaluation._evaluate._utils import _write_output
|
|
32
32
|
from azure.ai.evaluation._common._experimental import experimental
|
|
33
33
|
from azure.ai.evaluation._model_configurations import EvaluationResult
|
|
34
|
-
from azure.ai.evaluation.
|
|
34
|
+
from azure.ai.evaluation._common.rai_service import evaluate_with_rai_service
|
|
35
|
+
from azure.ai.evaluation.simulator._model_tools import ManagedIdentityAPITokenManager, RAIClient
|
|
35
36
|
from azure.ai.evaluation.simulator._model_tools._generated_rai_client import GeneratedRAIClient
|
|
36
37
|
from azure.ai.evaluation._model_configurations import AzureOpenAIModelConfiguration, OpenAIModelConfiguration
|
|
37
38
|
from azure.ai.evaluation._exceptions import ErrorBlame, ErrorCategory, ErrorTarget, EvaluationException
|
|
38
39
|
from azure.ai.evaluation._common.math import list_mean_nan_safe, is_none_or_nan
|
|
39
|
-
from azure.ai.evaluation._common.utils import validate_azure_ai_project
|
|
40
|
+
from azure.ai.evaluation._common.utils import validate_azure_ai_project, is_onedp_project
|
|
40
41
|
from azure.ai.evaluation import evaluate
|
|
41
42
|
|
|
42
43
|
# Azure Core imports
|
|
@@ -51,11 +52,19 @@ from ._attack_objective_generator import RiskCategory, _AttackObjectiveGenerator
|
|
|
51
52
|
from pyrit.common import initialize_pyrit, DUCK_DB
|
|
52
53
|
from pyrit.prompt_target import OpenAIChatTarget, PromptChatTarget
|
|
53
54
|
from pyrit.models import ChatMessage
|
|
55
|
+
from pyrit.memory import CentralMemory
|
|
54
56
|
from pyrit.orchestrator.single_turn.prompt_sending_orchestrator import PromptSendingOrchestrator
|
|
55
57
|
from pyrit.orchestrator import Orchestrator
|
|
56
58
|
from pyrit.exceptions import PyritException
|
|
57
59
|
from pyrit.prompt_converter import PromptConverter, MathPromptConverter, Base64Converter, FlipConverter, MorseConverter, AnsiAttackConverter, AsciiArtConverter, AsciiSmugglerConverter, AtbashConverter, BinaryConverter, CaesarConverter, CharacterSpaceConverter, CharSwapGenerator, DiacriticConverter, LeetspeakConverter, UrlConverter, UnicodeSubstitutionConverter, UnicodeConfusableConverter, SuffixAppendConverter, StringJoinConverter, ROT13Converter
|
|
58
60
|
|
|
61
|
+
# Retry imports
|
|
62
|
+
import httpx
|
|
63
|
+
import httpcore
|
|
64
|
+
import tenacity
|
|
65
|
+
from tenacity import retry, stop_after_attempt, wait_exponential, retry_if_exception
|
|
66
|
+
from azure.core.exceptions import ServiceRequestError, ServiceResponseError
|
|
67
|
+
|
|
59
68
|
# Local imports - constants and utilities
|
|
60
69
|
from ._utils.constants import (
|
|
61
70
|
BASELINE_IDENTIFIER, DATA_EXT, RESULTS_EXT,
|
|
@@ -85,22 +94,123 @@ class RedTeam():
|
|
|
85
94
|
:type application_scenario: Optional[str]
|
|
86
95
|
:param custom_attack_seed_prompts: Path to a JSON file containing custom attack seed prompts (can be absolute or relative path)
|
|
87
96
|
:type custom_attack_seed_prompts: Optional[str]
|
|
88
|
-
:param output_dir: Directory to
|
|
97
|
+
:param output_dir: Directory to save output files (optional)
|
|
89
98
|
:type output_dir: Optional[str]
|
|
90
|
-
:param max_parallel_tasks: Maximum number of parallel tasks to run when scanning (default: 5)
|
|
91
|
-
:type max_parallel_tasks: int
|
|
92
99
|
"""
|
|
100
|
+
# Retry configuration constants
|
|
101
|
+
MAX_RETRY_ATTEMPTS = 5 # Increased from 3
|
|
102
|
+
MIN_RETRY_WAIT_SECONDS = 2 # Increased from 1
|
|
103
|
+
MAX_RETRY_WAIT_SECONDS = 30 # Increased from 10
|
|
104
|
+
|
|
105
|
+
def _create_retry_config(self):
|
|
106
|
+
"""Create a standard retry configuration for connection-related issues.
|
|
107
|
+
|
|
108
|
+
Creates a dictionary with retry configurations for various network and connection-related
|
|
109
|
+
exceptions. The configuration includes retry predicates, stop conditions, wait strategies,
|
|
110
|
+
and callback functions for logging retry attempts.
|
|
111
|
+
|
|
112
|
+
:return: Dictionary with retry configuration for different exception types
|
|
113
|
+
:rtype: dict
|
|
114
|
+
"""
|
|
115
|
+
return { # For connection timeouts and network-related errors
|
|
116
|
+
"network_retry": {
|
|
117
|
+
"retry": retry_if_exception(
|
|
118
|
+
lambda e: isinstance(e, (
|
|
119
|
+
httpx.ConnectTimeout,
|
|
120
|
+
httpx.ReadTimeout,
|
|
121
|
+
httpx.ConnectError,
|
|
122
|
+
httpx.HTTPError,
|
|
123
|
+
httpx.TimeoutException,
|
|
124
|
+
httpx.HTTPStatusError,
|
|
125
|
+
httpcore.ReadTimeout,
|
|
126
|
+
ConnectionError,
|
|
127
|
+
ConnectionRefusedError,
|
|
128
|
+
ConnectionResetError,
|
|
129
|
+
TimeoutError,
|
|
130
|
+
OSError,
|
|
131
|
+
IOError,
|
|
132
|
+
asyncio.TimeoutError,
|
|
133
|
+
ServiceRequestError,
|
|
134
|
+
ServiceResponseError
|
|
135
|
+
)) or (
|
|
136
|
+
isinstance(e, httpx.HTTPStatusError) and
|
|
137
|
+
(e.response.status_code == 500 or "model_error" in str(e))
|
|
138
|
+
)
|
|
139
|
+
),
|
|
140
|
+
"stop": stop_after_attempt(self.MAX_RETRY_ATTEMPTS),
|
|
141
|
+
"wait": wait_exponential(multiplier=1.5, min=self.MIN_RETRY_WAIT_SECONDS, max=self.MAX_RETRY_WAIT_SECONDS),
|
|
142
|
+
"retry_error_callback": self._log_retry_error,
|
|
143
|
+
"before_sleep": self._log_retry_attempt,
|
|
144
|
+
}
|
|
145
|
+
}
|
|
146
|
+
|
|
147
|
+
def _log_retry_attempt(self, retry_state):
|
|
148
|
+
"""Log retry attempts for better visibility.
|
|
149
|
+
|
|
150
|
+
Logs information about connection issues that trigger retry attempts, including the
|
|
151
|
+
exception type, retry count, and wait time before the next attempt.
|
|
152
|
+
|
|
153
|
+
:param retry_state: Current state of the retry
|
|
154
|
+
:type retry_state: tenacity.RetryCallState
|
|
155
|
+
"""
|
|
156
|
+
exception = retry_state.outcome.exception()
|
|
157
|
+
if exception:
|
|
158
|
+
self.logger.warning(
|
|
159
|
+
f"Connection issue: {exception.__class__.__name__}. "
|
|
160
|
+
f"Retrying in {retry_state.next_action.sleep} seconds... "
|
|
161
|
+
f"(Attempt {retry_state.attempt_number}/{self.MAX_RETRY_ATTEMPTS})"
|
|
162
|
+
)
|
|
163
|
+
|
|
164
|
+
def _log_retry_error(self, retry_state):
|
|
165
|
+
"""Log the final error after all retries have been exhausted.
|
|
166
|
+
|
|
167
|
+
Logs detailed information about the error that persisted after all retry attempts have been exhausted.
|
|
168
|
+
This provides visibility into what ultimately failed and why.
|
|
169
|
+
|
|
170
|
+
:param retry_state: Final state of the retry
|
|
171
|
+
:type retry_state: tenacity.RetryCallState
|
|
172
|
+
:return: The exception that caused retries to be exhausted
|
|
173
|
+
:rtype: Exception
|
|
174
|
+
"""
|
|
175
|
+
exception = retry_state.outcome.exception()
|
|
176
|
+
self.logger.error(
|
|
177
|
+
f"All retries failed after {retry_state.attempt_number} attempts. "
|
|
178
|
+
f"Last error: {exception.__class__.__name__}: {str(exception)}"
|
|
179
|
+
)
|
|
180
|
+
return exception
|
|
181
|
+
|
|
93
182
|
def __init__(
|
|
94
183
|
self,
|
|
95
|
-
azure_ai_project,
|
|
184
|
+
azure_ai_project: Union[dict, str],
|
|
96
185
|
credential,
|
|
97
186
|
*,
|
|
98
187
|
risk_categories: Optional[List[RiskCategory]] = None,
|
|
99
188
|
num_objectives: int = 10,
|
|
100
189
|
application_scenario: Optional[str] = None,
|
|
101
190
|
custom_attack_seed_prompts: Optional[str] = None,
|
|
102
|
-
output_dir=
|
|
191
|
+
output_dir="."
|
|
103
192
|
):
|
|
193
|
+
"""Initialize a new Red Team agent for AI model evaluation.
|
|
194
|
+
|
|
195
|
+
Creates a Red Team agent instance configured with the specified parameters.
|
|
196
|
+
This initializes the token management, attack objective generation, and logging
|
|
197
|
+
needed for running red team evaluations against AI models.
|
|
198
|
+
|
|
199
|
+
:param azure_ai_project: Azure AI project details for connecting to services
|
|
200
|
+
:type azure_ai_project: dict
|
|
201
|
+
:param credential: Authentication credential for Azure services
|
|
202
|
+
:type credential: TokenCredential
|
|
203
|
+
:param risk_categories: List of risk categories to test (required unless custom prompts provided)
|
|
204
|
+
:type risk_categories: Optional[List[RiskCategory]]
|
|
205
|
+
:param num_objectives: Number of attack objectives to generate per risk category
|
|
206
|
+
:type num_objectives: int
|
|
207
|
+
:param application_scenario: Description of the application scenario for contextualizing attacks
|
|
208
|
+
:type application_scenario: Optional[str]
|
|
209
|
+
:param custom_attack_seed_prompts: Path to a JSON file with custom attack prompts
|
|
210
|
+
:type custom_attack_seed_prompts: Optional[str]
|
|
211
|
+
:param output_dir: Directory to save evaluation outputs and logs. Defaults to current working directory.
|
|
212
|
+
:type output_dir: str
|
|
213
|
+
"""
|
|
104
214
|
|
|
105
215
|
self.azure_ai_project = validate_azure_ai_project(azure_ai_project)
|
|
106
216
|
self.credential = credential
|
|
@@ -109,11 +219,18 @@ class RedTeam():
|
|
|
109
219
|
# Initialize logger without output directory (will be updated during scan)
|
|
110
220
|
self.logger = setup_logger()
|
|
111
221
|
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
|
|
222
|
+
if not is_onedp_project(azure_ai_project):
|
|
223
|
+
self.token_manager = ManagedIdentityAPITokenManager(
|
|
224
|
+
token_scope=TokenScope.DEFAULT_AZURE_MANAGEMENT,
|
|
225
|
+
logger=logging.getLogger("RedTeamLogger"),
|
|
226
|
+
credential=cast(TokenCredential, credential),
|
|
227
|
+
)
|
|
228
|
+
else:
|
|
229
|
+
self.token_manager = ManagedIdentityAPITokenManager(
|
|
230
|
+
token_scope=TokenScope.COGNITIVE_SERVICES_MANAGEMENT,
|
|
231
|
+
logger=logging.getLogger("RedTeamLogger"),
|
|
232
|
+
credential=cast(TokenCredential, credential),
|
|
233
|
+
)
|
|
117
234
|
|
|
118
235
|
# Initialize task tracking
|
|
119
236
|
self.task_statuses = {}
|
|
@@ -124,7 +241,6 @@ class RedTeam():
|
|
|
124
241
|
self.scan_id = None
|
|
125
242
|
self.scan_output_dir = None
|
|
126
243
|
|
|
127
|
-
self.rai_client = RAIClient(azure_ai_project=self.azure_ai_project, token_manager=self.token_manager)
|
|
128
244
|
self.generated_rai_client = GeneratedRAIClient(azure_ai_project=self.azure_ai_project, token_manager=self.token_manager.get_aad_credential()) #type: ignore
|
|
129
245
|
|
|
130
246
|
# Initialize a cache for attack objectives by risk category and strategy
|
|
@@ -147,12 +263,17 @@ class RedTeam():
|
|
|
147
263
|
) -> EvalRun:
|
|
148
264
|
"""Start an MLFlow run for the Red Team Agent evaluation.
|
|
149
265
|
|
|
266
|
+
Initializes and configures an MLFlow run for tracking the Red Team Agent evaluation process.
|
|
267
|
+
This includes setting up the proper logging destination, creating a unique run name, and
|
|
268
|
+
establishing the connection to the MLFlow tracking server based on the Azure AI project details.
|
|
269
|
+
|
|
150
270
|
:param azure_ai_project: Azure AI project details for logging
|
|
151
271
|
:type azure_ai_project: Optional[~azure.ai.evaluation.AzureAIProject]
|
|
152
272
|
:param run_name: Optional name for the MLFlow run
|
|
153
273
|
:type run_name: Optional[str]
|
|
154
274
|
:return: The MLFlow run object
|
|
155
275
|
:rtype: ~azure.ai.evaluation._evaluate._eval_run.EvalRun
|
|
276
|
+
:raises EvaluationException: If no azure_ai_project is provided or trace destination cannot be determined
|
|
156
277
|
"""
|
|
157
278
|
if not azure_ai_project:
|
|
158
279
|
log_error(self.logger, "No azure_ai_project provided, cannot start MLFlow run")
|
|
@@ -186,7 +307,6 @@ class RedTeam():
|
|
|
186
307
|
|
|
187
308
|
run_display_name = run_name or f"redteam-agent-{datetime.now().strftime('%Y%m%d-%H%M%S')}"
|
|
188
309
|
self.logger.debug(f"Starting MLFlow run with name: {run_display_name}")
|
|
189
|
-
|
|
190
310
|
eval_run = EvalRun(
|
|
191
311
|
run_name=run_display_name,
|
|
192
312
|
tracking_uri=cast(str, tracking_uri),
|
|
@@ -195,49 +315,64 @@ class RedTeam():
|
|
|
195
315
|
workspace_name=ws_triad.workspace_name,
|
|
196
316
|
management_client=management_client, # type: ignore
|
|
197
317
|
)
|
|
318
|
+
eval_run._start_run()
|
|
319
|
+
self.logger.debug(f"MLFlow run started successfully with ID: {eval_run.info.run_id}")
|
|
198
320
|
|
|
199
321
|
self.trace_destination = trace_destination
|
|
200
322
|
self.logger.debug(f"MLFlow run created successfully with ID: {eval_run}")
|
|
201
|
-
|
|
323
|
+
|
|
202
324
|
return eval_run
|
|
203
325
|
|
|
204
326
|
|
|
205
327
|
async def _log_redteam_results_to_mlflow(
|
|
206
328
|
self,
|
|
207
|
-
|
|
329
|
+
redteam_result: RedTeamResult,
|
|
208
330
|
eval_run: EvalRun,
|
|
209
|
-
|
|
331
|
+
_skip_evals: bool = False,
|
|
210
332
|
) -> Optional[str]:
|
|
211
333
|
"""Log the Red Team Agent results to MLFlow.
|
|
212
334
|
|
|
213
|
-
:param
|
|
214
|
-
:type
|
|
335
|
+
:param redteam_result: The output from the red team agent evaluation
|
|
336
|
+
:type redteam_result: ~azure.ai.evaluation.RedTeamResult
|
|
215
337
|
:param eval_run: The MLFlow run object
|
|
216
338
|
:type eval_run: ~azure.ai.evaluation._evaluate._eval_run.EvalRun
|
|
217
|
-
:param
|
|
218
|
-
:type
|
|
339
|
+
:param _skip_evals: Whether to log only data without evaluation results
|
|
340
|
+
:type _skip_evals: bool
|
|
219
341
|
:return: The URL to the run in Azure AI Studio, if available
|
|
220
342
|
:rtype: Optional[str]
|
|
221
343
|
"""
|
|
222
|
-
self.logger.debug(f"Logging results to MLFlow,
|
|
223
|
-
artifact_name = "instance_results.json"
|
|
344
|
+
self.logger.debug(f"Logging results to MLFlow, _skip_evals={_skip_evals}")
|
|
345
|
+
artifact_name = "instance_results.json"
|
|
224
346
|
|
|
225
347
|
# If we have a scan output directory, save the results there first
|
|
226
348
|
if hasattr(self, 'scan_output_dir') and self.scan_output_dir:
|
|
227
349
|
artifact_path = os.path.join(self.scan_output_dir, artifact_name)
|
|
228
350
|
self.logger.debug(f"Saving artifact to scan output directory: {artifact_path}")
|
|
229
|
-
|
|
230
351
|
with open(artifact_path, "w", encoding=DefaultOpenEncoding.WRITE) as f:
|
|
231
|
-
if
|
|
232
|
-
# In
|
|
233
|
-
f.write(json.dumps({"conversations":
|
|
234
|
-
elif
|
|
235
|
-
|
|
352
|
+
if _skip_evals:
|
|
353
|
+
# In _skip_evals mode, we write the conversations in conversation/messages format
|
|
354
|
+
f.write(json.dumps({"conversations": redteam_result.attack_details or []}))
|
|
355
|
+
elif redteam_result.scan_result:
|
|
356
|
+
# Create a copy to avoid modifying the original scan result
|
|
357
|
+
result_with_conversations = redteam_result.scan_result.copy() if isinstance(redteam_result.scan_result, dict) else {}
|
|
358
|
+
|
|
359
|
+
# Preserve all original fields needed for scorecard generation
|
|
360
|
+
result_with_conversations["scorecard"] = result_with_conversations.get("scorecard", {})
|
|
361
|
+
result_with_conversations["parameters"] = result_with_conversations.get("parameters", {})
|
|
362
|
+
|
|
363
|
+
# Add conversations field with all conversation data including user messages
|
|
364
|
+
result_with_conversations["conversations"] = redteam_result.attack_details or []
|
|
365
|
+
|
|
366
|
+
# Keep original attack_details field to preserve compatibility with existing code
|
|
367
|
+
if "attack_details" not in result_with_conversations and redteam_result.attack_details is not None:
|
|
368
|
+
result_with_conversations["attack_details"] = redteam_result.attack_details
|
|
369
|
+
|
|
370
|
+
json.dump(result_with_conversations, f)
|
|
236
371
|
|
|
237
372
|
eval_info_name = "redteam_info.json"
|
|
238
373
|
eval_info_path = os.path.join(self.scan_output_dir, eval_info_name)
|
|
239
374
|
self.logger.debug(f"Saving evaluation info to scan output directory: {eval_info_path}")
|
|
240
|
-
with open
|
|
375
|
+
with open(eval_info_path, "w", encoding=DefaultOpenEncoding.WRITE) as f:
|
|
241
376
|
# Remove evaluation_result from red_team_info before logging
|
|
242
377
|
red_team_info_logged = {}
|
|
243
378
|
for strategy, harms_dict in self.red_team_info.items():
|
|
@@ -248,10 +383,10 @@ class RedTeam():
|
|
|
248
383
|
f.write(json.dumps(red_team_info_logged))
|
|
249
384
|
|
|
250
385
|
# Also save a human-readable scorecard if available
|
|
251
|
-
if not
|
|
386
|
+
if not _skip_evals and redteam_result.scan_result:
|
|
252
387
|
scorecard_path = os.path.join(self.scan_output_dir, "scorecard.txt")
|
|
253
388
|
with open(scorecard_path, "w", encoding=DefaultOpenEncoding.WRITE) as f:
|
|
254
|
-
f.write(self._to_scorecard(
|
|
389
|
+
f.write(self._to_scorecard(redteam_result.scan_result))
|
|
255
390
|
self.logger.debug(f"Saved scorecard to: {scorecard_path}")
|
|
256
391
|
|
|
257
392
|
# Create a dedicated artifacts directory with proper structure for MLFlow
|
|
@@ -261,14 +396,14 @@ class RedTeam():
|
|
|
261
396
|
with tempfile.TemporaryDirectory() as tmpdir:
|
|
262
397
|
# First, create the main artifact file that MLFlow expects
|
|
263
398
|
with open(os.path.join(tmpdir, artifact_name), "w", encoding=DefaultOpenEncoding.WRITE) as f:
|
|
264
|
-
if
|
|
265
|
-
f.write(json.dumps({"conversations":
|
|
266
|
-
elif
|
|
267
|
-
|
|
268
|
-
|
|
269
|
-
|
|
399
|
+
if _skip_evals:
|
|
400
|
+
f.write(json.dumps({"conversations": redteam_result.attack_details or []}))
|
|
401
|
+
elif redteam_result.scan_result:
|
|
402
|
+
redteam_result.scan_result["redteaming_scorecard"] = redteam_result.scan_result.get("scorecard", None)
|
|
403
|
+
redteam_result.scan_result["redteaming_parameters"] = redteam_result.scan_result.get("parameters", None)
|
|
404
|
+
redteam_result.scan_result["redteaming_data"] = redteam_result.scan_result.get("attack_details", None)
|
|
270
405
|
|
|
271
|
-
json.dump(
|
|
406
|
+
json.dump(redteam_result.scan_result, f)
|
|
272
407
|
|
|
273
408
|
# Copy all relevant files to the temp directory
|
|
274
409
|
import shutil
|
|
@@ -280,7 +415,7 @@ class RedTeam():
|
|
|
280
415
|
continue
|
|
281
416
|
if file.endswith('.log') and not os.environ.get('DEBUG'):
|
|
282
417
|
continue
|
|
283
|
-
if file == artifact_name
|
|
418
|
+
if file == artifact_name:
|
|
284
419
|
continue
|
|
285
420
|
|
|
286
421
|
try:
|
|
@@ -308,10 +443,10 @@ class RedTeam():
|
|
|
308
443
|
with tempfile.TemporaryDirectory() as tmpdir:
|
|
309
444
|
artifact_file = Path(tmpdir) / artifact_name
|
|
310
445
|
with open(artifact_file, "w", encoding=DefaultOpenEncoding.WRITE) as f:
|
|
311
|
-
if
|
|
312
|
-
f.write(json.dumps({"conversations":
|
|
313
|
-
elif
|
|
314
|
-
json.dump(
|
|
446
|
+
if _skip_evals:
|
|
447
|
+
f.write(json.dumps({"conversations": redteam_result.attack_details or []}))
|
|
448
|
+
elif redteam_result.scan_result:
|
|
449
|
+
json.dump(redteam_result.scan_result, f)
|
|
315
450
|
eval_run.log_artifact(tmpdir, artifact_name)
|
|
316
451
|
self.logger.debug(f"Logged artifact: {artifact_name}")
|
|
317
452
|
|
|
@@ -322,8 +457,8 @@ class RedTeam():
|
|
|
322
457
|
"_azureml.evaluate_artifacts": json.dumps([{"path": artifact_name, "type": "table"}]),
|
|
323
458
|
})
|
|
324
459
|
|
|
325
|
-
if
|
|
326
|
-
scorecard =
|
|
460
|
+
if redteam_result.scan_result:
|
|
461
|
+
scorecard = redteam_result.scan_result["scorecard"]
|
|
327
462
|
joint_attack_summary = scorecard["joint_risk_attack_summary"]
|
|
328
463
|
|
|
329
464
|
if joint_attack_summary:
|
|
@@ -333,7 +468,7 @@ class RedTeam():
|
|
|
333
468
|
if key != "risk_category":
|
|
334
469
|
eval_run.log_metric(f"{risk_category}_{key}", cast(float, value))
|
|
335
470
|
self.logger.debug(f"Logged metric: {risk_category}_{key} = {value}")
|
|
336
|
-
|
|
471
|
+
eval_run._end_run("FINISHED")
|
|
337
472
|
self.logger.info("Successfully logged results to MLFlow")
|
|
338
473
|
return None
|
|
339
474
|
|
|
@@ -350,14 +485,18 @@ class RedTeam():
|
|
|
350
485
|
) -> List[str]:
|
|
351
486
|
"""Get attack objectives from the RAI client for a specific risk category or from a custom dataset.
|
|
352
487
|
|
|
353
|
-
|
|
354
|
-
|
|
488
|
+
Retrieves attack objectives based on the provided risk category and strategy. These objectives
|
|
489
|
+
can come from either the RAI service or from custom attack seed prompts if provided. The function
|
|
490
|
+
handles different strategies, including special handling for jailbreak strategy which requires
|
|
491
|
+
applying prefixes to messages. It also maintains a cache of objectives to ensure consistency
|
|
492
|
+
across different strategies for the same risk category.
|
|
493
|
+
|
|
355
494
|
:param risk_category: The specific risk category to get objectives for
|
|
356
495
|
:type risk_category: Optional[RiskCategory]
|
|
357
496
|
:param application_scenario: Optional description of the application scenario for context
|
|
358
|
-
:type application_scenario: str
|
|
497
|
+
:type application_scenario: Optional[str]
|
|
359
498
|
:param strategy: Optional attack strategy to get specific objectives for
|
|
360
|
-
:type strategy: str
|
|
499
|
+
:type strategy: Optional[str]
|
|
361
500
|
:return: A list of attack objective prompts
|
|
362
501
|
:rtype: List[str]
|
|
363
502
|
"""
|
|
@@ -407,9 +546,17 @@ class RedTeam():
|
|
|
407
546
|
|
|
408
547
|
# Handle jailbreak strategy - need to apply jailbreak prefixes to messages
|
|
409
548
|
if strategy == "jailbreak":
|
|
410
|
-
self.logger.debug("Applying jailbreak prefixes to custom objectives")
|
|
549
|
+
self.logger.debug("Applying jailbreak prefixes to custom objectives")
|
|
411
550
|
try:
|
|
412
|
-
|
|
551
|
+
@retry(**self._create_retry_config()["network_retry"])
|
|
552
|
+
async def get_jailbreak_prefixes_with_retry():
|
|
553
|
+
try:
|
|
554
|
+
return await self.generated_rai_client.get_jailbreak_prefixes()
|
|
555
|
+
except (httpx.ConnectTimeout, httpx.ReadTimeout, httpx.ConnectError, httpx.HTTPError, ConnectionError) as e:
|
|
556
|
+
self.logger.warning(f"Network error when fetching jailbreak prefixes: {type(e).__name__}: {str(e)}")
|
|
557
|
+
raise
|
|
558
|
+
|
|
559
|
+
jailbreak_prefixes = await get_jailbreak_prefixes_with_retry()
|
|
413
560
|
for objective in selected_cat_objectives:
|
|
414
561
|
if "messages" in objective and len(objective["messages"]) > 0:
|
|
415
562
|
message = objective["messages"][0]
|
|
@@ -587,21 +734,65 @@ class RedTeam():
|
|
|
587
734
|
|
|
588
735
|
# Replace with utility function
|
|
589
736
|
def _message_to_dict(self, message: ChatMessage):
|
|
737
|
+
"""Convert a PyRIT ChatMessage object to a dictionary representation.
|
|
738
|
+
|
|
739
|
+
Transforms a ChatMessage object into a standardized dictionary format that can be
|
|
740
|
+
used for serialization, storage, and analysis. The dictionary format is compatible
|
|
741
|
+
with JSON serialization.
|
|
742
|
+
|
|
743
|
+
:param message: The PyRIT ChatMessage to convert
|
|
744
|
+
:type message: ChatMessage
|
|
745
|
+
:return: Dictionary representation of the message
|
|
746
|
+
:rtype: dict
|
|
747
|
+
"""
|
|
590
748
|
from ._utils.formatting_utils import message_to_dict
|
|
591
749
|
return message_to_dict(message)
|
|
592
750
|
|
|
593
751
|
# Replace with utility function
|
|
594
752
|
def _get_strategy_name(self, attack_strategy: Union[AttackStrategy, List[AttackStrategy]]) -> str:
|
|
753
|
+
"""Get a standardized string name for an attack strategy or list of strategies.
|
|
754
|
+
|
|
755
|
+
Converts an AttackStrategy enum value or a list of such values into a standardized
|
|
756
|
+
string representation used for logging, file naming, and result tracking. Handles both
|
|
757
|
+
single strategies and composite strategies consistently.
|
|
758
|
+
|
|
759
|
+
:param attack_strategy: The attack strategy or list of strategies to name
|
|
760
|
+
:type attack_strategy: Union[AttackStrategy, List[AttackStrategy]]
|
|
761
|
+
:return: Standardized string name for the strategy
|
|
762
|
+
:rtype: str
|
|
763
|
+
"""
|
|
595
764
|
from ._utils.formatting_utils import get_strategy_name
|
|
596
765
|
return get_strategy_name(attack_strategy)
|
|
597
766
|
|
|
598
767
|
# Replace with utility function
|
|
599
768
|
def _get_flattened_attack_strategies(self, attack_strategies: List[Union[AttackStrategy, List[AttackStrategy]]]) -> List[Union[AttackStrategy, List[AttackStrategy]]]:
|
|
769
|
+
"""Flatten a nested list of attack strategies into a single-level list.
|
|
770
|
+
|
|
771
|
+
Processes a potentially nested list of attack strategies to create a flat list
|
|
772
|
+
where composite strategies are handled appropriately. This ensures consistent
|
|
773
|
+
processing of strategies regardless of how they are initially structured.
|
|
774
|
+
|
|
775
|
+
:param attack_strategies: List of attack strategies, possibly containing nested lists
|
|
776
|
+
:type attack_strategies: List[Union[AttackStrategy, List[AttackStrategy]]]
|
|
777
|
+
:return: Flattened list of attack strategies
|
|
778
|
+
:rtype: List[Union[AttackStrategy, List[AttackStrategy]]]
|
|
779
|
+
"""
|
|
600
780
|
from ._utils.formatting_utils import get_flattened_attack_strategies
|
|
601
781
|
return get_flattened_attack_strategies(attack_strategies)
|
|
602
782
|
|
|
603
783
|
# Replace with utility function
|
|
604
784
|
def _get_converter_for_strategy(self, attack_strategy: Union[AttackStrategy, List[AttackStrategy]]) -> Union[PromptConverter, List[PromptConverter]]:
|
|
785
|
+
"""Get the appropriate prompt converter(s) for a given attack strategy.
|
|
786
|
+
|
|
787
|
+
Maps attack strategies to their corresponding prompt converters that implement
|
|
788
|
+
the attack technique. Handles both single strategies and composite strategies,
|
|
789
|
+
returning either a single converter or a list of converters as appropriate.
|
|
790
|
+
|
|
791
|
+
:param attack_strategy: The attack strategy or strategies to get converters for
|
|
792
|
+
:type attack_strategy: Union[AttackStrategy, List[AttackStrategy]]
|
|
793
|
+
:return: The prompt converter(s) for the specified strategy
|
|
794
|
+
:rtype: Union[PromptConverter, List[PromptConverter]]
|
|
795
|
+
"""
|
|
605
796
|
from ._utils.strategy_utils import get_converter_for_strategy
|
|
606
797
|
return get_converter_for_strategy(attack_strategy)
|
|
607
798
|
|
|
@@ -616,19 +807,25 @@ class RedTeam():
|
|
|
616
807
|
) -> Orchestrator:
|
|
617
808
|
"""Send prompts via the PromptSendingOrchestrator with optimized performance.
|
|
618
809
|
|
|
810
|
+
Creates and configures a PyRIT PromptSendingOrchestrator to efficiently send prompts to the target
|
|
811
|
+
model or function. The orchestrator handles prompt conversion using the specified converters,
|
|
812
|
+
applies appropriate timeout settings, and manages the database engine for storing conversation
|
|
813
|
+
results. This function provides centralized management for prompt-sending operations with proper
|
|
814
|
+
error handling and performance optimizations.
|
|
815
|
+
|
|
619
816
|
:param chat_target: The target to send prompts to
|
|
620
817
|
:type chat_target: PromptChatTarget
|
|
621
|
-
:param all_prompts: List of prompts to send
|
|
818
|
+
:param all_prompts: List of prompts to process and send
|
|
622
819
|
:type all_prompts: List[str]
|
|
623
|
-
:param converter:
|
|
820
|
+
:param converter: Prompt converter or list of converters to transform prompts
|
|
624
821
|
:type converter: Union[PromptConverter, List[PromptConverter]]
|
|
625
|
-
:param strategy_name: Name of the strategy being used
|
|
822
|
+
:param strategy_name: Name of the attack strategy being used
|
|
626
823
|
:type strategy_name: str
|
|
627
|
-
:param risk_category:
|
|
824
|
+
:param risk_category: Risk category being evaluated
|
|
628
825
|
:type risk_category: str
|
|
629
|
-
:param timeout:
|
|
826
|
+
:param timeout: Timeout in seconds for each prompt
|
|
630
827
|
:type timeout: int
|
|
631
|
-
:return:
|
|
828
|
+
:return: Configured and initialized orchestrator
|
|
632
829
|
:rtype: Orchestrator
|
|
633
830
|
"""
|
|
634
831
|
task_key = f"{strategy_name}_{risk_category}_orchestrator"
|
|
@@ -667,6 +864,17 @@ class RedTeam():
|
|
|
667
864
|
# Use a batched approach for send_prompts_async to prevent overwhelming
|
|
668
865
|
# the model with too many concurrent requests
|
|
669
866
|
batch_size = min(len(all_prompts), 3) # Process 3 prompts at a time max
|
|
867
|
+
|
|
868
|
+
# Initialize output path for memory labelling
|
|
869
|
+
base_path = str(uuid.uuid4())
|
|
870
|
+
|
|
871
|
+
# If scan output directory exists, place the file there
|
|
872
|
+
if hasattr(self, 'scan_output_dir') and self.scan_output_dir:
|
|
873
|
+
output_path = os.path.join(self.scan_output_dir, f"{base_path}{DATA_EXT}")
|
|
874
|
+
else:
|
|
875
|
+
output_path = f"{base_path}{DATA_EXT}"
|
|
876
|
+
|
|
877
|
+
self.red_team_info[strategy_name][risk_category]["data_file"] = output_path
|
|
670
878
|
|
|
671
879
|
# Process prompts concurrently within each batch
|
|
672
880
|
if len(all_prompts) > batch_size:
|
|
@@ -676,14 +884,26 @@ class RedTeam():
|
|
|
676
884
|
for batch_idx, batch in enumerate(batches):
|
|
677
885
|
self.logger.debug(f"Processing batch {batch_idx+1}/{len(batches)} with {len(batch)} prompts for {strategy_name}/{risk_category}")
|
|
678
886
|
|
|
679
|
-
batch_start_time = datetime.now()
|
|
680
|
-
#
|
|
681
|
-
|
|
682
|
-
|
|
683
|
-
|
|
684
|
-
|
|
685
|
-
|
|
686
|
-
|
|
887
|
+
batch_start_time = datetime.now() # Send prompts in the batch concurrently with a timeout and retry logic
|
|
888
|
+
try: # Create retry decorator for this specific call with enhanced retry strategy
|
|
889
|
+
@retry(**self._create_retry_config()["network_retry"])
|
|
890
|
+
async def send_batch_with_retry():
|
|
891
|
+
try:
|
|
892
|
+
return await asyncio.wait_for(
|
|
893
|
+
orchestrator.send_prompts_async(prompt_list=batch, memory_labels={"risk_strategy_path": output_path, "batch": batch_idx+1}),
|
|
894
|
+
timeout=timeout # Use provided timeouts
|
|
895
|
+
)
|
|
896
|
+
except (httpx.ConnectTimeout, httpx.ReadTimeout, httpx.ConnectError, httpx.HTTPError,
|
|
897
|
+
ConnectionError, TimeoutError, asyncio.TimeoutError, httpcore.ReadTimeout,
|
|
898
|
+
httpx.HTTPStatusError) as e:
|
|
899
|
+
# Log the error with enhanced information and allow retry logic to handle it
|
|
900
|
+
self.logger.warning(f"Network error in batch {batch_idx+1} for {strategy_name}/{risk_category}: {type(e).__name__}: {str(e)}")
|
|
901
|
+
# Add a small delay before retry to allow network recovery
|
|
902
|
+
await asyncio.sleep(1)
|
|
903
|
+
raise
|
|
904
|
+
|
|
905
|
+
# Execute the retry-enabled function
|
|
906
|
+
await send_batch_with_retry()
|
|
687
907
|
batch_duration = (datetime.now() - batch_start_time).total_seconds()
|
|
688
908
|
self.logger.debug(f"Successfully processed batch {batch_idx+1} for {strategy_name}/{risk_category} in {batch_duration:.2f} seconds")
|
|
689
909
|
|
|
@@ -691,7 +911,7 @@ class RedTeam():
|
|
|
691
911
|
if batch_idx < len(batches) - 1: # Don't print for the last batch
|
|
692
912
|
print(f"Strategy {strategy_name}, Risk {risk_category}: Processed batch {batch_idx+1}/{len(batches)}")
|
|
693
913
|
|
|
694
|
-
except asyncio.TimeoutError:
|
|
914
|
+
except (asyncio.TimeoutError, tenacity.RetryError):
|
|
695
915
|
self.logger.warning(f"Batch {batch_idx+1} for {strategy_name}/{risk_category} timed out after {timeout} seconds, continuing with partial results")
|
|
696
916
|
self.logger.debug(f"Timeout: Strategy {strategy_name}, Risk {risk_category}, Batch {batch_idx+1} after {timeout} seconds.", exc_info=True)
|
|
697
917
|
print(f"⚠️ TIMEOUT: Strategy {strategy_name}, Risk {risk_category}, Batch {batch_idx+1}")
|
|
@@ -699,36 +919,53 @@ class RedTeam():
|
|
|
699
919
|
batch_task_key = f"{strategy_name}_{risk_category}_batch_{batch_idx+1}"
|
|
700
920
|
self.task_statuses[batch_task_key] = TASK_STATUS["TIMEOUT"]
|
|
701
921
|
self.red_team_info[strategy_name][risk_category]["status"] = TASK_STATUS["INCOMPLETE"]
|
|
922
|
+
self._write_pyrit_outputs_to_file(orchestrator=orchestrator, strategy_name=strategy_name, risk_category=risk_category, batch_idx=batch_idx+1)
|
|
702
923
|
# Continue with partial results rather than failing completely
|
|
703
924
|
continue
|
|
704
925
|
except Exception as e:
|
|
705
926
|
log_error(self.logger, f"Error processing batch {batch_idx+1}", e, f"{strategy_name}/{risk_category}")
|
|
706
927
|
self.logger.debug(f"ERROR: Strategy {strategy_name}, Risk {risk_category}, Batch {batch_idx+1}: {str(e)}")
|
|
707
928
|
self.red_team_info[strategy_name][risk_category]["status"] = TASK_STATUS["INCOMPLETE"]
|
|
929
|
+
self._write_pyrit_outputs_to_file(orchestrator=orchestrator, strategy_name=strategy_name, risk_category=risk_category, batch_idx=batch_idx+1)
|
|
708
930
|
# Continue with other batches even if one fails
|
|
709
931
|
continue
|
|
710
|
-
else:
|
|
711
|
-
# Small number of prompts, process all at once with a timeout
|
|
932
|
+
else: # Small number of prompts, process all at once with a timeout and retry logic
|
|
712
933
|
self.logger.debug(f"Processing {len(all_prompts)} prompts in a single batch for {strategy_name}/{risk_category}")
|
|
713
934
|
batch_start_time = datetime.now()
|
|
714
|
-
try:
|
|
715
|
-
|
|
716
|
-
|
|
717
|
-
|
|
718
|
-
|
|
935
|
+
try: # Create retry decorator with enhanced retry strategy
|
|
936
|
+
@retry(**self._create_retry_config()["network_retry"])
|
|
937
|
+
async def send_all_with_retry():
|
|
938
|
+
try:
|
|
939
|
+
return await asyncio.wait_for(
|
|
940
|
+
orchestrator.send_prompts_async(prompt_list=all_prompts, memory_labels={"risk_strategy_path": output_path, "batch": 1}),
|
|
941
|
+
timeout=timeout # Use provided timeout
|
|
942
|
+
)
|
|
943
|
+
except (httpx.ConnectTimeout, httpx.ReadTimeout, httpx.ConnectError, httpx.HTTPError,
|
|
944
|
+
ConnectionError, TimeoutError, OSError, asyncio.TimeoutError, httpcore.ReadTimeout,
|
|
945
|
+
httpx.HTTPStatusError) as e:
|
|
946
|
+
# Enhanced error logging with type information and context
|
|
947
|
+
self.logger.warning(f"Network error in single batch for {strategy_name}/{risk_category}: {type(e).__name__}: {str(e)}")
|
|
948
|
+
# Add a small delay before retry to allow network recovery
|
|
949
|
+
await asyncio.sleep(2)
|
|
950
|
+
raise
|
|
951
|
+
|
|
952
|
+
# Execute the retry-enabled function
|
|
953
|
+
await send_all_with_retry()
|
|
719
954
|
batch_duration = (datetime.now() - batch_start_time).total_seconds()
|
|
720
955
|
self.logger.debug(f"Successfully processed single batch for {strategy_name}/{risk_category} in {batch_duration:.2f} seconds")
|
|
721
|
-
except asyncio.TimeoutError:
|
|
956
|
+
except (asyncio.TimeoutError, tenacity.RetryError):
|
|
722
957
|
self.logger.warning(f"Prompt processing for {strategy_name}/{risk_category} timed out after {timeout} seconds, continuing with partial results")
|
|
723
958
|
print(f"⚠️ TIMEOUT: Strategy {strategy_name}, Risk {risk_category}")
|
|
724
959
|
# Set task status to TIMEOUT
|
|
725
960
|
single_batch_task_key = f"{strategy_name}_{risk_category}_single_batch"
|
|
726
961
|
self.task_statuses[single_batch_task_key] = TASK_STATUS["TIMEOUT"]
|
|
727
962
|
self.red_team_info[strategy_name][risk_category]["status"] = TASK_STATUS["INCOMPLETE"]
|
|
963
|
+
self._write_pyrit_outputs_to_file(orchestrator=orchestrator, strategy_name=strategy_name, risk_category=risk_category, batch_idx=1)
|
|
728
964
|
except Exception as e:
|
|
729
965
|
log_error(self.logger, "Error processing prompts", e, f"{strategy_name}/{risk_category}")
|
|
730
966
|
self.logger.debug(f"ERROR: Strategy {strategy_name}, Risk {risk_category}: {str(e)}")
|
|
731
967
|
self.red_team_info[strategy_name][risk_category]["status"] = TASK_STATUS["INCOMPLETE"]
|
|
968
|
+
self._write_pyrit_outputs_to_file(orchestrator=orchestrator, strategy_name=strategy_name, risk_category=risk_category, batch_idx=1)
|
|
732
969
|
|
|
733
970
|
self.task_statuses[task_key] = TASK_STATUS["COMPLETED"]
|
|
734
971
|
return orchestrator
|
|
@@ -739,48 +976,99 @@ class RedTeam():
|
|
|
739
976
|
self.task_statuses[task_key] = TASK_STATUS["FAILED"]
|
|
740
977
|
raise
|
|
741
978
|
|
|
742
|
-
def _write_pyrit_outputs_to_file(self
|
|
743
|
-
"""Write PyRIT outputs to a file with a name based on orchestrator,
|
|
979
|
+
def _write_pyrit_outputs_to_file(self,*, orchestrator: Orchestrator, strategy_name: str, risk_category: str, batch_idx: Optional[int] = None) -> str:
|
|
980
|
+
"""Write PyRIT outputs to a file with a name based on orchestrator, strategy, and risk category.
|
|
981
|
+
|
|
982
|
+
Extracts conversation data from the PyRIT orchestrator's memory and writes it to a JSON lines file.
|
|
983
|
+
Each line in the file represents a conversation with messages in a standardized format.
|
|
984
|
+
The function handles file management including creating new files and appending to or updating
|
|
985
|
+
existing files based on conversation counts.
|
|
744
986
|
|
|
745
987
|
:param orchestrator: The orchestrator that generated the outputs
|
|
746
988
|
:type orchestrator: Orchestrator
|
|
989
|
+
:param strategy_name: The name of the strategy used to generate the outputs
|
|
990
|
+
:type strategy_name: str
|
|
991
|
+
:param risk_category: The risk category being evaluated
|
|
992
|
+
:type risk_category: str
|
|
993
|
+
:param batch_idx: Optional batch index for multi-batch processing
|
|
994
|
+
:type batch_idx: Optional[int]
|
|
747
995
|
:return: Path to the output file
|
|
748
|
-
:rtype:
|
|
996
|
+
:rtype: str
|
|
749
997
|
"""
|
|
750
|
-
|
|
751
|
-
|
|
752
|
-
# If scan output directory exists, place the file there
|
|
753
|
-
if hasattr(self, 'scan_output_dir') and self.scan_output_dir:
|
|
754
|
-
output_path = os.path.join(self.scan_output_dir, f"{base_path}{DATA_EXT}")
|
|
755
|
-
else:
|
|
756
|
-
output_path = f"{base_path}{DATA_EXT}"
|
|
757
|
-
|
|
998
|
+
output_path = self.red_team_info[strategy_name][risk_category]["data_file"]
|
|
758
999
|
self.logger.debug(f"Writing PyRIT outputs to file: {output_path}")
|
|
1000
|
+
memory = CentralMemory.get_memory_instance()
|
|
759
1001
|
|
|
760
|
-
|
|
1002
|
+
memory_label = {"risk_strategy_path": output_path}
|
|
761
1003
|
|
|
762
|
-
|
|
763
|
-
conversations = [[item.to_chat_message() for item in group] for conv_id, group in itertools.groupby(memory, key=lambda x: x.conversation_id)]
|
|
764
|
-
|
|
765
|
-
#Convert to json lines
|
|
766
|
-
json_lines = ""
|
|
767
|
-
for conversation in conversations: # each conversation is a List[ChatMessage]
|
|
768
|
-
json_lines += json.dumps({"conversation": {"messages": [self._message_to_dict(message) for message in conversation]}}) + "\n"
|
|
1004
|
+
prompts_request_pieces = memory.get_prompt_request_pieces(labels=memory_label)
|
|
769
1005
|
|
|
770
|
-
|
|
771
|
-
|
|
772
|
-
|
|
773
|
-
|
|
774
|
-
|
|
1006
|
+
conversations = [[item.to_chat_message() for item in group] for conv_id, group in itertools.groupby(prompts_request_pieces, key=lambda x: x.conversation_id)]
|
|
1007
|
+
# Check if we should overwrite existing file with more conversations
|
|
1008
|
+
if os.path.exists(output_path):
|
|
1009
|
+
existing_line_count = 0
|
|
1010
|
+
try:
|
|
1011
|
+
with open(output_path, 'r') as existing_file:
|
|
1012
|
+
existing_line_count = sum(1 for _ in existing_file)
|
|
1013
|
+
|
|
1014
|
+
# Use the number of prompts to determine if we have more conversations
|
|
1015
|
+
# This is more accurate than using the memory which might have incomplete conversations
|
|
1016
|
+
if len(conversations) > existing_line_count:
|
|
1017
|
+
self.logger.debug(f"Found more prompts ({len(conversations)}) than existing file lines ({existing_line_count}). Replacing content.")
|
|
1018
|
+
#Convert to json lines
|
|
1019
|
+
json_lines = ""
|
|
1020
|
+
for conversation in conversations: # each conversation is a List[ChatMessage]
|
|
1021
|
+
json_lines += json.dumps({"conversation": {"messages": [self._message_to_dict(message) for message in conversation]}}) + "\n"
|
|
1022
|
+
with Path(output_path).open("w") as f:
|
|
1023
|
+
f.writelines(json_lines)
|
|
1024
|
+
self.logger.debug(f"Successfully wrote {len(conversations)-existing_line_count} new conversation(s) to {output_path}")
|
|
1025
|
+
else:
|
|
1026
|
+
self.logger.debug(f"Existing file has {existing_line_count} lines, new data has {len(conversations)} prompts. Keeping existing file.")
|
|
1027
|
+
return output_path
|
|
1028
|
+
except Exception as e:
|
|
1029
|
+
self.logger.warning(f"Failed to read existing file {output_path}: {str(e)}")
|
|
1030
|
+
else:
|
|
1031
|
+
self.logger.debug(f"Creating new file: {output_path}")
|
|
1032
|
+
#Convert to json lines
|
|
1033
|
+
json_lines = ""
|
|
1034
|
+
for conversation in conversations: # each conversation is a List[ChatMessage]
|
|
1035
|
+
json_lines += json.dumps({"conversation": {"messages": [self._message_to_dict(message) for message in conversation]}}) + "\n"
|
|
1036
|
+
with Path(output_path).open("w") as f:
|
|
1037
|
+
f.writelines(json_lines)
|
|
1038
|
+
self.logger.debug(f"Successfully wrote {len(conversations)} conversations to {output_path}")
|
|
775
1039
|
return str(output_path)
|
|
776
1040
|
|
|
777
1041
|
# Replace with utility function
|
|
778
1042
|
def _get_chat_target(self, target: Union[PromptChatTarget,Callable, AzureOpenAIModelConfiguration, OpenAIModelConfiguration]) -> PromptChatTarget:
|
|
1043
|
+
"""Convert various target types to a standardized PromptChatTarget object.
|
|
1044
|
+
|
|
1045
|
+
Handles different input target types (function, model configuration, or existing chat target)
|
|
1046
|
+
and converts them to a PyRIT PromptChatTarget object that can be used with orchestrators.
|
|
1047
|
+
This function provides flexibility in how targets are specified while ensuring consistent
|
|
1048
|
+
internal handling.
|
|
1049
|
+
|
|
1050
|
+
:param target: The target to convert, which can be a function, model configuration, or chat target
|
|
1051
|
+
:type target: Union[PromptChatTarget, Callable, AzureOpenAIModelConfiguration, OpenAIModelConfiguration]
|
|
1052
|
+
:return: A standardized PromptChatTarget object
|
|
1053
|
+
:rtype: PromptChatTarget
|
|
1054
|
+
"""
|
|
779
1055
|
from ._utils.strategy_utils import get_chat_target
|
|
780
1056
|
return get_chat_target(target)
|
|
781
1057
|
|
|
782
1058
|
# Replace with utility function
|
|
783
1059
|
def _get_orchestrators_for_attack_strategies(self, attack_strategy: List[Union[AttackStrategy, List[AttackStrategy]]]) -> List[Callable]:
|
|
1060
|
+
"""Get appropriate orchestrator functions for the specified attack strategies.
|
|
1061
|
+
|
|
1062
|
+
Determines which orchestrator functions should be used based on the attack strategies.
|
|
1063
|
+
Returns a list of callable functions that can create orchestrators configured for the
|
|
1064
|
+
specified strategies. This function is crucial for mapping strategies to the appropriate
|
|
1065
|
+
execution environment.
|
|
1066
|
+
|
|
1067
|
+
:param attack_strategy: List of attack strategies to get orchestrators for
|
|
1068
|
+
:type attack_strategy: List[Union[AttackStrategy, List[AttackStrategy]]]
|
|
1069
|
+
:return: List of callable functions that create appropriately configured orchestrators
|
|
1070
|
+
:rtype: List[Callable]
|
|
1071
|
+
"""
|
|
784
1072
|
# We need to modify this to use our actual _prompt_sending_orchestrator since the utility function can't access it
|
|
785
1073
|
call_to_orchestrators = []
|
|
786
1074
|
# Sending PromptSendingOrchestrator for each complexity level
|
|
@@ -796,15 +1084,29 @@ class RedTeam():
|
|
|
796
1084
|
|
|
797
1085
|
# Replace with utility function
|
|
798
1086
|
def _get_attack_success(self, result: str) -> bool:
|
|
1087
|
+
"""Determine if an attack was successful based on the evaluation result string.
|
|
1088
|
+
|
|
1089
|
+
Parses evaluation result strings (like "fail" or "pass") and converts them to boolean
|
|
1090
|
+
values indicating whether an attack was successful. This standardizes the interpretation
|
|
1091
|
+
of results across different evaluation formats.
|
|
1092
|
+
|
|
1093
|
+
:param result: The evaluation result string to parse
|
|
1094
|
+
:type result: str
|
|
1095
|
+
:return: Boolean indicating whether the attack was successful
|
|
1096
|
+
:rtype: bool
|
|
1097
|
+
"""
|
|
799
1098
|
from ._utils.formatting_utils import get_attack_success
|
|
800
1099
|
return get_attack_success(result)
|
|
801
1100
|
|
|
802
1101
|
def _to_red_team_result(self) -> RedTeamResult:
|
|
803
1102
|
"""Convert tracking data from red_team_info to the RedTeamResult format.
|
|
804
1103
|
|
|
805
|
-
|
|
1104
|
+
Processes the internal red_team_info tracking dictionary to build a structured RedTeamResult object.
|
|
1105
|
+
This includes compiling information about the attack strategies used, complexity levels, risk categories,
|
|
1106
|
+
conversation details, attack success rates, and risk assessments. The resulting object provides
|
|
1107
|
+
a standardized representation of the red team evaluation results for reporting and analysis.
|
|
806
1108
|
|
|
807
|
-
:return: Structured red team agent results
|
|
1109
|
+
:return: Structured red team agent results containing evaluation metrics and conversation details
|
|
808
1110
|
:rtype: RedTeamResult
|
|
809
1111
|
"""
|
|
810
1112
|
converters = []
|
|
@@ -861,7 +1163,7 @@ class RedTeam():
|
|
|
861
1163
|
# Found matching conversation
|
|
862
1164
|
if f"outputs.{risk_category}.{risk_category}_result" in r:
|
|
863
1165
|
attack_success = self._get_attack_success(r[f"outputs.{risk_category}.{risk_category}_result"])
|
|
864
|
-
|
|
1166
|
+
|
|
865
1167
|
# Extract risk assessments for all categories
|
|
866
1168
|
for risk in self.risk_categories:
|
|
867
1169
|
risk_value = risk.value
|
|
@@ -1175,8 +1477,98 @@ class RedTeam():
|
|
|
1175
1477
|
|
|
1176
1478
|
# Replace with utility function
|
|
1177
1479
|
def _to_scorecard(self, redteam_result: RedTeamResult) -> str:
|
|
1480
|
+
"""Convert RedTeamResult to a human-readable scorecard format.
|
|
1481
|
+
|
|
1482
|
+
Creates a formatted scorecard string presentation of the red team evaluation results.
|
|
1483
|
+
This scorecard includes metrics like attack success rates, risk assessments, and other
|
|
1484
|
+
relevant evaluation information presented in an easily readable text format.
|
|
1485
|
+
|
|
1486
|
+
:param redteam_result: The structured red team evaluation results
|
|
1487
|
+
:type redteam_result: RedTeamResult
|
|
1488
|
+
:return: A formatted text representation of the scorecard
|
|
1489
|
+
:rtype: str
|
|
1490
|
+
"""
|
|
1178
1491
|
from ._utils.formatting_utils import format_scorecard
|
|
1179
1492
|
return format_scorecard(redteam_result)
|
|
1493
|
+
|
|
1494
|
+
async def _evaluate_conversation(self, conversation: Dict, metric_name: str, strategy_name: str, risk_category: RiskCategory, idx: int) -> None:
|
|
1495
|
+
"""Evaluate a single conversation using the specified metric and risk category.
|
|
1496
|
+
|
|
1497
|
+
Processes a single conversation for evaluation, extracting assistant messages and applying
|
|
1498
|
+
the appropriate evaluator based on the metric name and risk category. The evaluation results
|
|
1499
|
+
are stored for later aggregation and reporting.
|
|
1500
|
+
|
|
1501
|
+
:param conversation: Dictionary containing the conversation to evaluate
|
|
1502
|
+
:type conversation: Dict
|
|
1503
|
+
:param metric_name: Name of the evaluation metric to apply
|
|
1504
|
+
:type metric_name: str
|
|
1505
|
+
:param strategy_name: Name of the attack strategy used in the conversation
|
|
1506
|
+
:type strategy_name: str
|
|
1507
|
+
:param risk_category: Risk category to evaluate against
|
|
1508
|
+
:type risk_category: RiskCategory
|
|
1509
|
+
:param idx: Index of the conversation for tracking purposes
|
|
1510
|
+
:type idx: int
|
|
1511
|
+
:return: None
|
|
1512
|
+
"""
|
|
1513
|
+
|
|
1514
|
+
messages = conversation["conversation"]["messages"]
|
|
1515
|
+
|
|
1516
|
+
# Extract all assistant messages for evaluation
|
|
1517
|
+
assistant_messages = [msg["content"] for msg in messages if msg.get("role") == "assistant"]
|
|
1518
|
+
|
|
1519
|
+
if assistant_messages:
|
|
1520
|
+
# Create query-response pair with empty query and all assistant messages
|
|
1521
|
+
query_response = {
|
|
1522
|
+
"query": "", # Empty query as required
|
|
1523
|
+
"response": " ".join(assistant_messages) # Join all assistant messages
|
|
1524
|
+
}
|
|
1525
|
+
try:
|
|
1526
|
+
self.logger.debug(f"Evaluating conversation {idx+1} for {risk_category.value}/{strategy_name}") # Create retry-enabled wrapper for evaluate_with_rai_service with enhanced retry strategy
|
|
1527
|
+
@retry(**self._create_retry_config()["network_retry"])
|
|
1528
|
+
async def evaluate_with_rai_service_with_retry():
|
|
1529
|
+
try:
|
|
1530
|
+
return await evaluate_with_rai_service(
|
|
1531
|
+
data=query_response,
|
|
1532
|
+
metric_name=metric_name,
|
|
1533
|
+
project_scope=self.azure_ai_project,
|
|
1534
|
+
credential=self.credential
|
|
1535
|
+
)
|
|
1536
|
+
except (httpx.ConnectTimeout, httpx.ReadTimeout, httpx.ConnectError,
|
|
1537
|
+
httpx.HTTPError, httpx.TimeoutException, ConnectionError,
|
|
1538
|
+
ConnectionRefusedError, ConnectionResetError, TimeoutError,
|
|
1539
|
+
OSError, IOError) as e:
|
|
1540
|
+
self.logger.warning(f"Network error while evaluating conversation {idx+1} for {risk_category.value}/{strategy_name}: {type(e).__name__}: {str(e)}")
|
|
1541
|
+
# Add a short delay before retry to increase success probability
|
|
1542
|
+
await asyncio.sleep(2)
|
|
1543
|
+
raise
|
|
1544
|
+
|
|
1545
|
+
# Call the retry-enabled function
|
|
1546
|
+
evaluate_output = await evaluate_with_rai_service_with_retry()
|
|
1547
|
+
|
|
1548
|
+
# Create a row with the format expected by _to_red_team_result
|
|
1549
|
+
row = {
|
|
1550
|
+
"inputs.conversation": {"messages": messages}
|
|
1551
|
+
}
|
|
1552
|
+
|
|
1553
|
+
# Add the evaluation results in the expected format
|
|
1554
|
+
risk_cat_value = risk_category.value
|
|
1555
|
+
if evaluate_output and risk_cat_value in evaluate_output:
|
|
1556
|
+
row[f"outputs.{risk_cat_value}.{risk_cat_value}"] = evaluate_output.get(risk_cat_value)
|
|
1557
|
+
row[f"outputs.{risk_cat_value}.{risk_cat_value}_reason"] = evaluate_output.get(f"{risk_cat_value}_reason", "")
|
|
1558
|
+
row[f"outputs.{risk_cat_value}.{risk_cat_value}_score"] = evaluate_output.get(f"{risk_cat_value}_score", 0)
|
|
1559
|
+
row[f"outputs.{risk_cat_value}.{risk_cat_value}_threshold"] = evaluate_output.get(f"{risk_cat_value}_threshold", 3)
|
|
1560
|
+
|
|
1561
|
+
# Add result field based on score and threshold comparison
|
|
1562
|
+
score = evaluate_output.get(f"{risk_cat_value}_score", 0)
|
|
1563
|
+
threshold = evaluate_output.get(f"{risk_cat_value}_threshold", 3)
|
|
1564
|
+
#TODO: Handle higher is better scenarios when we add different evaluators
|
|
1565
|
+
result = int(score) <= int(threshold)
|
|
1566
|
+
row[f"outputs.{risk_cat_value}.{risk_cat_value}_result"] = EVALUATION_PASS_FAIL_MAPPING[result]
|
|
1567
|
+
self.logger.debug(f"Successfully evaluated conversation {idx+1} for {risk_category.value}/{strategy_name}")
|
|
1568
|
+
return row
|
|
1569
|
+
except Exception as e:
|
|
1570
|
+
self.logger.error(f"Error evaluating conversation {idx+1} for {risk_category.value}/{strategy_name}: {str(e)}")
|
|
1571
|
+
return {}
|
|
1180
1572
|
|
|
1181
1573
|
async def _evaluate(
|
|
1182
1574
|
self,
|
|
@@ -1184,27 +1576,35 @@ class RedTeam():
|
|
|
1184
1576
|
risk_category: RiskCategory,
|
|
1185
1577
|
strategy: Union[AttackStrategy, List[AttackStrategy]],
|
|
1186
1578
|
scan_name: Optional[str] = None,
|
|
1187
|
-
|
|
1188
|
-
|
|
1579
|
+
output_path: Optional[Union[str, os.PathLike]] = None,
|
|
1580
|
+
_skip_evals: bool = False,
|
|
1189
1581
|
) -> None:
|
|
1190
|
-
"""
|
|
1191
|
-
|
|
1192
|
-
|
|
1582
|
+
"""Perform evaluation on collected red team attack data.
|
|
1583
|
+
|
|
1584
|
+
Processes red team attack data from the provided data path and evaluates the conversations
|
|
1585
|
+
against the appropriate metrics for the specified risk category. The function handles
|
|
1586
|
+
evaluation result storage, path management, and error handling. If _skip_evals is True,
|
|
1587
|
+
the function will not perform actual evaluations and only process the data.
|
|
1588
|
+
|
|
1589
|
+
:param data_path: Path to the input data containing red team conversations
|
|
1590
|
+
:type data_path: Union[str, os.PathLike]
|
|
1591
|
+
:param risk_category: Risk category to evaluate against
|
|
1592
|
+
:type risk_category: RiskCategory
|
|
1593
|
+
:param strategy: Attack strategy or strategies used to generate the data
|
|
1594
|
+
:type strategy: Union[AttackStrategy, List[AttackStrategy]]
|
|
1595
|
+
:param scan_name: Optional name for the evaluation
|
|
1193
1596
|
:type scan_name: Optional[str]
|
|
1194
|
-
:param
|
|
1195
|
-
:type data_only: bool
|
|
1196
|
-
:param data_path: Path to the input data.
|
|
1197
|
-
:type data_path: Optional[Union[str, os.PathLike]]
|
|
1198
|
-
:param output_path: Path for output results.
|
|
1597
|
+
:param output_path: Path for storing evaluation results
|
|
1199
1598
|
:type output_path: Optional[Union[str, os.PathLike]]
|
|
1200
|
-
:
|
|
1201
|
-
:
|
|
1599
|
+
:param _skip_evals: Whether to skip the actual evaluation process
|
|
1600
|
+
:type _skip_evals: bool
|
|
1601
|
+
:return: None
|
|
1202
1602
|
"""
|
|
1203
1603
|
strategy_name = self._get_strategy_name(strategy)
|
|
1204
|
-
self.logger.debug(f"Evaluate called with data_path={data_path}, risk_category={risk_category.value}, strategy={strategy_name}, output_path={output_path},
|
|
1205
|
-
if
|
|
1604
|
+
self.logger.debug(f"Evaluate called with data_path={data_path}, risk_category={risk_category.value}, strategy={strategy_name}, output_path={output_path}, skip_evals={_skip_evals}, scan_name={scan_name}")
|
|
1605
|
+
if _skip_evals:
|
|
1206
1606
|
return None
|
|
1207
|
-
|
|
1607
|
+
|
|
1208
1608
|
# If output_path is provided, use it; otherwise create one in the scan output directory if available
|
|
1209
1609
|
if output_path:
|
|
1210
1610
|
result_path = output_path
|
|
@@ -1213,118 +1613,68 @@ class RedTeam():
|
|
|
1213
1613
|
result_path = os.path.join(self.scan_output_dir, result_filename)
|
|
1214
1614
|
else:
|
|
1215
1615
|
result_path = f"{str(uuid.uuid4())}{RESULTS_EXT}"
|
|
1216
|
-
|
|
1217
|
-
evaluators_dict = {
|
|
1218
|
-
risk_category.value: RISK_CATEGORY_EVALUATOR_MAP[risk_category](azure_ai_project=self.azure_ai_project, credential=self.credential)
|
|
1219
|
-
}
|
|
1220
|
-
|
|
1221
|
-
# Completely suppress all output during evaluation call
|
|
1222
|
-
import io
|
|
1223
|
-
import sys
|
|
1224
|
-
import logging
|
|
1225
|
-
# Don't re-import os as it's already imported at the module level
|
|
1226
|
-
|
|
1227
|
-
# Create a DevNull class to completely discard all writes
|
|
1228
|
-
class DevNull:
|
|
1229
|
-
def write(self, msg):
|
|
1230
|
-
pass
|
|
1231
|
-
def flush(self):
|
|
1232
|
-
pass
|
|
1233
|
-
|
|
1234
|
-
# Store original stdout, stderr and logger settings
|
|
1235
|
-
original_stdout = sys.stdout
|
|
1236
|
-
original_stderr = sys.stderr
|
|
1237
|
-
|
|
1238
|
-
# Get all relevant loggers
|
|
1239
|
-
root_logger = logging.getLogger()
|
|
1240
|
-
promptflow_logger = logging.getLogger('promptflow')
|
|
1241
|
-
azure_logger = logging.getLogger('azure')
|
|
1242
1616
|
|
|
1243
|
-
#
|
|
1244
|
-
|
|
1245
|
-
|
|
1246
|
-
|
|
1247
|
-
|
|
1248
|
-
|
|
1249
|
-
|
|
1250
|
-
def filter(self, record):
|
|
1251
|
-
return False
|
|
1252
|
-
|
|
1253
|
-
# Get original filters to restore later
|
|
1254
|
-
orig_handlers = []
|
|
1255
|
-
for handler in root_logger.handlers:
|
|
1256
|
-
orig_handlers.append((handler, handler.filters.copy(), handler.level))
|
|
1257
|
-
|
|
1258
|
-
try:
|
|
1259
|
-
# Redirect all stdout/stderr output to DevNull to completely suppress it
|
|
1260
|
-
sys.stdout = DevNull()
|
|
1261
|
-
sys.stderr = DevNull()
|
|
1262
|
-
|
|
1263
|
-
# Set all loggers to CRITICAL level to suppress most log messages
|
|
1264
|
-
root_logger.setLevel(logging.CRITICAL)
|
|
1265
|
-
promptflow_logger.setLevel(logging.CRITICAL)
|
|
1266
|
-
azure_logger.setLevel(logging.CRITICAL)
|
|
1267
|
-
|
|
1268
|
-
# Add silent filter to all handlers
|
|
1269
|
-
silent_filter = SilentFilter()
|
|
1270
|
-
for handler in root_logger.handlers:
|
|
1271
|
-
handler.addFilter(silent_filter)
|
|
1272
|
-
handler.setLevel(logging.CRITICAL)
|
|
1273
|
-
|
|
1274
|
-
# Create a file handler for any logs we actually want to keep
|
|
1275
|
-
file_log_path = os.path.join(self.scan_output_dir, "redteam.log")
|
|
1276
|
-
file_handler = logging.FileHandler(file_log_path, mode='a')
|
|
1277
|
-
file_handler.setFormatter(logging.Formatter('%(asctime)s - %(levelname)s - %(name)s - %(message)s'))
|
|
1278
|
-
|
|
1279
|
-
# Allow file handler to capture DEBUG logs
|
|
1280
|
-
file_handler.setLevel(logging.DEBUG)
|
|
1281
|
-
|
|
1282
|
-
# Setup our own minimal logger for critical events
|
|
1283
|
-
eval_logger = logging.getLogger('redteam_evaluation')
|
|
1284
|
-
eval_logger.propagate = False # Don't pass to root logger
|
|
1285
|
-
eval_logger.setLevel(logging.DEBUG)
|
|
1286
|
-
eval_logger.addHandler(file_handler)
|
|
1287
|
-
|
|
1288
|
-
# Run evaluation silently
|
|
1289
|
-
eval_logger.debug(f"Starting evaluation for {risk_category.value}/{strategy_name}")
|
|
1290
|
-
evaluate_outputs = evaluate(
|
|
1291
|
-
data=data_path,
|
|
1292
|
-
evaluators=evaluators_dict,
|
|
1293
|
-
output_path=result_path,
|
|
1294
|
-
)
|
|
1295
|
-
eval_logger.debug(f"Completed evaluation for {risk_category.value}/{strategy_name}")
|
|
1296
|
-
finally:
|
|
1297
|
-
# Restore original stdout and stderr
|
|
1298
|
-
sys.stdout = original_stdout
|
|
1299
|
-
sys.stderr = original_stderr
|
|
1300
|
-
|
|
1301
|
-
# Restore original log levels
|
|
1302
|
-
root_logger.setLevel(orig_root_level)
|
|
1303
|
-
promptflow_logger.setLevel(orig_promptflow_level)
|
|
1304
|
-
azure_logger.setLevel(orig_azure_level)
|
|
1305
|
-
|
|
1306
|
-
# Restore original handlers and filters
|
|
1307
|
-
for handler, filters, level in orig_handlers:
|
|
1308
|
-
# Remove any filters we added
|
|
1309
|
-
for filter in list(handler.filters):
|
|
1310
|
-
handler.removeFilter(filter)
|
|
1311
|
-
|
|
1312
|
-
# Restore original filters
|
|
1313
|
-
for filter in filters:
|
|
1314
|
-
handler.addFilter(filter)
|
|
1315
|
-
|
|
1316
|
-
# Restore original level
|
|
1317
|
-
handler.setLevel(level)
|
|
1617
|
+
try: # Run evaluation silently
|
|
1618
|
+
# Import the utility function to get the appropriate metric
|
|
1619
|
+
from ._utils.metric_mapping import get_metric_from_risk_category
|
|
1620
|
+
|
|
1621
|
+
# Get the appropriate metric for this risk category
|
|
1622
|
+
metric_name = get_metric_from_risk_category(risk_category)
|
|
1623
|
+
self.logger.debug(f"Using metric '{metric_name}' for risk category '{risk_category.value}'")
|
|
1318
1624
|
|
|
1319
|
-
#
|
|
1625
|
+
# Convert hate_unfairness to hate_fairness for RAI service compatibility
|
|
1626
|
+
if metric_name == "hate_unfairness":
|
|
1627
|
+
metric_name = "hate_fairness"
|
|
1628
|
+
self.logger.debug(f"Converted metric name to '{metric_name}' for compatibility with RAI service")
|
|
1629
|
+
|
|
1630
|
+
# Load all conversations from the data file
|
|
1631
|
+
conversations = []
|
|
1320
1632
|
try:
|
|
1321
|
-
|
|
1322
|
-
|
|
1323
|
-
|
|
1633
|
+
with open(data_path, "r", encoding="utf-8") as f:
|
|
1634
|
+
for line in f:
|
|
1635
|
+
try:
|
|
1636
|
+
data = json.loads(line)
|
|
1637
|
+
if "conversation" in data and "messages" in data["conversation"]:
|
|
1638
|
+
conversations.append(data)
|
|
1639
|
+
except json.JSONDecodeError:
|
|
1640
|
+
self.logger.warning(f"Skipping invalid JSON line in {data_path}")
|
|
1324
1641
|
except Exception as e:
|
|
1325
|
-
self.logger.
|
|
1642
|
+
self.logger.error(f"Failed to read conversations from {data_path}: {str(e)}")
|
|
1643
|
+
return None
|
|
1644
|
+
|
|
1645
|
+
if not conversations:
|
|
1646
|
+
self.logger.warning(f"No valid conversations found in {data_path}, skipping evaluation")
|
|
1647
|
+
return None
|
|
1648
|
+
|
|
1649
|
+
self.logger.debug(f"Found {len(conversations)} conversations in {data_path}")
|
|
1650
|
+
|
|
1651
|
+
# Evaluate each conversation
|
|
1652
|
+
eval_start_time = datetime.now()
|
|
1653
|
+
tasks = [self._evaluate_conversation(conversation=conversation, metric_name=metric_name, strategy_name=strategy_name, risk_category=risk_category, idx=idx) for idx, conversation in enumerate(conversations)]
|
|
1654
|
+
rows = await asyncio.gather(*tasks)
|
|
1655
|
+
|
|
1656
|
+
if not rows:
|
|
1657
|
+
self.logger.warning(f"No conversations could be successfully evaluated in {data_path}")
|
|
1658
|
+
return None
|
|
1659
|
+
|
|
1660
|
+
# Create the evaluation result structure
|
|
1661
|
+
evaluation_result = {
|
|
1662
|
+
"rows": rows, # Add rows in the format expected by _to_red_team_result
|
|
1663
|
+
"metrics": {} # Empty metrics as we're not calculating aggregate metrics
|
|
1664
|
+
}
|
|
1665
|
+
|
|
1666
|
+
# Write evaluation results to the output file
|
|
1667
|
+
_write_output(result_path, evaluation_result)
|
|
1668
|
+
eval_duration = (datetime.now() - eval_start_time).total_seconds()
|
|
1669
|
+
self.logger.debug(f"Evaluation of {len(rows)} conversations for {risk_category.value}/{strategy_name} completed in {eval_duration} seconds")
|
|
1670
|
+
self.logger.debug(f"Successfully wrote evaluation results for {len(rows)} conversations to {result_path}")
|
|
1671
|
+
|
|
1672
|
+
except Exception as e:
|
|
1673
|
+
self.logger.error(f"Error during evaluation for {risk_category.value}/{strategy_name}: {str(e)}")
|
|
1674
|
+
evaluation_result = None # Set evaluation_result to None if an error occurs
|
|
1675
|
+
|
|
1326
1676
|
self.red_team_info[self._get_strategy_name(strategy)][risk_category.value]["evaluation_result_file"] = str(result_path)
|
|
1327
|
-
self.red_team_info[self._get_strategy_name(strategy)][risk_category.value]["evaluation_result"] =
|
|
1677
|
+
self.red_team_info[self._get_strategy_name(strategy)][risk_category.value]["evaluation_result"] = evaluation_result
|
|
1328
1678
|
self.red_team_info[self._get_strategy_name(strategy)][risk_category.value]["status"] = TASK_STATUS["COMPLETED"]
|
|
1329
1679
|
self.logger.debug(f"Evaluation complete for {strategy_name}/{risk_category.value}, results stored in red_team_info")
|
|
1330
1680
|
|
|
@@ -1338,23 +1688,44 @@ class RedTeam():
|
|
|
1338
1688
|
progress_bar: tqdm,
|
|
1339
1689
|
progress_bar_lock: asyncio.Lock,
|
|
1340
1690
|
scan_name: Optional[str] = None,
|
|
1341
|
-
|
|
1691
|
+
skip_upload: bool = False,
|
|
1342
1692
|
output_path: Optional[Union[str, os.PathLike]] = None,
|
|
1343
1693
|
timeout: int = 120,
|
|
1694
|
+
_skip_evals: bool = False,
|
|
1344
1695
|
) -> Optional[EvaluationResult]:
|
|
1345
1696
|
"""Process a red team scan with the given orchestrator, converter, and prompts.
|
|
1346
1697
|
|
|
1698
|
+
Executes a red team attack process using the specified strategy and risk category against the
|
|
1699
|
+
target model or function. This includes creating an orchestrator, applying prompts through the
|
|
1700
|
+
appropriate converter, saving results to files, and optionally evaluating the results.
|
|
1701
|
+
The function handles progress tracking, logging, and error handling throughout the process.
|
|
1702
|
+
|
|
1347
1703
|
:param target: The target model or function to scan
|
|
1704
|
+
:type target: Union[Callable, AzureOpenAIModelConfiguration, OpenAIModelConfiguration, PromptChatTarget]
|
|
1348
1705
|
:param call_orchestrator: Function to call to create an orchestrator
|
|
1706
|
+
:type call_orchestrator: Callable
|
|
1349
1707
|
:param strategy: The attack strategy to use
|
|
1708
|
+
:type strategy: Union[AttackStrategy, List[AttackStrategy]]
|
|
1350
1709
|
:param risk_category: The risk category to evaluate
|
|
1710
|
+
:type risk_category: RiskCategory
|
|
1351
1711
|
:param all_prompts: List of prompts to use for the scan
|
|
1712
|
+
:type all_prompts: List[str]
|
|
1352
1713
|
:param progress_bar: Progress bar to update
|
|
1714
|
+
:type progress_bar: tqdm
|
|
1353
1715
|
:param progress_bar_lock: Lock for the progress bar
|
|
1716
|
+
:type progress_bar_lock: asyncio.Lock
|
|
1354
1717
|
:param scan_name: Optional name for the evaluation
|
|
1355
|
-
:
|
|
1718
|
+
:type scan_name: Optional[str]
|
|
1719
|
+
:param skip_upload: Whether to return only data without evaluation
|
|
1720
|
+
:type skip_upload: bool
|
|
1356
1721
|
:param output_path: Optional path for output
|
|
1722
|
+
:type output_path: Optional[Union[str, os.PathLike]]
|
|
1357
1723
|
:param timeout: The timeout in seconds for API calls
|
|
1724
|
+
:type timeout: int
|
|
1725
|
+
:param _skip_evals: Whether to skip the actual evaluation process
|
|
1726
|
+
:type _skip_evals: bool
|
|
1727
|
+
:return: Evaluation result if available
|
|
1728
|
+
:rtype: Optional[EvaluationResult]
|
|
1358
1729
|
"""
|
|
1359
1730
|
strategy_name = self._get_strategy_name(strategy)
|
|
1360
1731
|
task_key = f"{strategy_name}_{risk_category.value}_attack"
|
|
@@ -1379,7 +1750,8 @@ class RedTeam():
|
|
|
1379
1750
|
progress_bar.update(1)
|
|
1380
1751
|
return None
|
|
1381
1752
|
|
|
1382
|
-
data_path = self._write_pyrit_outputs_to_file(orchestrator)
|
|
1753
|
+
data_path = self._write_pyrit_outputs_to_file(orchestrator=orchestrator, strategy_name=strategy_name, risk_category=risk_category.value)
|
|
1754
|
+
orchestrator.dispose_db_engine()
|
|
1383
1755
|
|
|
1384
1756
|
# Store data file in our tracking dictionary
|
|
1385
1757
|
self.red_team_info[strategy_name][risk_category.value]["data_file"] = data_path
|
|
@@ -1390,7 +1762,7 @@ class RedTeam():
|
|
|
1390
1762
|
scan_name=scan_name,
|
|
1391
1763
|
risk_category=risk_category,
|
|
1392
1764
|
strategy=strategy,
|
|
1393
|
-
|
|
1765
|
+
_skip_evals=_skip_evals,
|
|
1394
1766
|
data_path=data_path,
|
|
1395
1767
|
output_path=output_path,
|
|
1396
1768
|
)
|
|
@@ -1443,12 +1815,14 @@ class RedTeam():
|
|
|
1443
1815
|
scan_name: Optional[str] = None,
|
|
1444
1816
|
num_turns : int = 1,
|
|
1445
1817
|
attack_strategies: List[Union[AttackStrategy, List[AttackStrategy]]] = [],
|
|
1446
|
-
|
|
1818
|
+
skip_upload: bool = False,
|
|
1447
1819
|
output_path: Optional[Union[str, os.PathLike]] = None,
|
|
1448
1820
|
application_scenario: Optional[str] = None,
|
|
1449
1821
|
parallel_execution: bool = True,
|
|
1450
1822
|
max_parallel_tasks: int = 5,
|
|
1451
|
-
timeout: int = 120
|
|
1823
|
+
timeout: int = 120,
|
|
1824
|
+
skip_evals: bool = False,
|
|
1825
|
+
**kwargs: Any
|
|
1452
1826
|
) -> RedTeamResult:
|
|
1453
1827
|
"""Run a red team scan against the target using the specified strategies.
|
|
1454
1828
|
|
|
@@ -1460,8 +1834,8 @@ class RedTeam():
|
|
|
1460
1834
|
:type num_turns: int
|
|
1461
1835
|
:param attack_strategies: List of attack strategies to use
|
|
1462
1836
|
:type attack_strategies: List[Union[AttackStrategy, List[AttackStrategy]]]
|
|
1463
|
-
:param
|
|
1464
|
-
:type
|
|
1837
|
+
:param skip_upload: Flag to determine if the scan results should be uploaded
|
|
1838
|
+
:type skip_upload: bool
|
|
1465
1839
|
:param output_path: Optional path for output
|
|
1466
1840
|
:type output_path: Optional[Union[str, os.PathLike]]
|
|
1467
1841
|
:param application_scenario: Optional description of the application scenario
|
|
@@ -1472,8 +1846,10 @@ class RedTeam():
|
|
|
1472
1846
|
:type max_parallel_tasks: int
|
|
1473
1847
|
:param timeout: The timeout in seconds for API calls (default: 120)
|
|
1474
1848
|
:type timeout: int
|
|
1849
|
+
:param skip_evals: Whether to skip the evaluation process
|
|
1850
|
+
:type skip_evals: bool
|
|
1475
1851
|
:return: The output from the red team scan
|
|
1476
|
-
:rtype:
|
|
1852
|
+
:rtype: RedTeamResult
|
|
1477
1853
|
"""
|
|
1478
1854
|
# Start timing for performance tracking
|
|
1479
1855
|
self.start_time = time.time()
|
|
@@ -1505,7 +1881,7 @@ class RedTeam():
|
|
|
1505
1881
|
return False
|
|
1506
1882
|
if 'The path to the artifact is either not a directory or does not exist' in record.getMessage():
|
|
1507
1883
|
return False
|
|
1508
|
-
if '
|
|
1884
|
+
if 'RedTeamResult object at' in record.getMessage():
|
|
1509
1885
|
return False
|
|
1510
1886
|
if 'timeout won\'t take effect' in record.getMessage():
|
|
1511
1887
|
return False
|
|
@@ -1533,7 +1909,7 @@ class RedTeam():
|
|
|
1533
1909
|
self.logger.info(f"Scan ID: {self.scan_id}")
|
|
1534
1910
|
self.logger.info(f"Scan output directory: {self.scan_output_dir}")
|
|
1535
1911
|
self.logger.debug(f"Attack strategies: {attack_strategies}")
|
|
1536
|
-
self.logger.debug(f"
|
|
1912
|
+
self.logger.debug(f"skip_upload: {skip_upload}, output_path: {output_path}")
|
|
1537
1913
|
self.logger.debug(f"Timeout: {timeout} seconds")
|
|
1538
1914
|
|
|
1539
1915
|
# Clear, minimal output for start of scan
|
|
@@ -1611,241 +1987,236 @@ class RedTeam():
|
|
|
1611
1987
|
attack_strategies = [s for s in attack_strategies if s not in strategies_to_remove]
|
|
1612
1988
|
self.logger.info(f"Removed {len(strategies_to_remove)} redundant strategies: {[s.name for s in strategies_to_remove]}")
|
|
1613
1989
|
|
|
1614
|
-
|
|
1615
|
-
self.ai_studio_url =
|
|
1990
|
+
if skip_upload:
|
|
1991
|
+
self.ai_studio_url = None
|
|
1992
|
+
eval_run = {}
|
|
1993
|
+
else:
|
|
1994
|
+
eval_run = self._start_redteam_mlflow_run(self.azure_ai_project, scan_name)
|
|
1616
1995
|
|
|
1996
|
+
self.ai_studio_url = _get_ai_studio_url(trace_destination=self.trace_destination, evaluation_id=eval_run.info.run_id)
|
|
1617
1997
|
# Show URL for tracking progress
|
|
1618
1998
|
print(f"🔗 Track your red team scan in AI Foundry: {self.ai_studio_url}")
|
|
1619
1999
|
self.logger.info(f"Started MLFlow run: {self.ai_studio_url}")
|
|
1620
|
-
|
|
1621
|
-
|
|
1622
|
-
|
|
1623
|
-
|
|
1624
|
-
|
|
1625
|
-
|
|
1626
|
-
|
|
1627
|
-
|
|
1628
|
-
|
|
1629
|
-
|
|
1630
|
-
|
|
1631
|
-
|
|
1632
|
-
|
|
1633
|
-
|
|
1634
|
-
|
|
1635
|
-
|
|
1636
|
-
|
|
1637
|
-
|
|
1638
|
-
|
|
1639
|
-
|
|
1640
|
-
|
|
1641
|
-
|
|
1642
|
-
|
|
1643
|
-
|
|
1644
|
-
|
|
1645
|
-
|
|
1646
|
-
|
|
1647
|
-
|
|
1648
|
-
|
|
1649
|
-
|
|
1650
|
-
|
|
1651
|
-
|
|
1652
|
-
|
|
1653
|
-
|
|
1654
|
-
|
|
1655
|
-
|
|
1656
|
-
|
|
1657
|
-
|
|
2000
|
+
|
|
2001
|
+
log_subsection_header(self.logger, "Setting up scan configuration")
|
|
2002
|
+
flattened_attack_strategies = self._get_flattened_attack_strategies(attack_strategies)
|
|
2003
|
+
self.logger.info(f"Using {len(flattened_attack_strategies)} attack strategies")
|
|
2004
|
+
self.logger.info(f"Found {len(flattened_attack_strategies)} attack strategies")
|
|
2005
|
+
|
|
2006
|
+
orchestrators = self._get_orchestrators_for_attack_strategies(attack_strategies)
|
|
2007
|
+
self.logger.debug(f"Selected {len(orchestrators)} orchestrators for attack strategies")
|
|
2008
|
+
|
|
2009
|
+
# Calculate total tasks: #risk_categories * #converters * #orchestrators
|
|
2010
|
+
self.total_tasks = len(self.risk_categories) * len(flattened_attack_strategies) * len(orchestrators)
|
|
2011
|
+
# Show task count for user awareness
|
|
2012
|
+
print(f"📋 Planning {self.total_tasks} total tasks")
|
|
2013
|
+
self.logger.info(f"Total tasks: {self.total_tasks} ({len(self.risk_categories)} risk categories * {len(flattened_attack_strategies)} strategies * {len(orchestrators)} orchestrators)")
|
|
2014
|
+
|
|
2015
|
+
# Initialize our tracking dictionary early with empty structures
|
|
2016
|
+
# This ensures we have a place to store results even if tasks fail
|
|
2017
|
+
self.red_team_info = {}
|
|
2018
|
+
for strategy in flattened_attack_strategies:
|
|
2019
|
+
strategy_name = self._get_strategy_name(strategy)
|
|
2020
|
+
self.red_team_info[strategy_name] = {}
|
|
2021
|
+
for risk_category in self.risk_categories:
|
|
2022
|
+
self.red_team_info[strategy_name][risk_category.value] = {
|
|
2023
|
+
"data_file": "",
|
|
2024
|
+
"evaluation_result_file": "",
|
|
2025
|
+
"evaluation_result": None,
|
|
2026
|
+
"status": TASK_STATUS["PENDING"]
|
|
2027
|
+
}
|
|
2028
|
+
|
|
2029
|
+
self.logger.debug(f"Initialized tracking dictionary with {len(self.red_team_info)} strategies")
|
|
2030
|
+
|
|
2031
|
+
# More visible progress bar with additional status
|
|
2032
|
+
progress_bar = tqdm(
|
|
2033
|
+
total=self.total_tasks,
|
|
2034
|
+
desc="Scanning: ",
|
|
2035
|
+
ncols=100,
|
|
2036
|
+
unit="scan",
|
|
2037
|
+
bar_format="{l_bar}{bar}| {n_fmt}/{total_fmt} [{elapsed}<{remaining}, {rate_fmt}{postfix}]"
|
|
2038
|
+
)
|
|
2039
|
+
progress_bar.set_postfix({"current": "initializing"})
|
|
2040
|
+
progress_bar_lock = asyncio.Lock()
|
|
2041
|
+
|
|
2042
|
+
# Process all API calls sequentially to respect dependencies between objectives
|
|
2043
|
+
log_section_header(self.logger, "Fetching attack objectives")
|
|
2044
|
+
|
|
2045
|
+
# Log the objective source mode
|
|
2046
|
+
if using_custom_objectives:
|
|
2047
|
+
self.logger.info(f"Using custom attack objectives from {self.attack_objective_generator.custom_attack_seed_prompts}")
|
|
2048
|
+
print(f"📚 Using custom attack objectives from {self.attack_objective_generator.custom_attack_seed_prompts}")
|
|
2049
|
+
else:
|
|
2050
|
+
self.logger.info("Using attack objectives from Azure RAI service")
|
|
2051
|
+
print("📚 Using attack objectives from Azure RAI service")
|
|
2052
|
+
|
|
2053
|
+
# Dictionary to store all objectives
|
|
2054
|
+
all_objectives = {}
|
|
2055
|
+
|
|
2056
|
+
# First fetch baseline objectives for all risk categories
|
|
2057
|
+
# This is important as other strategies depend on baseline objectives
|
|
2058
|
+
self.logger.info("Fetching baseline objectives for all risk categories")
|
|
2059
|
+
for risk_category in self.risk_categories:
|
|
2060
|
+
progress_bar.set_postfix({"current": f"fetching baseline/{risk_category.value}"})
|
|
2061
|
+
self.logger.debug(f"Fetching baseline objectives for {risk_category.value}")
|
|
2062
|
+
baseline_objectives = await self._get_attack_objectives(
|
|
2063
|
+
risk_category=risk_category,
|
|
2064
|
+
application_scenario=application_scenario,
|
|
2065
|
+
strategy="baseline"
|
|
1658
2066
|
)
|
|
1659
|
-
|
|
1660
|
-
|
|
1661
|
-
|
|
1662
|
-
|
|
1663
|
-
|
|
1664
|
-
|
|
1665
|
-
|
|
1666
|
-
|
|
1667
|
-
|
|
1668
|
-
|
|
1669
|
-
|
|
1670
|
-
|
|
1671
|
-
|
|
1672
|
-
|
|
1673
|
-
|
|
1674
|
-
all_objectives = {}
|
|
2067
|
+
if "baseline" not in all_objectives:
|
|
2068
|
+
all_objectives["baseline"] = {}
|
|
2069
|
+
all_objectives["baseline"][risk_category.value] = baseline_objectives
|
|
2070
|
+
print(f"📝 Fetched baseline objectives for {risk_category.value}: {len(baseline_objectives)} objectives")
|
|
2071
|
+
|
|
2072
|
+
# Then fetch objectives for other strategies
|
|
2073
|
+
self.logger.info("Fetching objectives for non-baseline strategies")
|
|
2074
|
+
strategy_count = len(flattened_attack_strategies)
|
|
2075
|
+
for i, strategy in enumerate(flattened_attack_strategies):
|
|
2076
|
+
strategy_name = self._get_strategy_name(strategy)
|
|
2077
|
+
if strategy_name == "baseline":
|
|
2078
|
+
continue # Already fetched
|
|
2079
|
+
|
|
2080
|
+
print(f"🔄 Fetching objectives for strategy {i+1}/{strategy_count}: {strategy_name}")
|
|
2081
|
+
all_objectives[strategy_name] = {}
|
|
1675
2082
|
|
|
1676
|
-
# First fetch baseline objectives for all risk categories
|
|
1677
|
-
# This is important as other strategies depend on baseline objectives
|
|
1678
|
-
self.logger.info("Fetching baseline objectives for all risk categories")
|
|
1679
2083
|
for risk_category in self.risk_categories:
|
|
1680
|
-
progress_bar.set_postfix({"current": f"fetching
|
|
1681
|
-
self.logger.debug(f"Fetching
|
|
1682
|
-
|
|
2084
|
+
progress_bar.set_postfix({"current": f"fetching {strategy_name}/{risk_category.value}"})
|
|
2085
|
+
self.logger.debug(f"Fetching objectives for {strategy_name} strategy and {risk_category.value} risk category")
|
|
2086
|
+
objectives = await self._get_attack_objectives(
|
|
1683
2087
|
risk_category=risk_category,
|
|
1684
2088
|
application_scenario=application_scenario,
|
|
1685
|
-
strategy=
|
|
2089
|
+
strategy=strategy_name
|
|
1686
2090
|
)
|
|
1687
|
-
|
|
1688
|
-
all_objectives["baseline"] = {}
|
|
1689
|
-
all_objectives["baseline"][risk_category.value] = baseline_objectives
|
|
1690
|
-
print(f"📝 Fetched baseline objectives for {risk_category.value}: {len(baseline_objectives)} objectives")
|
|
1691
|
-
|
|
1692
|
-
# Then fetch objectives for other strategies
|
|
1693
|
-
self.logger.info("Fetching objectives for non-baseline strategies")
|
|
1694
|
-
strategy_count = len(flattened_attack_strategies)
|
|
1695
|
-
for i, strategy in enumerate(flattened_attack_strategies):
|
|
1696
|
-
strategy_name = self._get_strategy_name(strategy)
|
|
1697
|
-
if strategy_name == "baseline":
|
|
1698
|
-
continue # Already fetched
|
|
1699
|
-
|
|
1700
|
-
print(f"🔄 Fetching objectives for strategy {i+1}/{strategy_count}: {strategy_name}")
|
|
1701
|
-
all_objectives[strategy_name] = {}
|
|
2091
|
+
all_objectives[strategy_name][risk_category.value] = objectives
|
|
1702
2092
|
|
|
1703
|
-
|
|
1704
|
-
|
|
1705
|
-
|
|
1706
|
-
|
|
1707
|
-
|
|
1708
|
-
|
|
1709
|
-
|
|
1710
|
-
|
|
1711
|
-
|
|
1712
|
-
|
|
2093
|
+
self.logger.info("Completed fetching all attack objectives")
|
|
2094
|
+
|
|
2095
|
+
log_section_header(self.logger, "Starting orchestrator processing")
|
|
2096
|
+
|
|
2097
|
+
# Create all tasks for parallel processing
|
|
2098
|
+
orchestrator_tasks = []
|
|
2099
|
+
combinations = list(itertools.product(orchestrators, flattened_attack_strategies, self.risk_categories))
|
|
2100
|
+
|
|
2101
|
+
for combo_idx, (call_orchestrator, strategy, risk_category) in enumerate(combinations):
|
|
2102
|
+
strategy_name = self._get_strategy_name(strategy)
|
|
2103
|
+
objectives = all_objectives[strategy_name][risk_category.value]
|
|
1713
2104
|
|
|
1714
|
-
|
|
2105
|
+
if not objectives:
|
|
2106
|
+
self.logger.warning(f"No objectives found for {strategy_name}+{risk_category.value}, skipping")
|
|
2107
|
+
print(f"⚠️ No objectives found for {strategy_name}/{risk_category.value}, skipping")
|
|
2108
|
+
self.red_team_info[strategy_name][risk_category.value]["status"] = TASK_STATUS["COMPLETED"]
|
|
2109
|
+
async with progress_bar_lock:
|
|
2110
|
+
progress_bar.update(1)
|
|
2111
|
+
continue
|
|
1715
2112
|
|
|
1716
|
-
|
|
1717
|
-
# Removed console output
|
|
2113
|
+
self.logger.debug(f"[{combo_idx+1}/{len(combinations)}] Creating task: {call_orchestrator.__name__} + {strategy_name} + {risk_category.value}")
|
|
1718
2114
|
|
|
1719
|
-
|
|
1720
|
-
|
|
1721
|
-
|
|
2115
|
+
orchestrator_tasks.append(
|
|
2116
|
+
self._process_attack(
|
|
2117
|
+
target=target,
|
|
2118
|
+
call_orchestrator=call_orchestrator,
|
|
2119
|
+
all_prompts=objectives,
|
|
2120
|
+
strategy=strategy,
|
|
2121
|
+
progress_bar=progress_bar,
|
|
2122
|
+
progress_bar_lock=progress_bar_lock,
|
|
2123
|
+
scan_name=scan_name,
|
|
2124
|
+
skip_upload=skip_upload,
|
|
2125
|
+
output_path=output_path,
|
|
2126
|
+
risk_category=risk_category,
|
|
2127
|
+
timeout=timeout,
|
|
2128
|
+
_skip_evals=skip_evals,
|
|
2129
|
+
)
|
|
2130
|
+
)
|
|
1722
2131
|
|
|
1723
|
-
|
|
1724
|
-
|
|
1725
|
-
|
|
2132
|
+
# Process tasks in parallel with optimized batching
|
|
2133
|
+
if parallel_execution and orchestrator_tasks:
|
|
2134
|
+
print(f"⚙️ Processing {len(orchestrator_tasks)} tasks in parallel (max {max_parallel_tasks} at a time)")
|
|
2135
|
+
self.logger.info(f"Processing {len(orchestrator_tasks)} tasks in parallel (max {max_parallel_tasks} at a time)")
|
|
2136
|
+
|
|
2137
|
+
# Create batches for processing
|
|
2138
|
+
for i in range(0, len(orchestrator_tasks), max_parallel_tasks):
|
|
2139
|
+
end_idx = min(i + max_parallel_tasks, len(orchestrator_tasks))
|
|
2140
|
+
batch = orchestrator_tasks[i:end_idx]
|
|
2141
|
+
progress_bar.set_postfix({"current": f"batch {i//max_parallel_tasks+1}/{math.ceil(len(orchestrator_tasks)/max_parallel_tasks)}"})
|
|
2142
|
+
self.logger.debug(f"Processing batch of {len(batch)} tasks (tasks {i+1} to {end_idx})")
|
|
1726
2143
|
|
|
1727
|
-
|
|
1728
|
-
|
|
1729
|
-
|
|
1730
|
-
|
|
1731
|
-
|
|
1732
|
-
progress_bar.update(1)
|
|
1733
|
-
continue
|
|
1734
|
-
|
|
1735
|
-
self.logger.debug(f"[{combo_idx+1}/{len(combinations)}] Creating task: {call_orchestrator.__name__} + {strategy_name} + {risk_category.value}")
|
|
1736
|
-
|
|
1737
|
-
orchestrator_tasks.append(
|
|
1738
|
-
self._process_attack(
|
|
1739
|
-
target=target,
|
|
1740
|
-
call_orchestrator=call_orchestrator,
|
|
1741
|
-
all_prompts=objectives,
|
|
1742
|
-
strategy=strategy,
|
|
1743
|
-
progress_bar=progress_bar,
|
|
1744
|
-
progress_bar_lock=progress_bar_lock,
|
|
1745
|
-
scan_name=scan_name,
|
|
1746
|
-
data_only=data_only,
|
|
1747
|
-
output_path=output_path,
|
|
1748
|
-
risk_category=risk_category,
|
|
1749
|
-
timeout=timeout
|
|
2144
|
+
try:
|
|
2145
|
+
# Add timeout to each batch
|
|
2146
|
+
await asyncio.wait_for(
|
|
2147
|
+
asyncio.gather(*batch),
|
|
2148
|
+
timeout=timeout * 2 # Double timeout for batches
|
|
1750
2149
|
)
|
|
1751
|
-
|
|
1752
|
-
|
|
1753
|
-
|
|
1754
|
-
|
|
1755
|
-
|
|
1756
|
-
|
|
2150
|
+
except asyncio.TimeoutError:
|
|
2151
|
+
self.logger.warning(f"Batch {i//max_parallel_tasks+1} timed out after {timeout*2} seconds")
|
|
2152
|
+
print(f"⚠️ Batch {i//max_parallel_tasks+1} timed out, continuing with next batch")
|
|
2153
|
+
# Set task status to TIMEOUT
|
|
2154
|
+
batch_task_key = f"scan_batch_{i//max_parallel_tasks+1}"
|
|
2155
|
+
self.task_statuses[batch_task_key] = TASK_STATUS["TIMEOUT"]
|
|
2156
|
+
continue
|
|
2157
|
+
except Exception as e:
|
|
2158
|
+
log_error(self.logger, f"Error processing batch {i//max_parallel_tasks+1}", e)
|
|
2159
|
+
self.logger.debug(f"Error in batch {i//max_parallel_tasks+1}: {str(e)}")
|
|
2160
|
+
continue
|
|
2161
|
+
else:
|
|
2162
|
+
# Sequential execution
|
|
2163
|
+
self.logger.info("Running orchestrator processing sequentially")
|
|
2164
|
+
print("⚙️ Processing tasks sequentially")
|
|
2165
|
+
for i, task in enumerate(orchestrator_tasks):
|
|
2166
|
+
progress_bar.set_postfix({"current": f"task {i+1}/{len(orchestrator_tasks)}"})
|
|
2167
|
+
self.logger.debug(f"Processing task {i+1}/{len(orchestrator_tasks)}")
|
|
1757
2168
|
|
|
1758
|
-
|
|
1759
|
-
|
|
1760
|
-
|
|
1761
|
-
|
|
1762
|
-
|
|
1763
|
-
|
|
1764
|
-
|
|
1765
|
-
|
|
1766
|
-
|
|
1767
|
-
|
|
1768
|
-
|
|
1769
|
-
|
|
1770
|
-
|
|
1771
|
-
|
|
1772
|
-
|
|
1773
|
-
|
|
1774
|
-
|
|
1775
|
-
|
|
1776
|
-
|
|
1777
|
-
|
|
1778
|
-
|
|
1779
|
-
|
|
1780
|
-
|
|
1781
|
-
|
|
1782
|
-
|
|
1783
|
-
|
|
1784
|
-
|
|
1785
|
-
|
|
1786
|
-
|
|
1787
|
-
|
|
1788
|
-
|
|
1789
|
-
|
|
1790
|
-
|
|
1791
|
-
|
|
1792
|
-
|
|
1793
|
-
|
|
1794
|
-
|
|
1795
|
-
|
|
1796
|
-
|
|
1797
|
-
|
|
1798
|
-
|
|
1799
|
-
|
|
1800
|
-
|
|
1801
|
-
|
|
1802
|
-
self.logger.debug(f"Error in task {i+1}: {str(e)}")
|
|
1803
|
-
continue
|
|
1804
|
-
|
|
1805
|
-
progress_bar.close()
|
|
1806
|
-
|
|
1807
|
-
# Print final status
|
|
1808
|
-
tasks_completed = sum(1 for status in self.task_statuses.values() if status == TASK_STATUS["COMPLETED"])
|
|
1809
|
-
tasks_failed = sum(1 for status in self.task_statuses.values() if status == TASK_STATUS["FAILED"])
|
|
1810
|
-
tasks_timeout = sum(1 for status in self.task_statuses.values() if status == TASK_STATUS["TIMEOUT"])
|
|
1811
|
-
|
|
1812
|
-
total_time = time.time() - self.start_time
|
|
1813
|
-
# Only log the summary to file, don't print to console
|
|
1814
|
-
self.logger.info(f"Scan Summary: Total tasks: {self.total_tasks}, Completed: {tasks_completed}, Failed: {tasks_failed}, Timeouts: {tasks_timeout}, Total time: {total_time/60:.1f} minutes")
|
|
1815
|
-
|
|
1816
|
-
# Process results
|
|
1817
|
-
log_section_header(self.logger, "Processing results")
|
|
1818
|
-
|
|
1819
|
-
# Convert results to RedTeamResult using only red_team_info
|
|
1820
|
-
red_team_result = self._to_red_team_result()
|
|
1821
|
-
scan_result = ScanResult(
|
|
1822
|
-
scorecard=red_team_result["scorecard"],
|
|
1823
|
-
parameters=red_team_result["parameters"],
|
|
1824
|
-
attack_details=red_team_result["attack_details"],
|
|
1825
|
-
studio_url=red_team_result["studio_url"],
|
|
1826
|
-
)
|
|
1827
|
-
|
|
1828
|
-
# Create output with either full results or just conversations
|
|
1829
|
-
if data_only:
|
|
1830
|
-
self.logger.info("Data-only mode, creating output with just conversations")
|
|
1831
|
-
output = RedTeamResult(scan_result=scan_result, attack_details=red_team_result["attack_details"])
|
|
1832
|
-
else:
|
|
1833
|
-
output = RedTeamResult(
|
|
1834
|
-
scan_result=red_team_result,
|
|
1835
|
-
attack_details=red_team_result["attack_details"]
|
|
1836
|
-
)
|
|
1837
|
-
|
|
1838
|
-
# Log results to MLFlow
|
|
2169
|
+
try:
|
|
2170
|
+
# Add timeout to each task
|
|
2171
|
+
await asyncio.wait_for(task, timeout=timeout)
|
|
2172
|
+
except asyncio.TimeoutError:
|
|
2173
|
+
self.logger.warning(f"Task {i+1}/{len(orchestrator_tasks)} timed out after {timeout} seconds")
|
|
2174
|
+
print(f"⚠️ Task {i+1} timed out, continuing with next task")
|
|
2175
|
+
# Set task status to TIMEOUT
|
|
2176
|
+
task_key = f"scan_task_{i+1}"
|
|
2177
|
+
self.task_statuses[task_key] = TASK_STATUS["TIMEOUT"]
|
|
2178
|
+
continue
|
|
2179
|
+
except Exception as e:
|
|
2180
|
+
log_error(self.logger, f"Error processing task {i+1}/{len(orchestrator_tasks)}", e)
|
|
2181
|
+
self.logger.debug(f"Error in task {i+1}: {str(e)}")
|
|
2182
|
+
continue
|
|
2183
|
+
|
|
2184
|
+
progress_bar.close()
|
|
2185
|
+
|
|
2186
|
+
# Print final status
|
|
2187
|
+
tasks_completed = sum(1 for status in self.task_statuses.values() if status == TASK_STATUS["COMPLETED"])
|
|
2188
|
+
tasks_failed = sum(1 for status in self.task_statuses.values() if status == TASK_STATUS["FAILED"])
|
|
2189
|
+
tasks_timeout = sum(1 for status in self.task_statuses.values() if status == TASK_STATUS["TIMEOUT"])
|
|
2190
|
+
|
|
2191
|
+
total_time = time.time() - self.start_time
|
|
2192
|
+
# Only log the summary to file, don't print to console
|
|
2193
|
+
self.logger.info(f"Scan Summary: Total tasks: {self.total_tasks}, Completed: {tasks_completed}, Failed: {tasks_failed}, Timeouts: {tasks_timeout}, Total time: {total_time/60:.1f} minutes")
|
|
2194
|
+
|
|
2195
|
+
# Process results
|
|
2196
|
+
log_section_header(self.logger, "Processing results")
|
|
2197
|
+
|
|
2198
|
+
# Convert results to RedTeamResult using only red_team_info
|
|
2199
|
+
red_team_result = self._to_red_team_result()
|
|
2200
|
+
scan_result = ScanResult(
|
|
2201
|
+
scorecard=red_team_result["scorecard"],
|
|
2202
|
+
parameters=red_team_result["parameters"],
|
|
2203
|
+
attack_details=red_team_result["attack_details"],
|
|
2204
|
+
studio_url=red_team_result["studio_url"],
|
|
2205
|
+
)
|
|
2206
|
+
|
|
2207
|
+
output = RedTeamResult(
|
|
2208
|
+
scan_result=red_team_result,
|
|
2209
|
+
attack_details=red_team_result["attack_details"]
|
|
2210
|
+
)
|
|
2211
|
+
|
|
2212
|
+
if not skip_upload:
|
|
1839
2213
|
self.logger.info("Logging results to MLFlow")
|
|
1840
2214
|
await self._log_redteam_results_to_mlflow(
|
|
1841
|
-
|
|
2215
|
+
redteam_result=output,
|
|
1842
2216
|
eval_run=eval_run,
|
|
1843
|
-
|
|
2217
|
+
_skip_evals=skip_evals
|
|
1844
2218
|
)
|
|
1845
2219
|
|
|
1846
|
-
if data_only:
|
|
1847
|
-
self.logger.info("Data-only mode, returning results without evaluation")
|
|
1848
|
-
return output
|
|
1849
2220
|
|
|
1850
2221
|
if output_path and output.scan_result:
|
|
1851
2222
|
# Ensure output_path is an absolute path
|
|
@@ -1884,4 +2255,8 @@ class RedTeam():
|
|
|
1884
2255
|
|
|
1885
2256
|
print(f"✅ Scan completed successfully!")
|
|
1886
2257
|
self.logger.info("Scan completed successfully")
|
|
2258
|
+
for handler in self.logger.handlers:
|
|
2259
|
+
if isinstance(handler, logging.FileHandler):
|
|
2260
|
+
handler.close()
|
|
2261
|
+
self.logger.removeHandler(handler)
|
|
1887
2262
|
return output
|