search

ScottLogic / prompt-injection

Application which investigates defensive measures against prompt injection attacks on an LLM, with a focus on the exposure of external tools.
MIT License
15 stars 10 forks source link

Reset button not working in remote deployment #787

Closed chriswilty closed 7 months ago

chriswilty commented 7 months ago

Bug report

Description

It was noted in demo that the Reset Progress button is not working when deployed to remote. Seems this is because of a leading slash on the path the frontend uses to send the request - see frontend/src/service/levelService and compare to e.g.

Reproduction steps

Steps to reproduce the behaviour:

  1. Deploy live env
  2. Open the Network tab in browser devtools
  3. Click on Reset All Progress button in UI
  4. Click Reset in the confirmation dialog. Note that the dialog does not close.
  5. Note error response in Network tab.

You will see that the path is different for this request, missing the "/dev" prefix compared with other successful requests. It manifests as a CORS issue but that's simply because the path was not recognised, so the request didn't even reach the backend service.

Expected behaviour

All progress is reset, dialog closes, and no error seen in Network tab.

Screenshots

Image

Software (please complete the following information):

Acceptance criteria

GIVEN the application is deployed in AWS AND I have begun a chat with the bot WHEN I click on Reset Progress button in header AND a confirmation dialog opens AND I click Reset button THEN the dialog closes AND all chats and level progress are reset to the start of the game

chriswilty commented 7 months ago

@kclark-scottlogic I've deployed this to remote now, so it's ready for verification. Works for me 🤞

kclark-scottlogic commented 7 months ago

Moving back to in progress as when hitting reset progress chat log is still there even after the popups have appeared and if you proceed to level 2 and then reset, The chat still says you have passed level 1

chriswilty commented 7 months ago

This is something we've never noticed when running locally. I'm trying to work out why that would be, but the upshot is, we appear to be mutating our chat history in the "initial" state object, then one we use when resetting all progress. This means that when we come to (attempt to) reset all progress, we now have some history in the objects that represent "initial" history state, when these are supposed to be empty lists.

chriswilty commented 7 months ago

@kclark-scottlogic As our AWS env is no longer available, can you just ensure it still works when running locally, i.e. regression test the reset progress functionality? Thanks!