Post ASsEdh4sywihW4on3I by ret2bed@infosec.exchange
 (DIR) More posts by ret2bed@infosec.exchange
 (DIR) Post #ASsEdh4sywihW4on3I by ret2bed@infosec.exchange
       2023-02-20T12:09:14Z
       
       1 likes, 0 repeats
       
       That's interesting:https://github.com/chris-koch-penn/gpt3_security_vulnerability_scannerSomeone "scanned" a repo with many different test cases with GPT-3 and it was quite good at detecting vulnerabilities. However, these test cases usually had class names like LogInjectionClass, DirectoryTraversalTest etc.I checked and just changing the log injection class name to TestClass was enough so that it could not find the vulnerability anymore. Renaming it to LdapInjection convinced it that the vulnerability was indeed an LDAP injection.I don't think it would currently hold up as well as this repo tries to suggest.