Code Firewall FAQs

Question 1

What is Code Firewall and how does it work?

Accepted Answer

Code Firewall is a security tool designed to filter potentially malicious code before execution. It works by parsing code into a structural skeleton, normalizing it while preserving security-sensitive keywords, embedding this structure using Ollama, and then comparing it against a ChromaDB-stored blacklist of known-bad patterns. If similarity exceeds a threshold, the code is blocked.

Question 2

How does Code Firewall protect against new or varied attack patterns?

Accepted Answer

By focusing on structural similarity rather than exact string matches, Code Firewall can detect dangerous patterns even when specific identifiers, arguments, or literals are changed. For example, `os.system('rm -rf /')` and `os.system('ls')` share an identical dangerous structure, which the firewall identifies regardless of the command used.

Question 3

What are the key benefits of using Code Firewall for LLM applications?

Accepted Answer

Code Firewall acts as a crucial gatekeeper for LLM-driven execution tools (like those using Model Context Protocol - MCP). It prevents large language models from inadvertently or maliciously executing dangerous code snippets, enhancing the security posture of AI applications by pre-filtering code output from generative models.

Question 4

How can I manage and customize the blacklist of dangerous code patterns?

Accepted Answer

Code Firewall provides an API for dynamic blacklist management. You can use `firewall_blacklist` to add new dangerous patterns, `firewall_remove_pattern` to delete existing ones, and `firewall_record_delta` to capture 'near-miss' variants. This allows you to continuously sharpen the classifier based on audit feedback and evolving threat landscapes.

Question 5

What are the core requirements to run Code Firewall?

Accepted Answer

To run Code Firewall, you need Python 3.10+, an Ollama server for generating code embeddings, and ChromaDB for storing the vector-based blacklist. The tool offers automated setup utilities for Ollama on macOS, simplifying the initial configuration process.

Code Firewall

Code Firewall

主要功能

使用案例

主要功能

使用案例