Skip to content

fix: metadata and vuln_id handling in AVID report export #1495

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Dec 2, 2025
Merged

fix: metadata and vuln_id handling in AVID report export #1495

merged 2 commits into from
Dec 2, 2025

Conversation

@saichandrapandraju
Copy link
Contributor

@saichandrapandraju saichandrapandraju commented Nov 21, 2025
edited
Loading

Fix AVID report export errors related to metadata keys and the default vuln_id. details in this comment.

Changes:

  • Updated entry type check from config to start_run setup.
  • Updated metadata references to correctly access plugin attributes for target name and type.
  • Added a default value (None) for vuln_id in the impact section.

Fixes:

  • Resolves TypeError: 'NoneType' object is not subscriptable when metadata is accessed
  • Resolves KeyError: 'target_type' when accessing metadata
  • Resolves pydantic validation error: "Field required [type=missing]" for vuln_id

Verification

List the steps needed to make sure this thing works

  • Run garak -r <report_path> and confirm that AVID reports are generated successfully.

@saichandrapandraju saichandrapandraju changed the title fix(report): Update metadata access and default value for vuln_id fix(report): Fix metadata and vuln_id handling in AVID report export Nov 21, 2025
@leondz
Copy link
Collaborator

leondz commented Nov 21, 2025

Thanks for this! Do you have a pointer to reproducing the fixed errors? They sound like they'd make decent tests

leondz
leondz previously requested changes Nov 21, 2025
View reviewed changes
Copy link
Collaborator

@leondz leondz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The code looks good! Would appreciate info on test cases

erickgalinkin
erickgalinkin reviewed Nov 21, 2025
View reviewed changes
Copy link
Collaborator

@erickgalinkin erickgalinkin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1 to Leon's comments. Would love to see the failing test cases but otherwise lgtm.

@saichandrapandraju
Copy link
Contributor Author

saichandrapandraju commented Nov 21, 2025
edited
Loading

Hi @leondz & @erickgalinkin, thank you for looking into this.

For the below sample run -

> garak --probes dan.AntiDAN -t openai.OpenAICompatible -n qwen2 --generator_options '{"openai": {"OpenAICompatible": {"uri": "http://localhost:8080/v1", "model": "qwen2", "api_key": "DUMMY", "suppressed_params": ["n"]}}}'
garak LLM vulnerability scanner v0.13.3.pre1 ( https://github.com/NVIDIA/garak ) at 2025-11-21T09:31:58.145498
📜 logging to /Users/spandraj/.local/share/garak/garak.log
🦜 loading generator: OpenAICompatible: qwen2
📜 reporting to /Users/spandraj/.local/share/garak/garak_runs/garak.0d763de6-1cd6-46b0-9d50-51a546abd672.report.jsonl
🕵️  queue of probes: dan.AntiDAN
dan.AntiDAN                                                                              dan.AntiDAN: FAIL  ok on    0/   1   (attack success rate: 100.00%)              
dan.AntiDAN                                                              mitigation.MitigationBypass: PASS  ok on    1/   1
📜 report closed :) /Users/spandraj/.local/share/garak/garak_runs/garak.0d763de6-1cd6-46b0-9d50-51a546abd672.report.jsonl
📜 report html summary being written to /Users/spandraj/.local/share/garak/garak_runs/garak.0d763de6-1cd6-46b0-9d50-51a546abd672.report.html
✔️  garak run complete in 4.75s

Before any fixes:


garak -r /Users/spandraj/.local/share/garak/garak_runs/garak.0d763de6-1cd6-46b0-9d50-51a546abd672.report.jsonl
garak LLM vulnerability scanner v0.13.3.pre1 ( https://github.com/NVIDIA/garak ) at 2025-11-21T09:32:49.338839
/Users/spandraj/.pyenv/versions/3.12.9/envs/garak-dev/lib/python3.12/site-packages/pydantic/_internal/_config.py:383: UserWarning: Valid config keys have changed in V2:
* 'fields' has been removed
  warnings.warn(message, UserWarning)
📜 Converting garak reports /Users/spandraj/.local/share/garak/garak_runs/garak.0d763de6-1cd6-46b0-9d50-51a546abd672.report.jsonl
Traceback (most recent call last):
  File "/Users/spandraj/.pyenv/versions/garak-dev/bin/garak", line 8, in <module>
    sys.exit(main())
             ^^^^^^
  File "/Users/spandraj/dev/redteam_playground/garak/garak/__main__.py", line 9, in main
    cli.main(sys.argv[1:])
  File "/Users/spandraj/dev/redteam_playground/garak/garak/cli.py", line 541, in main
    report.export()
  File "/Users/spandraj/dev/redteam_playground/garak/garak/report.py", line 121, in export
    value=f"The model {self.metadata['plugins.target_name']} from {self.metadata['plugins.target_type']} was evaluated by the Garak LLM Vunerability scanner using the probe `{probe}`.",
                       ~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^
TypeError: 'NoneType' object is not subscriptable

After the 1st update (entry type check from config to start_run setup)

> garak -r /Users/spandraj/.local/share/garak/garak_runs/garak.0d763de6-1cd6-46b0-9d50-51a546abd672.report.jsonl
garak LLM vulnerability scanner v0.13.3.pre1 ( https://github.com/NVIDIA/garak ) at 2025-11-21T09:33:29.915263
/Users/spandraj/.pyenv/versions/3.12.9/envs/garak-dev/lib/python3.12/site-packages/pydantic/_internal/_config.py:383: UserWarning: Valid config keys have changed in V2:
* 'fields' has been removed
  warnings.warn(message, UserWarning)
📜 Converting garak reports /Users/spandraj/.local/share/garak/garak_runs/garak.0d763de6-1cd6-46b0-9d50-51a546abd672.report.jsonl
Traceback (most recent call last):
  File "/Users/spandraj/.pyenv/versions/garak-dev/bin/garak", line 8, in <module>
    sys.exit(main())
             ^^^^^^
  File "/Users/spandraj/dev/redteam_playground/garak/garak/__main__.py", line 9, in main
    cli.main(sys.argv[1:])
  File "/Users/spandraj/dev/redteam_playground/garak/garak/cli.py", line 541, in main
    report.export()
  File "/Users/spandraj/dev/redteam_playground/garak/garak/report.py", line 95, in export
    deployer=[self.metadata["target_type"]],
              ~~~~~~~~~~~~~^^^^^^^^^^^^^^^
KeyError: 'target_type'

After the 2nd update (metadata references to correctly access plugin.* attributes for target name and type.)

> garak -r /Users/spandraj/.local/share/garak/garak_runs/garak.0d763de6-1cd6-46b0-9d50-51a546abd672.report.jsonl
garak LLM vulnerability scanner v0.13.3.pre1 ( https://github.com/NVIDIA/garak ) at 2025-11-21T09:33:59.326421
/Users/spandraj/.pyenv/versions/3.12.9/envs/garak-dev/lib/python3.12/site-packages/pydantic/_internal/_config.py:383: UserWarning: Valid config keys have changed in V2:
* 'fields' has been removed
  warnings.warn(message, UserWarning)
📜 Converting garak reports /Users/spandraj/.local/share/garak/garak_runs/garak.0d763de6-1cd6-46b0-9d50-51a546abd672.report.jsonl
1 validation error for AvidTaxonomy
vuln_id
  Field required [type=missing, input_value={'risk_domain': ['Securit... 'taxonomy_version': ''}, input_type=dict]
    For further information visit https://errors.pydantic.dev/2.12/v/missing

After the final 3rd update (default value (None) for vuln_id in the impact section.)

> garak -r /Users/spandraj/.local/share/garak/garak_runs/garak.0d763de6-1cd6-46b0-9d50-51a546abd672.report.jsonl
garak LLM vulnerability scanner v0.13.3.pre1 ( https://github.com/NVIDIA/garak ) at 2025-11-21T09:34:08.855430
/Users/spandraj/.pyenv/versions/3.12.9/envs/garak-dev/lib/python3.12/site-packages/pydantic/_internal/_config.py:383: UserWarning: Valid config keys have changed in V2:
* 'fields' has been removed
  warnings.warn(message, UserWarning)
📜 Converting garak reports /Users/spandraj/.local/share/garak/garak_runs/garak.0d763de6-1cd6-46b0-9d50-51a546abd672.report.jsonl
📜 AVID reports generated at /Users/spandraj/.local/share/garak/garak_runs/garak.0d763de6-1cd6-46b0-9d50-51a546abd672.avid.jsonl

They sound like they'd make decent tests

Absolutely, I can create a test file for this report.py. I might have to overwrite/replace tests/_assests/test.report.jsonl with a similar report generated with latest garak to use target_type and target_name in order to use it for potential tests/test_report.py, is it okay to do so?

@leondz
Copy link
Collaborator

leondz commented Nov 21, 2025

Thanks!

I might have to overwrite/replace tests/_assests/test.report.jsonl with a similar report generated with latest garak to use target_type and target_name in order to use it for potential tests/test_report.py, is it okay to do so?

Is it possible to create a new file in _assets, e.g. report_test.report.jsonl?

@saichandrapandraju
Copy link
Contributor Author

saichandrapandraju commented Nov 21, 2025

Ofc, thanks for the clarification. Will create a tests/test_report.py in a bit.

saichandrapandraju
saichandrapandraju commented Nov 21, 2025
View reviewed changes
garak/report.py
)
report.metrics = [
ac.Metric(
name="",
Copy link
Contributor Author

@saichandrapandraju saichandrapandraju Nov 21, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Curious why name is an empty string.

Copy link
Collaborator

@leondz leondz Nov 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@shubhobm Can you help here?

@saichandrapandraju saichandrapandraju mentioned this pull request Nov 21, 2025
Merged
jmartin-tech
jmartin-tech reviewed Dec 2, 2025
View reviewed changes
Copy link
Collaborator

@jmartin-tech jmartin-tech left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changes here have been validated for resolution of the reported failure. This will land shortly.

The question about naming the reported metric is still open to the original feature author.

@jmartin-tech jmartin-tech dismissed leondz’s stale review December 2, 2025 17:57

Requested testing has been supplied.

@jmartin-tech jmartin-tech changed the title fix(report): Fix metadata and vuln_id handling in AVID report export fix: metadata and vuln_id handling in AVID report export Dec 2, 2025
@jmartin-tech jmartin-tech merged commit 9b8ed0c into NVIDIA:main Dec 2, 2025
15 checks passed
@github-actions github-actions bot locked and limited conversation to collaborators Dec 2, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@jmartin-tech jmartin-tech jmartin-tech left review comments

@erickgalinkin erickgalinkin erickgalinkin left review comments

@shubhobm shubhobm Awaiting requested review from shubhobm

@aishwaryap aishwaryap Awaiting requested review from aishwaryap

@patriciapampanelli patriciapampanelli Awaiting requested review from patriciapampanelli

@leondz leondz Awaiting requested review from leondz

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@saichandrapandraju @leondz @jmartin-tech @erickgalinkin