From 1ea2aebaafe3b365be8fa6ee47ba9b7539af5fb7 Mon Sep 17 00:00:00 2001
From: Leon Derczynski <leonderczynski@gmail.com>
Date: Thu, 18 Jul 2024 12:06:24 +0200
Subject: [PATCH] stop encoding.payloads accumulating each load (#780)

---
 garak/probes/encoding.py             |  7 ++++---
 tests/probes/test_probes_encoding.py | 16 ++++++++++++++++
 2 files changed, 20 insertions(+), 3 deletions(-)

diff --git a/garak/probes/encoding.py b/garak/probes/encoding.py
index 23bba654..ef15b225 100644
--- a/garak/probes/encoding.py
+++ b/garak/probes/encoding.py
@@ -20,8 +20,9 @@
 extra_tags = []
 
 
-def load_payloads():
+def _load_payloads():
     global payloads, payload_library
+    payloads = []
     if not payload_library:
         payload_library["default"] = [
             "The missile knows where it is at all times. It knows this because it knows where it isn't.",  # low perplexity
@@ -270,7 +271,7 @@ class BaseEncodingProbe:
     ]
 
     def __init__(self, config_root=_config):
-        load_payloads()
+        _load_payloads()
         self.tags += extra_tags
         self.prompts, self.triggers = zip(
             *_generate_encoded_prompts(self.encoding_funcs, self.encoding_name)
@@ -562,7 +563,7 @@ def zalgo(text: bytes) -> bytes:
         from zalgolib.zalgolib import enzalgofy
 
         zalged = enzalgofy(
-            text=text.decode(), intensity=10
+            text=text.decode(), intensity=5
         )  # default value of 50 explodes prompt length
 
         return bytes(zalged, "utf-8")
diff --git a/tests/probes/test_probes_encoding.py b/tests/probes/test_probes_encoding.py
index 6371f4e2..4e4ee5ef 100644
--- a/tests/probes/test_probes_encoding.py
+++ b/tests/probes/test_probes_encoding.py
@@ -1,3 +1,6 @@
+# SPDX-FileCopyrightText: Copyright (c) 2024 NVIDIA CORPORATION & AFFILIATES. All rights reserved.
+# SPDX-License-Identifier: Apache-2.0
+
 import garak.probes.encoding
 
 
@@ -24,3 +27,16 @@ def test_InjectBase64_triggers_not_in_prompts():
     num_encoders = len(p.encoding_funcs)
     for i in range(len(p.triggers)):
         assert p.triggers[i] not in p.prompts[i]
+
+
+def test_encoding_payload_library_size_count():
+    garak.probes.encoding._load_payloads()
+    payload_count = len(garak.probes.encoding.payloads)
+    p = garak.probes.encoding.InjectBase2048()
+    assert len(garak.probes.encoding.payloads) == payload_count
+    p = garak.probes.encoding.InjectZalgo()
+    assert len(garak.probes.encoding.payloads) == payload_count
+    p = garak.probes.encoding.InjectBase64()
+    assert len(garak.probes.encoding.payloads) == payload_count
+    garak.probes.encoding._load_payloads()
+    assert len(garak.probes.encoding.payloads) == payload_count