Spaces:

AdityaDevx
/

vulnerability-scanner-api

Running

App Files Files Community

AdityaDevx commited on 3 days ago

Commit

200e3d7

1 Parent(s): dda1f70

Gradio vulnerability scanner

Browse files

Files changed (2) hide show

app.py +314 -0
requirements.txt +2 -5

app.py ADDED Viewed

	@@ -0,0 +1,314 @@

+import gradio as gr
+import re
+import os
+import requests
+import base64
+from groq import Groq
+def parse_github_url(url):
+    """Parse GitHub URL to extract owner, repo, and file path"""
+    url = url.strip().rstrip('/')
+    # File URL
+    m = re.match(r"https://github\.com/([^/]+)/([^/]+)/blob/[^/]+/(.+)", url)
+    if m:
+        return m.group(1), m.group(2), m.group(3), False
+    # Repo URL
+    m = re.match(r"https://github\.com/([^/]+)/([^/]+)/?$", url)
+    if m:
+        return m.group(1), m.group(2), None, True
+    return None, None, None, False
+def get_file_content(owner, repo, path):
+    """Fetch file content from GitHub"""
+    token = os.getenv("GITHUB_TOKEN", "")
+    headers = {"Authorization": f"token {token}"} if token else {}
+    url = f"https://api.github.com/repos/{owner}/{repo}/contents/{path}"
+    try:
+        r = requests.get(url, headers=headers, timeout=15)
+        if r.status_code != 200:
+            return None, f"GitHub API error: {r.status_code}"
+        data = r.json()
+        content = base64.b64decode(data["content"]).decode("utf-8", errors="replace")
+        return content, None
+    except Exception as e:
+        return None, f"Error fetching file: {str(e)}"
+def get_repo_files(owner, repo, path="", max_files=15):
+    """Get list of code files from repository"""
+    token = os.getenv("GITHUB_TOKEN", "")
+    headers = {"Authorization": f"token {token}"} if token else {}
+    url = f"https://api.github.com/repos/{owner}/{repo}/contents/{path}"
+    try:
+        r = requests.get(url, headers=headers, timeout=15)
+        if r.status_code != 200:
+            return []
+        items = r.json()
+        files = []
+        for item in items:
+            if len(files) >= max_files:
+                break
+            if item['type'] == 'file':
+                ext = item['name'].split('.')[-1].lower()
+                if ext in ['py', 'js', 'jsx', 'ts', 'tsx', 'java', 'cpp', 'c', 'php', 'rb', 'go', 'rs', 'sql', 'sh']:
+                    files.append(item['path'])
+            elif item['type'] == 'dir' and item['name'] not in ['.git', 'node_modules', '__pycache__', 'dist', 'build']:
+                files.extend(get_repo_files(owner, repo, item['path'], max_files - len(files)))
+        return files
+    except:
+        return []
+def scan_file(owner, repo, file_path, progress=gr.Progress()):
+    """Scan a single file for vulnerabilities"""
+    progress(0.2, desc="Fetching file content...")
+    code, err = get_file_content(owner, repo, file_path)
+    if err:
+        return f"❌ Error: {err}"
+    if len(code) > 6000:
+        code = code[:6000] + "\n... [truncated]"
+    progress(0.5, desc="Analyzing with AI...")
+    groq_key = os.getenv("GROQ_API_KEY", "")
+    if not groq_key:
+        return "❌ Error: GROQ_API_KEY not configured"
+    client = Groq(api_key=groq_key)
+    prompt = f"""You are a cybersecurity expert. Analyze this code for security vulnerabilities.
+File: {file_path}
+Repository: {owner}/{repo}
+```
+{code}
+```
+Provide a detailed security analysis in this exact markdown format:
+# 🛡️ Security Analysis Report
+## 📁 File Overview
+- Repository: {owner}/{repo}
+- File: {file_path}
+- Language: [detected language]
+- Lines analyzed: [count]
+## 🚨 Vulnerabilities Found
+[For each vulnerability found:]
+### [Vulnerability Name] — [CRITICAL/HIGH/MEDIUM/LOW]
+- **Line**: [line number or range]
+- **Code**: `[vulnerable snippet]`
+- **Issue**: [clear explanation]
+- **CVE Reference**: [relevant CVE ID if applicable]
+## 🛠️ Remediation
+[Specific fix for each vulnerability with corrected code]
+## 📊 Risk Summary
+- Critical: [n] | High: [n] | Medium: [n] | Low: [n]
+- **Overall Risk**: [CRITICAL/HIGH/MEDIUM/LOW]
+"""
+    try:
+        response = client.chat.completions.create(
+            model="llama-3.3-70b-versatile",
+            messages=[{"role": "user", "content": prompt}],
+            temperature=0.1,
+            max_tokens=4096,
+        )
+        progress(1.0, desc="Complete!")
+        return response.choices[0].message.content
+    except Exception as e:
+        return f"❌ AI analysis failed: {str(e)}"
+def scan_repository(owner, repo, progress=gr.Progress()):
+    """Scan entire repository"""
+    progress(0.1, desc="Fetching repository files...")
+    files = get_repo_files(owner, repo)
+    if not files:
+        return "❌ No code files found or repository is private"
+    progress(0.2, desc=f"Found {len(files)} files to scan...")
+    all_vulnerabilities = []
+    scanned_count = 0
+    groq_key = os.getenv("GROQ_API_KEY", "")
+    if not groq_key:
+        return "❌ Error: GROQ_API_KEY not configured"
+    client = Groq(api_key=groq_key)
+    for i, file_path in enumerate(files[:15]):
+        progress((0.2 + (i / 15) * 0.7), desc=f"Scanning {i+1}/{min(len(files), 15)}: {file_path}")
+        code, err = get_file_content(owner, repo, file_path)
+        if err:
+            continue
+        if len(code) > 4000:
+            code = code[:4000] + "\n... [truncated]"
+        prompt = f"""Analyze this code file for security vulnerabilities. Be concise.
+File: {file_path}
+```
+{code}
+```
+List only CRITICAL and HIGH severity vulnerabilities found. Format:
+- **[Vulnerability]** in `{file_path}` line X: [brief issue]
+If no critical/high issues, respond: "No critical issues found."
+"""
+        try:
+            response = client.chat.completions.create(
+                model="llama-3.3-70b-versatile",
+                messages=[{"role": "user", "content": prompt}],
+                temperature=0.1,
+                max_tokens=800,
+            )
+            result = response.choices[0].message.content.strip()
+            if "no critical issues" not in result.lower():
+                all_vulnerabilities.append(f"### {file_path}\n{result}\n")
+            scanned_count += 1
+        except:
+            continue
+    progress(1.0, desc="Generating report...")
+    if not all_vulnerabilities:
+        report = f"""# 🛡️ Repository Security Scan Report
+## 📦 Repository Overview
+- Repository: {owner}/{repo}
+- Files Scanned: {scanned_count}
+- Status: ✅ No critical vulnerabilities detected
+## 📊 Summary
+All scanned files passed security checks. No CRITICAL or HIGH severity issues found.
+## 📈 Risk Summary
+- Critical: 0 | High: 0 | Medium: 0 | Low: 0
+- **Overall Risk**: LOW
+"""
+    else:
+        report = f"""# 🛡️ Repository Security Scan Report
+## 📦 Repository Overview
+- Repository: {owner}/{repo}
+- Files Scanned: {scanned_count}
+- Vulnerabilities Found: {len(all_vulnerabilities)} files with issues
+## 🚨 Vulnerabilities by File
+{''.join(all_vulnerabilities)}
+## 🛠️ Recommendations
+1. Review and fix all CRITICAL and HIGH severity issues immediately
+2. Implement input validation and sanitization
+3. Use parameterized queries for database operations
+4. Keep dependencies updated
+## 📊 Risk Summary
+- Critical: {sum(1 for v in all_vulnerabilities if 'CRITICAL' in v)} | High: {sum(1 for v in all_vulnerabilities if 'HIGH' in v)} | Medium: 0 | Low: 0
+- **Overall Risk**: {'CRITICAL' if any('CRITICAL' in v for v in all_vulnerabilities) else 'HIGH'}
+"""
+    return report
+def analyze_github_url(url, progress=gr.Progress()):
+    """Main analysis function"""
+    if not url or not url.strip():
+        return "❌ Please provide a GitHub URL"
+    owner, repo, file_path, is_repo = parse_github_url(url)
+    if not owner or not repo:
+        return "❌ Invalid GitHub URL. Use:\n- File: github.com/owner/repo/blob/branch/file.py\n- Repo: github.com/owner/repo"
+    if is_repo:
+        return scan_repository(owner, repo, progress)
+    else:
+        return scan_file(owner, repo, file_path, progress)
+# Gradio Interface
+CSS = """
+.gradio-container {
+    font-family: 'Inter', sans-serif;
+}
+.cyber-title {
+    text-align: center;
+    color: #00ff41;
+    font-size: 2em;
+    font-weight: bold;
+    margin-bottom: 10px;
+}
+"""
+with gr.Blocks(css=CSS, title="🛡️ Vulnerability Scanner") as demo:
+    gr.HTML("""
+    <div class="cyber-title">
+        🛡️ VULNERABILITY SCANNER
+    </div>
+    <p style="text-align:center;color:#888;">
+        AI-powered security analysis for GitHub repositories and files
+    </p>
+    """)
+    with gr.Row():
+        with gr.Column():
+            url_input = gr.Textbox(
+                label="GitHub URL",
+                placeholder="https://github.com/owner/repo/blob/main/file.py or https://github.com/owner/repo",
+                lines=2
+            )
+            with gr.Row():
+                scan_btn = gr.Button("🔍 Scan for Vulnerabilities", variant="primary")
+                clear_btn = gr.Button("🗑️ Clear")
+            gr.Examples(
+                examples=[
+                    ["https://github.com/ayushmittal62/vunreability_scanner_testing/blob/master/python/database.py"],
+                    ["https://github.com/ayushmittal62/vunreability_scanner_testing"],
+                ],
+                inputs=url_input,
+                label="📝 Example URLs"
+            )
+    with gr.Row():
+        output = gr.Markdown(label="Analysis Results")
+    scan_btn.click(
+        fn=analyze_github_url,
+        inputs=[url_input],
+        outputs=[output]
+    )
+    clear_btn.click(
+        fn=lambda: ("", ""),
+        outputs=[url_input, output]
+    )
+    gr.HTML("""
+    <div style="text-align:center;margin-top:20px;color:#666;font-size:0.9em;">
+        Built by <a href="https://github.com/AdityaDev-X" target="_blank">AdityaDev-X</a> |
+        Powered by Groq LLaMA 3.3 70B
+    </div>
+    """)
+if __name__ == "__main__":
+    demo.launch(server_name="0.0.0.0", server_port=7860)

requirements.txt CHANGED Viewed

@@ -1,7 +1,4 @@
-fastapi
-uvicorn
-pydantic
 requests
 python-dotenv
-markdownify
-groq

+gradio
+groq
 requests
 python-dotenv