File-only scan: remove repo scan, remove TRY buttons

Dockerfile

@@ -1,12 +1,13 @@
-FROM python:3.11-slim
+FROM python:3.11-slim
 
 WORKDIR /app
 
 COPY requirements.txt .
 RUN pip install --no-cache-dir -r requirements.txt
 
-COPY api.py .
+COPY app.py .
+COPY static/ ./static/
 
 EXPOSE 7860
 
-CMD ["uvicorn", "api:app", "--host", "0.0.0.0", "--port", "7860", "--log-level", "info"]
+CMD ["uvicorn", "app:app", "--host", "0.0.0.0", "--port", "7860"]

api.py

@@ -1,296 +0,0 @@
-from fastapi import FastAPI
-from fastapi.middleware.cors import CORSMiddleware
-from pydantic import BaseModel
-import re, os, requests, asyncio, concurrent.futures
-from datetime import datetime
-from dotenv import load_dotenv
-from groq import Groq
-import logging
-
-# Configure logging
-logging.basicConfig(
-    level=logging.INFO,
-    format='%(asctime)s - %(levelname)s - %(message)s'
-)
-logger = logging.getLogger(__name__)
-
-load_dotenv()
-
-app = FastAPI()
-
-@app.on_event("startup")
-async def startup_event():
-    logger.info("===== Application Startup =====")
-    logger.info(f"GROQ_API_KEY set: {bool(os.getenv('GROQ_API_KEY'))}")
-    logger.info(f"GITHUB_TOKEN set: {bool(os.getenv('GITHUB_TOKEN'))}")
-    logger.info("API is ready to accept requests")
-    print(f"===== Application Startup at {datetime.now().strftime('%Y-%m-%d %H:%M:%S')} =====")
-
-app.add_middleware(
-    CORSMiddleware,
-    allow_origins=["*"],
-    allow_credentials=True,
-    allow_methods=["*"],
-    allow_headers=["*"],
-)
-
-def parse_github_url(url):
-    url = url.strip().rstrip('/')
-    # File URL: https://github.com/owner/repo/blob/branch/path
-    m = re.match(r"https://github\.com/([^/]+)/([^/]+)/blob/[^/]+/(.+)", url)
-    if m:
-        return m.group(1), m.group(2), m.group(3), False
-    # Repo URL: https://github.com/owner/repo
-    m = re.match(r"https://github\.com/([^/]+)/([^/]+)/?$", url)
-    if m:
-        return m.group(1), m.group(2), None, True
-    return None, None, None, False
-
-def get_file_content(owner, repo, path):
-    token = os.getenv("GITHUB_TOKEN", "")
-    headers = {"Authorization": f"token {token}"} if (token and token != "your_github_personal_access_token_here") else {}
-    url = f"https://api.github.com/repos/{owner}/{repo}/contents/{path}"
-    r = requests.get(url, headers=headers, timeout=15)
-    if r.status_code != 200:
-        return None, f"GitHub API error: {r.status_code}"
-    import base64
-    data = r.json()
-    content = base64.b64decode(data["content"]).decode("utf-8", errors="replace")
-    return content, None
-
-def get_repo_files(owner, repo, path="", max_files=20):
-    """Recursively get code files from repo"""
-    token = os.getenv("GITHUB_TOKEN", "")
-    headers = {"Authorization": f"token {token}"} if (token and token != "your_github_personal_access_token_here") else {}
-    url = f"https://api.github.com/repos/{owner}/{repo}/contents/{path}"
-    
-    try:
-        r = requests.get(url, headers=headers, timeout=15)
-        if r.status_code != 200:
-            return []
-        
-        items = r.json()
-        files = []
-        
-        for item in items:
-            if len(files) >= max_files:
-                break
-                
-            if item['type'] == 'file':
-                # Only scan code files
-                ext = item['name'].split('.')[-1].lower()
-                if ext in ['py', 'js', 'jsx', 'ts', 'tsx', 'java', 'cpp', 'c', 'php', 'rb', 'go', 'rs', 'sql', 'sh']:
-                    files.append(item['path'])
-            elif item['type'] == 'dir' and item['name'] not in ['.git', 'node_modules', '__pycache__', 'dist', 'build']:
-                # Recursively scan directories
-                files.extend(get_repo_files(owner, repo, item['path'], max_files - len(files)))
-        
-        return files
-    except:
-        return []
-
-def run_repo_scan(owner, repo):
-    """Scan entire repository"""
-    logger.info(f"Starting repo scan for {owner}/{repo}")
-    
-    # Get list of code files
-    files = get_repo_files(owner, repo)
-    if not files:
-        return {"error": "No code files found or repo is private"}
-    
-    logger.info(f"Found {len(files)} files to scan")
-    
-    # Scan each file and collect results
-    all_vulnerabilities = []
-    scanned_count = 0
-    
-    for file_path in files[:15]:  # Limit to 15 files to avoid timeout
-        logger.info(f"Scanning file {scanned_count + 1}/{len(files[:15])}: {file_path}")
-        code, err = get_file_content(owner, repo, file_path)
-        
-        if err:
-            continue
-        
-        # Truncate large files
-        if len(code) > 4000:
-            code = code[:4000] + "\n... [truncated]"
-        
-        # Quick scan for this file
-        client = Groq(api_key=os.getenv("GROQ_API_KEY", ""))
-        
-        prompt = f"""Analyze this code file for security vulnerabilities. Be concise.
-
-File: {file_path}
-
-```
-{code}
-```
-
-List only CRITICAL and HIGH severity vulnerabilities found. Format:
-- **[Vulnerability]** in `{file_path}` line X: [brief issue]
-
-If no critical/high issues, respond: "No critical issues found."
-"""
-        
-        try:
-            response = client.chat.completions.create(
-                model="llama-3.3-70b-versatile",
-                messages=[{"role": "user", "content": prompt}],
-                temperature=0.1,
-                max_tokens=800,
-            )
-            result = response.choices[0].message.content.strip()
-            if "no critical issues" not in result.lower():
-                all_vulnerabilities.append(f"### {file_path}\n{result}\n")
-            scanned_count += 1
-        except Exception as e:
-            logger.error(f"Error scanning {file_path}: {str(e)}")
-            continue
-    
-    # Generate final report
-    if not all_vulnerabilities:
-        report = f"""# Repository Security Scan Report
-
-## Repository Overview
-- Repository: {owner}/{repo}
-- Files Scanned: {scanned_count}
-- Status: ✅ No critical vulnerabilities detected
-
-## Summary
-All scanned files passed security checks. No CRITICAL or HIGH severity issues found.
-
-## Risk Summary
-- Critical: 0 | High: 0 | Medium: 0 | Low: 0
-- **Overall Risk**: LOW
-"""
-    else:
-        report = f"""# Repository Security Scan Report
-
-## Repository Overview
-- Repository: {owner}/{repo}
-- Files Scanned: {scanned_count}
-- Vulnerabilities Found: {len(all_vulnerabilities)} files with issues
-
-## Vulnerabilities by File
-
-{''.join(all_vulnerabilities)}
-
-## Recommendations
-1. Review and fix all CRITICAL and HIGH severity issues immediately
-2. Implement input validation and sanitization
-3. Use parameterized queries for database operations
-4. Keep dependencies updated
-
-## Risk Summary
-- Critical: {sum(1 for v in all_vulnerabilities if 'CRITICAL' in v)} | High: {sum(1 for v in all_vulnerabilities if 'HIGH' in v)} | Medium: 0 | Low: 0
-- **Overall Risk**: {'CRITICAL' if any('CRITICAL' in v for v in all_vulnerabilities) else 'HIGH'}
-"""
-    
-    logger.info(f"Repo scan completed: {scanned_count} files scanned")
-    return {"result": report}
-
-def run_scan(owner, repo, file_path):
-    """Scan single file"""
-    code, err = get_file_content(owner, repo, file_path)
-    if err:
-        return {"error": err}
-
-    # Truncate large files
-    if len(code) > 6000:
-        code = code[:6000] + "\n... [truncated]"
-
-    client = Groq(api_key=os.getenv("GROQ_API_KEY", ""))
-    
-    prompt = f"""You are a cybersecurity expert. Analyze this code for security vulnerabilities.
-
-File: {file_path}
-Repository: {owner}/{repo}
-
-```
-{code}
-```
-
-Provide a detailed security analysis in this exact markdown format:
-
-# Security Analysis Report
-
-## File Overview
-- Repository: {owner}/{repo}
-- File: {file_path}
-- Language: [detected language]
-- Lines analyzed: [count]
-
-## Vulnerabilities Found
-
-[For each vulnerability found:]
-### [Vulnerability Name] — [CRITICAL/HIGH/MEDIUM/LOW]
-- **Line**: [line number or range]
-- **Code**: `[vulnerable snippet]`
-- **Issue**: [clear explanation]
-- **CVE Reference**: [relevant CVE ID if applicable]
-
-## Remediation
-[Specific fix for each vulnerability with corrected code]
-
-## Risk Summary
-- Critical: [n] | High: [n] | Medium: [n] | Low: [n]
-- **Overall Risk**: [CRITICAL/HIGH/MEDIUM/LOW]
-"""
-
-    try:
-        response = client.chat.completions.create(
-            model="llama-3.3-70b-versatile",
-            messages=[{"role": "user", "content": prompt}],
-            temperature=0.1,
-            max_tokens=4096,
-        )
-        result = response.choices[0].message.content
-        return {"result": result}
-    except Exception as e:
-        return {"error": f"AI analysis failed: {str(e)}"}
-
-
-class ScanRequest(BaseModel):
-    url: str
-
-
-@app.post("/api/scan")
-async def scan(req: ScanRequest):
-    logger.info(f"Received scan request for URL: {req.url}")
-    owner, repo, file_path, is_repo = parse_github_url(req.url)
-    
-    if not owner or not repo:
-        logger.warning(f"Invalid URL format: {req.url}")
-        return {"error": "Invalid GitHub URL. Use github.com/owner/repo or .../blob/branch/file"}
-    
-    if is_repo:
-        # Full repository scan
-        logger.info(f"Starting repository scan: {owner}/{repo}")
-        loop = asyncio.get_running_loop()
-        with concurrent.futures.ThreadPoolExecutor() as pool:
-            result = await loop.run_in_executor(pool, run_repo_scan, owner, repo)
-    else:
-        # Single file scan
-        logger.info(f"Scanning file: {owner}/{repo}/{file_path}")
-        loop = asyncio.get_running_loop()
-        with concurrent.futures.ThreadPoolExecutor() as pool:
-            result = await loop.run_in_executor(pool, run_scan, owner, repo, file_path)
-    
-    if "error" in result:
-        logger.error(f"Scan failed: {result['error']}")
-    else:
-        logger.info("Scan completed successfully")
-    
-    return result
-
-
-@app.get("/api/health")
-def health():
-    logger.info("Health check requested")
-    return {"status": "ok", "groq_key_set": bool(os.getenv("GROQ_API_KEY"))}
-
-
-@app.get("/")
-def root():
-    logger.info("Root endpoint accessed")
-    return {"status": "Vulnerability Scanner API running"}

app.py

@@ -1,87 +1,48 @@
-import gradio as gr
-import re
-import os
-import requests
-import base64
+from fastapi import FastAPI
+from fastapi.middleware.cors import CORSMiddleware
+from fastapi.staticfiles import StaticFiles
+from fastapi.responses import FileResponse
+from pydantic import BaseModel
+import re, os, requests, base64
 from groq import Groq
 
+app = FastAPI()
+
+app.add_middleware(
+    CORSMiddleware,
+    allow_origins=["*"],
+    allow_methods=["*"],
+    allow_headers=["*"],
+)
+
+# ── helpers ──────────────────────────────────────────────────────────────────
+
 def parse_github_url(url):
-    """Parse GitHub URL to extract owner, repo, and file path"""
     url = url.strip().rstrip('/')
-    # File URL
     m = re.match(r"https://github\.com/([^/]+)/([^/]+)/blob/[^/]+/(.+)", url)
     if m:
-        return m.group(1), m.group(2), m.group(3), False
-    # Repo URL
-    m = re.match(r"https://github\.com/([^/]+)/([^/]+)/?$", url)
-    if m:
-        return m.group(1), m.group(2), None, True
-    return None, None, None, False
+        return m.group(1), m.group(2), m.group(3)
+    return None, None, None
 
 def get_file_content(owner, repo, path):
-    """Fetch file content from GitHub"""
     token = os.getenv("GITHUB_TOKEN", "")
     headers = {"Authorization": f"token {token}"} if token else {}
-    url = f"https://api.github.com/repos/{owner}/{repo}/contents/{path}"
-    
-    try:
-        r = requests.get(url, headers=headers, timeout=15)
-        if r.status_code != 200:
-            return None, f"GitHub API error: {r.status_code}"
-        
-        data = r.json()
-        content = base64.b64decode(data["content"]).decode("utf-8", errors="replace")
-        return content, None
-    except Exception as e:
-        return None, f"Error fetching file: {str(e)}"
+    r = requests.get(f"https://api.github.com/repos/{owner}/{repo}/contents/{path}", headers=headers, timeout=15)
+    if r.status_code != 200:
+        return None, f"GitHub API error: {r.status_code}"
+    return base64.b64decode(r.json()["content"]).decode("utf-8", errors="replace"), None
 
-def get_repo_files(owner, repo, path="", max_files=15):
-    """Get list of code files from repository"""
-    token = os.getenv("GITHUB_TOKEN", "")
-    headers = {"Authorization": f"token {token}"} if token else {}
-    url = f"https://api.github.com/repos/{owner}/{repo}/contents/{path}"
-    
-    try:
-        r = requests.get(url, headers=headers, timeout=15)
-        if r.status_code != 200:
-            return []
-        
-        items = r.json()
-        files = []
-        
-        for item in items:
-            if len(files) >= max_files:
-                break
-            
-            if item['type'] == 'file':
-                ext = item['name'].split('.')[-1].lower()
-                if ext in ['py', 'js', 'jsx', 'ts', 'tsx', 'java', 'cpp', 'c', 'php', 'rb', 'go', 'rs', 'sql', 'sh']:
-                    files.append(item['path'])
-            elif item['type'] == 'dir' and item['name'] not in ['.git', 'node_modules', '__pycache__', 'dist', 'build']:
-                files.extend(get_repo_files(owner, repo, item['path'], max_files - len(files)))
-        
-        return files
-    except:
-        return []
 
-def scan_file(owner, repo, file_path, progress=gr.Progress()):
-    """Scan a single file for vulnerabilities"""
-    progress(0.2, desc="Fetching file content...")
+def scan_file(owner, repo, file_path):
     code, err = get_file_content(owner, repo, file_path)
     if err:
-        return f"❌ Error: {err}"
-    
+        return {"error": err}
     if len(code) > 6000:
         code = code[:6000] + "\n... [truncated]"
-    
-    progress(0.5, desc="Analyzing with AI...")
-    
     groq_key = os.getenv("GROQ_API_KEY", "")
     if not groq_key:
-        return "❌ Error: GROQ_API_KEY not configured"
-    
+        return {"error": "GROQ_API_KEY not configured"}
     client = Groq(api_key=groq_key)
-    
     prompt = f"""You are a cybersecurity expert. Analyze this code for security vulnerabilities.
 
 File: {file_path}
@@ -93,31 +54,29 @@ Repository: {owner}/{repo}
 
 Provide a detailed security analysis in this exact markdown format:
 
-# 🛡️ Security Analysis Report
+# Security Analysis Report
 
-## 📁 File Overview
+## File Overview
 - Repository: {owner}/{repo}
 - File: {file_path}
 - Language: [detected language]
 - Lines analyzed: [count]
 
-## 🚨 Vulnerabilities Found
+## Vulnerabilities Found
 
-[For each vulnerability found:]
 ### [Vulnerability Name] — [CRITICAL/HIGH/MEDIUM/LOW]
-- **Line**: [line number or range]
-- **Code**: `[vulnerable snippet]`
-- **Issue**: [clear explanation]
-- **CVE Reference**: [relevant CVE ID if applicable]
+- **Line**: [line number]
+- **Code**: `[snippet]`
+- **Issue**: [explanation]
+- **CVE Reference**: [CVE ID if applicable]
 
-## 🛠️ Remediation
-[Specific fix for each vulnerability with corrected code]
+## Remediation
+[Specific fixes with corrected code]
 
-## 📊 Risk Summary
+## Risk Summary
 - Critical: [n] | High: [n] | Medium: [n] | Low: [n]
 - **Overall Risk**: [CRITICAL/HIGH/MEDIUM/LOW]
 """
-    
     try:
         response = client.chat.completions.create(
             model="llama-3.3-70b-versatile",
@@ -125,190 +84,36 @@ Provide a detailed security analysis in this exact markdown format:
             temperature=0.1,
             max_tokens=4096,
         )
-        progress(1.0, desc="Complete!")
-        return response.choices[0].message.content
+        return {"result": response.choices[0].message.content}
     except Exception as e:
-        return f"❌ AI analysis failed: {str(e)}"
-
-def scan_repository(owner, repo, progress=gr.Progress()):
-    """Scan entire repository"""
-    progress(0.1, desc="Fetching repository files...")
-    files = get_repo_files(owner, repo)
-    
-    if not files:
-        return "❌ No code files found or repository is private"
-    
-    progress(0.2, desc=f"Found {len(files)} files to scan...")
-    
-    all_vulnerabilities = []
-    scanned_count = 0
-    
-    groq_key = os.getenv("GROQ_API_KEY", "")
-    if not groq_key:
-        return "❌ Error: GROQ_API_KEY not configured"
-    
-    client = Groq(api_key=groq_key)
-    
-    for i, file_path in enumerate(files[:15]):
-        progress((0.2 + (i / 15) * 0.7), desc=f"Scanning {i+1}/{min(len(files), 15)}: {file_path}")
-        
-        code, err = get_file_content(owner, repo, file_path)
-        if err:
-            continue
-        
-        if len(code) > 4000:
-            code = code[:4000] + "\n... [truncated]"
-        
-        prompt = f"""Analyze this code file for security vulnerabilities. Be concise.
-
-File: {file_path}
+        return {"error": f"AI analysis failed: {str(e)}"}
 
-```
-{code}
-```
-
-List only CRITICAL and HIGH severity vulnerabilities found. Format:
-- **[Vulnerability]** in `{file_path}` line X: [brief issue]
 
-If no critical/high issues, respond: "No critical issues found."
-"""
-        
-        try:
-            response = client.chat.completions.create(
-                model="llama-3.3-70b-versatile",
-                messages=[{"role": "user", "content": prompt}],
-                temperature=0.1,
-                max_tokens=800,
-            )
-            result = response.choices[0].message.content.strip()
-            if "no critical issues" not in result.lower():
-                all_vulnerabilities.append(f"### {file_path}\n{result}\n")
-            scanned_count += 1
-        except:
-            continue
-    
-    progress(1.0, desc="Generating report...")
-    
-    if not all_vulnerabilities:
-        report = f"""# 🛡️ Repository Security Scan Report
+# ── API routes ────────────────────────────────────────────────────────────────
 
-## 📦 Repository Overview
-- Repository: {owner}/{repo}
-- Files Scanned: {scanned_count}
-- Status: ✅ No critical vulnerabilities detected
+class ScanRequest(BaseModel):
+    url: str
 
-## 📊 Summary
-All scanned files passed security checks. No CRITICAL or HIGH severity issues found.
+@app.get("/api/health")
+def health():
+    return {"status": "ok", "groq_key_set": bool(os.getenv("GROQ_API_KEY"))}
 
-## 📈 Risk Summary
-- Critical: 0 | High: 0 | Medium: 0 | Low: 0
-- **Overall Risk**: LOW
-"""
-    else:
-        report = f"""# 🛡️ Repository Security Scan Report
+@app.post("/api/scan")
+def scan(req: ScanRequest):
+    owner, repo, file_path = parse_github_url(req.url)
+    if not owner or not repo or not file_path:
+        return {"error": "Invalid GitHub file URL. Use format: github.com/owner/repo/blob/branch/file"}
+    return scan_file(owner, repo, file_path)
 
-## 📦 Repository Overview
-- Repository: {owner}/{repo}
-- Files Scanned: {scanned_count}
-- Vulnerabilities Found: {len(all_vulnerabilities)} files with issues
+# ── Serve React frontend ──────────────────────────────────────────────────────
 
-## 🚨 Vulnerabilities by File
-
-{''.join(all_vulnerabilities)}
-
-## 🛠️ Recommendations
-1. Review and fix all CRITICAL and HIGH severity issues immediately
-2. Implement input validation and sanitization
-3. Use parameterized queries for database operations
-4. Keep dependencies updated
-
-## 📊 Risk Summary
-- Critical: {sum(1 for v in all_vulnerabilities if 'CRITICAL' in v)} | High: {sum(1 for v in all_vulnerabilities if 'HIGH' in v)} | Medium: 0 | Low: 0
-- **Overall Risk**: {'CRITICAL' if any('CRITICAL' in v for v in all_vulnerabilities) else 'HIGH'}
-"""
-    
-    return report
-
-def analyze_github_url(url, progress=gr.Progress()):
-    """Main analysis function"""
-    if not url or not url.strip():
-        return "❌ Please provide a GitHub URL"
-    
-    owner, repo, file_path, is_repo = parse_github_url(url)
-    
-    if not owner or not repo:
-        return "❌ Invalid GitHub URL. Use:\n- File: github.com/owner/repo/blob/branch/file.py\n- Repo: github.com/owner/repo"
-    
-    if is_repo:
-        return scan_repository(owner, repo, progress)
-    else:
-        return scan_file(owner, repo, file_path, progress)
-
-# Gradio Interface
-CSS = """
-.gradio-container {
-    font-family: 'Inter', sans-serif;
-}
-.cyber-title {
-    text-align: center;
-    color: #00ff41;
-    font-size: 2em;
-    font-weight: bold;
-    margin-bottom: 10px;
-}
-"""
+if os.path.exists("static"):
+    app.mount("/assets", StaticFiles(directory="static/assets"), name="assets")
 
-with gr.Blocks(css=CSS, title="🛡️ Vulnerability Scanner") as demo:
-    gr.HTML("""
-    <div class="cyber-title">
-        🛡️ VULNERABILITY SCANNER
-    </div>
-    <p style="text-align:center;color:#888;">
-        AI-powered security analysis for GitHub repositories and files
-    </p>
-    """)
-    
-    with gr.Row():
-        with gr.Column():
-            url_input = gr.Textbox(
-                label="GitHub URL",
-                placeholder="https://github.com/owner/repo/blob/main/file.py or https://github.com/owner/repo",
-                lines=2
-            )
-            
-            with gr.Row():
-                scan_btn = gr.Button("🔍 Scan for Vulnerabilities", variant="primary")
-                clear_btn = gr.Button("🗑️ Clear")
-            
-            gr.Examples(
-                examples=[
-                    ["https://github.com/ayushmittal62/vunreability_scanner_testing/blob/master/python/database.py"],
-                    ["https://github.com/ayushmittal62/vunreability_scanner_testing"],
-                ],
-                inputs=url_input,
-                label="📝 Example URLs"
-            )
-    
-    with gr.Row():
-        output = gr.Markdown(label="Analysis Results")
-    
-    scan_btn.click(
-        fn=analyze_github_url,
-        inputs=[url_input],
-        outputs=[output]
-    )
-    
-    clear_btn.click(
-        fn=lambda: ("", ""),
-        outputs=[url_input, output]
-    )
-    
-    gr.HTML("""
-    <div style="text-align:center;margin-top:20px;color:#666;font-size:0.9em;">
-        Built by <a href="https://github.com/AdityaDev-X" target="_blank">AdityaDev-X</a> | 
-        Powered by Groq LLaMA 3.3 70B
-    </div>
-    """)
+    @app.get("/")
+    def serve_root():
+        return FileResponse("static/index.html")
 
-if __name__ == "__main__":
-    demo.launch(server_name="0.0.0.0", server_port=7860)
+    @app.get("/{full_path:path}")
+    def serve_spa(full_path: str):
+        return FileResponse("static/index.html")

requirements.txt

@@ -1,4 +1,6 @@
-gradio
+fastapi
+uvicorn
+pydantic
 groq
 requests
 python-dotenv