hf_token taken as input now, cleaner ui

README.md

@@ -12,16 +12,88 @@ license: mit
 
 # 🛡️ AI-Powered GitHub Vulnerability Scanner
 
-An intelligent security analysis tool that scans GitHub repositories for vulnerabilities using AI agents and Model Context Protocol (MCP) integration. This tool provides comprehensive security assessments with detailed reports and remediation guidance.
+An advanced security analysis tool that leverages cutting-edge AI agents and Model Context Protocol (MCP) tools to perform comprehensive security analysis of GitHub repositories and individual files. This intelligent scanner provides detailed vulnerability assessments with actionable remediation guidance.
 
-## ✨ Features
+## ✨ Key Features
 
-- **🤖 AI-Powered Analysis**: Uses advanced AI agents to intelligently analyze code patterns
-- **🔍 Comprehensive Scanning**: Detects multiple vulnerability types across various programming languages
-- **📊 Detailed Reports**: Generates professional security reports with severity ratings
-- **🌐 Web Interface**: Easy-to-use Gradio interface for repository analysis
+- **🤖 AI-Powered Detection**: Uses advanced language models to understand code context and identify complex security issues
+- **� Dumal Analysis Mode**: Analyze entire repositories or focus on specific files
+- **� Deeap Code Analysis**: Scans for common security vulnerabilities including SQL injection, XSS, command injection, and more
+- **📊 Comprehensive Reports**: Generates detailed security reports with severity levels, line numbers, and remediation suggestions
+- **🌐 Modern Web Interface**: Enhanced Gradio interface with improved user experience
+- **🔑 Secure API Integration**: User-provided Hugging Face tokens for secure AI model access
 - **🔗 GitHub Integration**: Direct integration with GitHub repositories via MCP tools
 
-## ⚠️ Disclaimer
+## 🎯 Vulnerability Detection Capabilities
 
-This tool is for educational and security research purposes. Always ensure you have proper authorization before scanning repositories. The results should be used as a starting point for security analysis, not as a definitive security assessment.
+The scanner identifies various security vulnerabilities including:
+
+- **Command Injection** - OS command execution flaws (os.system, exec, eval)
+- **Input Validation Issues** - Unvalidated user inputs and missing parameter checks
+- **Error Handling Flaws** - Unhandled exceptions and information disclosure
+- **Hardcoded Secrets** - API keys, passwords, database credentials
+- **Unsafe Operations** - File operations and deserialization without validation
+- **SQL Injection** - Database query vulnerabilities
+- **Cross-Site Scripting (XSS)** - Web application security issues
+- **Path Traversal** - File system access vulnerabilities
+
+## 🚀 Getting Started
+
+### Prerequisites
+
+- Python 3.11+
+- Hugging Face API Token (free account required)
+
+### Usage
+
+1. **Get a Hugging Face API Key**:
+   - Visit [Hugging Face Settings](https://huggingface.co/settings/tokens)
+   - Create a free account if needed
+   - Generate a new API token
+
+2. **Configure the Scanner**:
+   - Enter your Hugging Face API key in the provided field
+   - The key is used securely and never stored
+
+3. **Start Analysis**:
+   - Paste a GitHub repository URL or specific file URL in the chat interface
+   - Wait for the AI agent to analyze and generate a security report
+
+
+## 🛠️ Technical Architecture
+
+- **Frontend**: Enhanced Gradio web interface with modern theming
+- **AI Engine**: Hugging Face Inference API with smolagents framework
+- **GitHub Integration**: Custom MCP server for GitHub API access
+- **URL Parsing**: Smart GitHub URL parser supporting both repositories and individual files
+- **Analysis Engine**: Context-aware vulnerability detection with line-by-line analysis
+- **Report Generation**: Structured security assessment with severity classification
+
+
+## 📋 Dependencies
+
+- `gradio[oauth,mcp]` - Web interface framework with MCP support
+- `smolagents` - AI agent framework for intelligent code analysis
+- `requests` - HTTP client library
+- `fastapi` & `uvicorn` - API framework and server
+- `mcp` - Model Context Protocol client
+- `pydantic` - Data validation
+
+## 🔒 Security & Privacy
+
+- **API Key Security**: Your Hugging Face tokens are used securely and never stored
+- **Public Repository Access**: Analyzes only publicly accessible GitHub repositories
+- **Responsible Use**: Designed for legitimate security research and vulnerability assessment
+- **No Data Storage**: Analysis results are not stored or logged
+
+## ⚠️ Important Disclaimer
+
+This tool is designed for legitimate security research and vulnerability assessment purposes only. 
+
+**Do NOT use this scanner for:**
+- Malicious activities
+- Unauthorized access attempts
+- Any illegal purposes
+- Scanning repositories without proper authorization
+
+Always ensure you have proper authorization before scanning repositories that don't belong to you. The results should be used as a starting point for security analysis, not as a definitive security assessment.

app.py

@@ -1,10 +1,5 @@
 import gradio as gr
-import os
 from smolagents import InferenceClientModel, CodeAgent, MCPClient
-from dotenv import load_dotenv
-
-# Load environment variables
-load_dotenv()
 
 # MCP Server URL for GitHub tools
 MCP_SERVER_URL = "https://himanshugoyal2004-github-mcp-server.hf.space/gradio_api/mcp/"
@@ -27,17 +22,24 @@ def parse_github_url(url):
     
     return None, None, None
 
-def analyze_vulnerabilities(message, history):
+
+def analyze_vulnerabilities(message, history, hf_token):
     """Analyze GitHub repository or specific file for vulnerabilities using AI agent"""
+    
+    # Validate HF token input
+    if not hf_token.strip():
+        return "❌ Please provide a Hugging Face API key. Get one from [Hugging Face](https://huggingface.co/settings/tokens)"
+    
     try:
+        # Connect to MCP server
         mcp_client = MCPClient({
             "url": MCP_SERVER_URL,
             "timeout": 120
         })
         tools = mcp_client.get_tools()
         
-        # Initialize AI model
-        model = InferenceClientModel(token=os.getenv("HF_TOKEN"))
+        # Initialize AI model with user's token
+        model = InferenceClientModel(token=hf_token.strip())
         
         # Create AI agent with GitHub MCP tools
         agent = CodeAgent(
@@ -55,7 +57,6 @@ def analyze_vulnerabilities(message, history):
         
         # Generate different prompts based on whether it's a file or repository
         if file_path:
-            # Single file analysis
             enhanced_prompt = f"""
 You are a cybersecurity expert. Analyze the specific GitHub file for security vulnerabilities.
 
@@ -82,7 +83,6 @@ Please:
 Use simple string operations and avoid complex regex patterns. Focus on clear, actionable security findings.
 """
         else:
-            # Full repository analysis
             enhanced_prompt = f"""
 You are a cybersecurity expert. Analyze the GitHub repository for security vulnerabilities.
 
@@ -117,18 +117,58 @@ Use simple string operations and focus on the most critical security issues. Lim
         return str(result)
         
     except Exception as e:
-        return f"❌ Error analyzing repository: {str(e)}\n\nPlease ensure:\n• Valid GitHub repository URL\n• HF_TOKEN environment variable is set\n• Repository is accessible"
-
-# Create Gradio interface
-demo = gr.ChatInterface(
-    fn=analyze_vulnerabilities,
-    type="messages",
-    examples=[
-        "https://github.com/banno-0720/documentation-agent/blob/main/code.py"       
-    ],
-    title="🛡️ AI-Powered GitHub Vulnerability Scanner",
-    description="Paste a GitHub repository URL to scan the entire repo, or paste a specific file URL to analyze just that file for security vulnerabilities using AI agents with MCP tools. The AI will intelligently analyze code and provide detailed security reports.",
-)
+        return f"❌ Error analyzing repository: {str(e)}\n\nPlease ensure:\n• Valid GitHub repository URL\n• Hugging Face token is correct\n• Repository is accessible"
+
+
+# Gradio UI
+with gr.Blocks(theme=gr.themes.Soft(primary_hue="blue")) as demo:
+    gr.Markdown("## 🛡️ AI-Powered GitHub Vulnerability Scanner")
+    gr.Markdown("""
+    **Advanced Security Analysis Tool for GitHub Repositories**
+    
+    This intelligent vulnerability scanner leverages cutting-edge AI agents and Model Context Protocol (MCP) tools to perform comprehensive security analysis of GitHub repositories and individual files. 
+    
+    **Key Features:**
+    -  **Deep Code Analysis**: Scans for common security vulnerabilities including SQL injection, XSS, command injection, and more
+    -  **AI-Powered Detection**: Uses advanced language models to understand code context and identify complex security issues
+    -  **Repository & File Support**: Analyze entire repositories or focus on specific files
+    -  **Detailed Reports**: Get comprehensive security reports with severity levels, line numbers, and remediation suggestions
+    -  **Secure Processing**: Your API keys are used securely and never stored
+    
+    **Project Links:**
+    - 📂 **Source Code**: [GitHub Repository](https://github.com/banno-0720/vulnerability-scanner)
+    - 🔧 **MCP Server**: [Hugging Face Space](https://huggingface.co/spaces/HimanshuGoyal2004/github-mcp-server)
+    
+    ⚠️ **Important Notice**: This tool is designed for legitimate security research and vulnerability assessment purposes only. Do not use this scanner for malicious activities, unauthorized access, or any illegal purposes. Always ensure you have proper authorization before scanning repositories that don't belong to you.
+    """)
+    gr.Markdown("---")
+
+    # API Configuration Section
+    with gr.Row():
+        with gr.Column(scale=1):
+            gr.Markdown("### 🔑 API Configuration")
+            hf_token_box = gr.Textbox(
+                label="🤗 Hugging Face API Key",
+                placeholder="Enter your Hugging Face API key for AI model access",
+                type="password",
+                info="🔗 Get your free key: https://huggingface.co/settings/tokens"
+            )
+
+    gr.Markdown("---")
+    gr.Markdown("### 💬 Security Analysis Chat")
+    gr.Markdown("Paste any GitHub repository or file URL below to start the security analysis.")
+
+    # Chatbot Interface
+    chatbot = gr.ChatInterface(
+        fn=lambda msg, hist, hf_token: analyze_vulnerabilities(msg, hist, hf_token),
+        additional_inputs=[hf_token_box],
+        type="messages",
+        examples=[
+            ["https://github.com/ayushmittal62/vunreability_scanner_testing", ""],
+            ["https://github.com/ayushmittal62/vunreability_scanner_testing/blob/master/database/schema.sql", ""], 
+            ["https://github.com/ayushmittal62/vunreability_scanner_testing/blob/master/python/database.py", ""]
+        ],
+    )
 
 if __name__ == "__main__":
     demo.launch()