Spaces:
Running
Running
frontend
Browse files- HFSpace/app.py +108 -0
- HFSpace/requirements.txt +11 -0
HFSpace/app.py
ADDED
|
@@ -0,0 +1,108 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
+
"""
|
| 2 |
+
Hugging Face Spaces entry point.
|
| 3 |
+
Deploy this file as app.py in your HF Space (SDK: gradio).
|
| 4 |
+
"""
|
| 5 |
+
import os
|
| 6 |
+
import json
|
| 7 |
+
import gradio as gr
|
| 8 |
+
from app.models.analyzer import analyze_contract
|
| 9 |
+
|
| 10 |
+
# ------------------------------------------------------------------ helpers --
|
| 11 |
+
|
| 12 |
+
def _fmt_vulns(vulns: list) -> str:
|
| 13 |
+
if not vulns:
|
| 14 |
+
return "✅ No vulnerabilities detected."
|
| 15 |
+
icons = {"HIGH": "🚨", "MEDIUM": "⚠️", "LOW": "ℹ️"}
|
| 16 |
+
lines = []
|
| 17 |
+
for v in vulns:
|
| 18 |
+
icon = icons.get(v["severity"], "•")
|
| 19 |
+
name = v["name"].replace("_", " ").title()
|
| 20 |
+
lines.append(f"{icon} **{name}** [{v['severity']}]")
|
| 21 |
+
lines.append(f" {v['description']}")
|
| 22 |
+
if v.get("line_numbers"):
|
| 23 |
+
lines.append(f" Lines: {', '.join(map(str, v['line_numbers'][:8]))}")
|
| 24 |
+
if v.get("recommendation"):
|
| 25 |
+
lines.append(f" 💡 {v['recommendation']}")
|
| 26 |
+
lines.append("")
|
| 27 |
+
return "\n".join(lines)
|
| 28 |
+
|
| 29 |
+
|
| 30 |
+
def audit(solidity_code: str):
|
| 31 |
+
if not solidity_code.strip():
|
| 32 |
+
return "⚠️ Please paste some Solidity code.", "{}", ""
|
| 33 |
+
|
| 34 |
+
result = analyze_contract(solidity_code)
|
| 35 |
+
|
| 36 |
+
# Summary block
|
| 37 |
+
risk_icons = {"CRITICAL": "🚨", "MEDIUM": "⚠️", "LOW": "ℹ️", "SAFE": "✅"}
|
| 38 |
+
icon = risk_icons.get(result["risk_level"], "•")
|
| 39 |
+
summary = (
|
| 40 |
+
f"## {icon} Risk Level: {result['risk_level']}\n\n"
|
| 41 |
+
f"- **Solidity Version:** {result['solidity_version']}\n"
|
| 42 |
+
f"- **Lines:** {result['total_lines']}\n"
|
| 43 |
+
f"- **Severity Score:** {result['severity_score']}\n"
|
| 44 |
+
f"- **Analysis type:** {result['analysis_type']}\n\n"
|
| 45 |
+
f"| HIGH | MEDIUM | LOW |\n|------|--------|-----|\n"
|
| 46 |
+
f"| {result['high_count']} | {result['medium_count']} | {result['low_count']} |"
|
| 47 |
+
)
|
| 48 |
+
|
| 49 |
+
vuln_text = _fmt_vulns(result["vulnerabilities"])
|
| 50 |
+
llm_text = result.get("llm_analysis") or "_LLM model not loaded – showing pattern analysis only._"
|
| 51 |
+
|
| 52 |
+
return summary, vuln_text, llm_text
|
| 53 |
+
|
| 54 |
+
|
| 55 |
+
# ------------------------------------------------------------------- UI ------
|
| 56 |
+
|
| 57 |
+
EXAMPLES = [
|
| 58 |
+
[
|
| 59 |
+
"""pragma solidity ^0.4.24;
|
| 60 |
+
contract VulnerableBank {
|
| 61 |
+
mapping(address => uint256) public balances;
|
| 62 |
+
function withdraw(uint256 _amount) public {
|
| 63 |
+
require(balances[msg.sender] >= _amount);
|
| 64 |
+
msg.sender.call.value(_amount)();
|
| 65 |
+
balances[msg.sender] -= _amount;
|
| 66 |
+
}
|
| 67 |
+
}"""
|
| 68 |
+
],
|
| 69 |
+
[
|
| 70 |
+
"""// SPDX-License-Identifier: MIT
|
| 71 |
+
pragma solidity ^0.8.0;
|
| 72 |
+
import "@openzeppelin/contracts/security/ReentrancyGuard.sol";
|
| 73 |
+
import "@openzeppelin/contracts/access/Ownable.sol";
|
| 74 |
+
contract SafeVault is ReentrancyGuard, Ownable {
|
| 75 |
+
mapping(address => uint256) private balances;
|
| 76 |
+
function withdraw(uint256 amount) external nonReentrant {
|
| 77 |
+
require(balances[msg.sender] >= amount);
|
| 78 |
+
balances[msg.sender] -= amount;
|
| 79 |
+
(bool ok,) = payable(msg.sender).call{value: amount}("");
|
| 80 |
+
require(ok);
|
| 81 |
+
}
|
| 82 |
+
}"""
|
| 83 |
+
],
|
| 84 |
+
]
|
| 85 |
+
|
| 86 |
+
with gr.Blocks(title="🛡️ Smart Contract Auditor", theme=gr.themes.Soft()) as demo:
|
| 87 |
+
gr.Markdown("# 🛡️ Smart Contract Security Auditor\nPaste Solidity code to detect security vulnerabilities using LLM + pattern analysis.")
|
| 88 |
+
|
| 89 |
+
with gr.Row():
|
| 90 |
+
with gr.Column():
|
| 91 |
+
code_input = gr.Code(label="Solidity Contract", language="javascript", lines=20)
|
| 92 |
+
analyze_btn = gr.Button("🔍 Analyze", variant="primary")
|
| 93 |
+
|
| 94 |
+
with gr.Column():
|
| 95 |
+
summary_out = gr.Markdown(label="Summary")
|
| 96 |
+
vuln_out = gr.Markdown(label="Vulnerabilities")
|
| 97 |
+
llm_out = gr.Markdown(label="LLM Analysis")
|
| 98 |
+
|
| 99 |
+
gr.Examples(examples=EXAMPLES, inputs=[code_input])
|
| 100 |
+
|
| 101 |
+
analyze_btn.click(
|
| 102 |
+
fn=audit,
|
| 103 |
+
inputs=[code_input],
|
| 104 |
+
outputs=[summary_out, vuln_out, llm_out],
|
| 105 |
+
)
|
| 106 |
+
|
| 107 |
+
if __name__ == "__main__":
|
| 108 |
+
demo.launch()
|
HFSpace/requirements.txt
ADDED
|
@@ -0,0 +1,11 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
+
gradio>=4.26.0
|
| 2 |
+
torch>=2.2.0
|
| 3 |
+
transformers>=4.40.0
|
| 4 |
+
peft>=0.10.0
|
| 5 |
+
accelerate>=0.30.0
|
| 6 |
+
huggingface-hub>=0.22.0
|
| 7 |
+
sentencepiece>=0.2.0
|
| 8 |
+
fastapi>=0.110.0
|
| 9 |
+
uvicorn
|
| 10 |
+
pydantic>=2.0
|
| 11 |
+
pydantic-settings>=2.0
|