import gradio as gr
import requests

def analyze_csp(url):
    if not url.startswith("http"):
        url = "http://" + url

    try:
        response = requests.get(url, timeout=5)
        csp = response.headers.get("Content-Security-Policy")

        if not csp:
            return "❌ No `Content-Security-Policy` header found.\n\nℹ️ Consider adding a CSP header to help prevent XSS and other code injection attacks."

        output = f"✅ `Content-Security-Policy` Found:\n\n```\n{csp}\n```\n"

        # Basic checks for insecure patterns
        insecure_patterns = ["unsafe-inline", "unsafe-eval", "*", "data:", "blob:"]
        warnings = []

        for pattern in insecure_patterns:
            if pattern in csp:
                warnings.append(f"⚠️ Contains insecure directive: `{pattern}`")

        if warnings:
            output += "\n🔎 Warnings:\n" + "\n".join(warnings)
        else:
            output += "\n✅ No obviously insecure directives detected."

        # Tip for developers
        output += "\n\n💡 Tip: Use a strict CSP and avoid wildcards or unsafe directives whenever possible.\nYou can test CSP at [https://csp-evaluator.withgoogle.com](https://csp-evaluator.withgoogle.com)"

        return output

    except requests.exceptions.RequestException as e:
        return f"❌ Error: {str(e)}"

iface = gr.Interface(
    fn=analyze_csp,
    inputs=gr.Textbox(label="Enter Website URL", placeholder="e.g. https://example.com"),
    outputs=gr.Markdown(label="CSP Analysis"),
    title="🔐 Content Security Policy (CSP) Analyzer",
    description="Checks if a site uses a CSP header and analyzes its security. Highlights common issues like use of wildcards or unsafe directives."
)

if __name__ == "__main__":
    iface.launch()