Hugging Face's logo

Spaces:
amrita-cyber
/
Rule-d.ai
Sleeping

App Files Community
ramagururadhakrishnan commited on
Commit
aeb7378
Β·
verified Β·
1 Parent(s): e3031db

Updated

Browse files

- CVE Search
- Integrated CVE Search in Mythril

Files changed (1) hide show
  1. verifier.py +59 -12
verifier.py CHANGED
@@ -2,6 +2,36 @@ import subprocess
2
  import tempfile
3
  import json
4
  import os
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
5
 
6
  def analyze_contract(code: str, language: str, tool: str, run_formal: bool = False):
7
  """
@@ -75,25 +105,42 @@ def analyze_with_slither(filepath):
75
  def analyze_with_mythril(filepath):
76
  try:
77
  result = subprocess.run(
78
- ["myth", "analyze", filepath, "--solv", "0.8.0"],
79
  capture_output=True,
80
  text=True,
81
- timeout=30
82
  )
83
- raw_output = result.stdout or result.stderr
84
- if not raw_output:
85
- return ("No issues found.", "No issues were detected by Mythril.")
86
 
87
- issues = raw_output.splitlines()
88
- summary = "Vulnerabilities detected by Mythril:\n"
89
- for issue in issues:
90
- summary += f"- {issue}\n"
 
 
 
 
 
 
 
91
 
92
- cve_report = "\n[Detailed CVE-style Report]\n\n"
93
  for issue in issues:
94
- cve_report += f"{issue}\n CVE Reference: CVE-2021-XXXX (simulated)\n\n"
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
95
 
96
- return summary, cve_report
97
  except Exception as e:
98
  return ("Mythril analysis failed.", f"Error: {str(e)}")
99
 
 
2
  import tempfile
3
  import json
4
  import os
5
+ import requests
6
+
7
+ def search_cve_from_nvd(keyword: str) -> str:
8
+ """
9
+ Search for a CVE from NVD API using a keyword.
10
+ """
11
+ try:
12
+ url = "https://services.nvd.nist.gov/rest/json/cves/2.0"
13
+ params = {
14
+ "keywordSearch": keyword,
15
+ "resultsPerPage": 1
16
+ }
17
+ headers = {
18
+ "User-Agent": "SmartContractVerifier/1.0"
19
+ }
20
+ response = requests.get(url, params=params, headers=headers, timeout=10)
21
+ response.raise_for_status()
22
+
23
+ data = response.json()
24
+ items = data.get("vulnerabilities", [])
25
+
26
+ if not items:
27
+ return "No CVE found."
28
+
29
+ cve_id = items[0]["cve"]["id"]
30
+ cve_desc = items[0]["cve"]["descriptions"][0]["value"]
31
+ return f"{cve_id}: {cve_desc}"
32
+
33
+ except Exception as e:
34
+ return f"Error querying CVE DB: {str(e)}"
35
 
36
  def analyze_contract(code: str, language: str, tool: str, run_formal: bool = False):
37
  """
 
105
  def analyze_with_mythril(filepath):
106
  try:
107
  result = subprocess.run(
108
+ ["myth", "analyze", filepath, "--solv", "0.8.0", "--execution-timeout", "60", "--output", "json"],
109
  capture_output=True,
110
  text=True,
111
+ timeout=90
112
  )
 
 
 
113
 
114
+ if result.returncode != 0:
115
+ return ("Mythril analysis failed.", result.stderr)
116
+
117
+ data = json.loads(result.stdout)
118
+ issues = data.get("issues", [])
119
+
120
+ if not issues:
121
+ return ("No issues found.", "No vulnerabilities detected by Mythril.")
122
+
123
+ summary = "πŸ›‘οΈ Vulnerabilities detected by Mythril:\n"
124
+ cve_report = "\nπŸ“„ [Detailed CVE-style Report]\n\n"
125
 
 
126
  for issue in issues:
127
+ title = issue.get("title", "Unknown Issue")
128
+ description = issue.get("description", "")
129
+ function = issue.get("function", {}).get("name", "Unknown Function")
130
+
131
+ # Real-time CVE lookup
132
+ cve_info = search_cve_from_nvd(title)
133
+
134
+ summary += f"- {title} in {function}\n"
135
+ cve_report += (
136
+ f"πŸ”Έ Title: {title}\n"
137
+ f"πŸ“ Function: {function}\n"
138
+ f"πŸ“ Description: {description}\n"
139
+ f"πŸ”— CVE: {cve_info}\n\n"
140
+ )
141
+
142
+ return summary.strip(), cve_report.strip()
143
 
 
144
  except Exception as e:
145
  return ("Mythril analysis failed.", f"Error: {str(e)}")
146