Hugging Face's logo

Spaces:
jugalgajjar
/
Code-Vulnerability-Fixer
Sleeping

App Files Community
jugalgajjar commited on
Commit
1fff7d6
·
verified ·
1 Parent(s): 59e860a

update app.py

Browse files
Files changed (1) hide show
  1. app.py +62 -61
app.py CHANGED
@@ -1,3 +1,4 @@
 
1
  import gradio as gr
2
  import torch
3
  from transformers import AutoModelForCausalLM, AutoTokenizer
@@ -61,97 +62,97 @@ def fix_code(language, vulnerable_code):
61
  else:
62
  return result.strip()
63
 
64
- # UI Layout
65
- with gr.Blocks(title="PyJavaCPP Vuln-Fixer", theme=gr.themes.Base()) as demo:
66
- gr.Markdown("# 🛡️ PyJavaCPP Vulnerability Fixer (CPU)")
67
- gr.Markdown("Select your language, paste your code, and get a secured version of your code!")
68
-
69
- with gr.Row():
70
- with gr.Column():
71
- lang_input = gr.Dropdown(
72
- choices=["python", "java", "cpp"],
73
- value="python",
74
- label="Target Language"
75
- )
76
- code_input = gr.Code(
77
- label="Vulnerable Code",
78
- language="python",
79
- lines=12
80
- )
81
- submit_btn = gr.Button("Secure My Code ✨", variant="primary")
82
-
83
- with gr.Column():
84
- code_output = gr.Code(
85
- label="Fixed Code",
86
- language="python",
87
- lines=12,
88
- interactive=False
89
- )
90
-
91
- # Example Snippets for quick testing
92
- gr.Examples(
93
- examples=[
94
- ["python", r"""import os
95
  from flask import Flask, request
96
-
97
  app = Flask(__name__)
98
-
99
  @app.route("/run")
100
  def run():
101
  cmd = request.args.get("cmd")
102
- # Vulnerable: Command Injection
103
-
104
  return os.popen(cmd).read()
105
-
106
  if __name__ == "__main__":
107
- app.run(debug=False)"""],
108
-
109
- ["java", r"""import java.sql.*;
 
 
 
110
  import javax.servlet.http.*;
111
-
112
  public class UserServlet extends HttpServlet {
113
  public void doGet(HttpServletRequest req, HttpServletResponse res) {
114
  try {
115
  String id = req.getParameter("id");
116
  Connection conn = DriverManager.getConnection("jdbc:mysql://localhost/db", "user", "pass");
117
  Statement stmt = conn.createStatement();
118
- // Vulnerable: SQL Injection
119
  ResultSet rs = stmt.executeQuery("SELECT * FROM users WHERE id='" + id + "'");
120
  } catch (Exception e) {
121
  e.printStackTrace();
122
  }
123
  }
124
-
125
- public static void main(String[] args) {
126
- System.out.println("Servlet loaded.");
127
- }
128
- }"""],
129
-
130
- ["cpp", r"""#include <iostream>
131
  #include <cstring>
132
-
133
  void login(char *input) {
134
  char password[8];
135
- // Vulnerable: Buffer Overflow
136
  strcpy(password, input);
137
  }
138
-
139
  int main(int argc, char *argv[]) {
140
  if (argc > 1) {
141
  login(argv[1]);
142
  }
143
-
144
  return 0;
145
- }"""]
146
- ],
147
- inputs=[lang_input, code_input]
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
148
  )
149
 
150
- # Update syntax highlighting based on dropdown
151
- def update_syntax(lang):
152
- return gr.update(language=lang), gr.update(language=lang)
153
-
154
- lang_input.change(update_syntax, lang_input, [code_input, code_output])
155
  submit_btn.click(fix_code, [lang_input, code_input], code_output)
156
 
157
- demo.launch()
 
1
+ import textwrap
2
  import gradio as gr
3
  import torch
4
  from transformers import AutoModelForCausalLM, AutoTokenizer
 
62
  else:
63
  return result.strip()
64
 
65
+ EXAMPLES = [
66
+ [
67
+ "python",
68
+ textwrap.dedent("""\
69
+ import os
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
70
  from flask import Flask, request
71
+
72
  app = Flask(__name__)
73
+
74
  @app.route("/run")
75
  def run():
76
  cmd = request.args.get("cmd")
 
 
77
  return os.popen(cmd).read()
78
+
79
  if __name__ == "__main__":
80
+ app.run(debug=False)"""),
81
+ ],
82
+ [
83
+ "java",
84
+ textwrap.dedent("""\
85
+ import java.sql.*;
86
  import javax.servlet.http.*;
87
+
88
  public class UserServlet extends HttpServlet {
89
  public void doGet(HttpServletRequest req, HttpServletResponse res) {
90
  try {
91
  String id = req.getParameter("id");
92
  Connection conn = DriverManager.getConnection("jdbc:mysql://localhost/db", "user", "pass");
93
  Statement stmt = conn.createStatement();
 
94
  ResultSet rs = stmt.executeQuery("SELECT * FROM users WHERE id='" + id + "'");
95
  } catch (Exception e) {
96
  e.printStackTrace();
97
  }
98
  }
99
+ }"""),
100
+ ],
101
+ [
102
+ "cpp",
103
+ textwrap.dedent("""\
104
+ #include <iostream>
 
105
  #include <cstring>
106
+
107
  void login(char *input) {
108
  char password[8];
 
109
  strcpy(password, input);
110
  }
111
+
112
  int main(int argc, char *argv[]) {
113
  if (argc > 1) {
114
  login(argv[1]);
115
  }
 
116
  return 0;
117
+ }"""),
118
+ ],
119
+ ]
120
+
121
+ # UI Layout
122
+ with gr.Blocks(title="PyJavaCPP Vuln-Fixer") as demo:
123
+ gr.Markdown("# 🛡️ PyJavaCPP Vulnerability Fixer (CPU)")
124
+ gr.Markdown(
125
+ "Select your language, paste your code, and get a secured version of your code!"
126
+ )
127
+
128
+ with gr.Row():
129
+ with gr.Column():
130
+ lang_input = gr.Dropdown(
131
+ choices=["python", "java", "cpp"],
132
+ value="python",
133
+ label="Target Language",
134
+ )
135
+ code_input = gr.Textbox(
136
+ label="Vulnerable Code",
137
+ lines=15,
138
+ max_lines=30,
139
+ placeholder="Paste your vulnerable code here...",
140
+ )
141
+ submit_btn = gr.Button("Secure My Code ✨", variant="primary")
142
+
143
+ with gr.Column():
144
+ code_output = gr.Textbox(
145
+ label="Fixed Code",
146
+ lines=15,
147
+ max_lines=30,
148
+ interactive=False,
149
+ )
150
+
151
+ gr.Examples(
152
+ examples=EXAMPLES,
153
+ inputs=[lang_input, code_input],
154
  )
155
 
 
 
 
 
 
156
  submit_btn.click(fix_code, [lang_input, code_input], code_output)
157
 
158
+ demo.launch(ssr_mode=False)