Spaces:
Running
Running
| """ | |
| Code Security Risk Analyzer v2 - Gradio UI + REST API | |
| ===================================================== | |
| IMPROVEMENTS OVER v1: | |
| - Per-class threshold optimization (not global 0.3) | |
| - Temperature scaling calibration (meaningful probabilities) | |
| - Uses label_config.json for thresholds + calibration | |
| - Better vulnerability detection across rare CWEs | |
| Run AFTER notebooks 1-4 to use the improved models. | |
| Upload this to: https://huggingface.co/spaces/ayshajavd/code-security-analyzer | |
| """ | |
| from reportlab.platypus import SimpleDocTemplate, Paragraph | |
| from reportlab.lib.styles import getSampleStyleSheet | |
| import json | |
| import re | |
| import time | |
| import torch | |
| import gradio as gr | |
| from transformers import ( | |
| AutoTokenizer, | |
| AutoModelForSequenceClassification, | |
| T5ForConditionalGeneration, | |
| ) | |
| from huggingface_hub import hf_hub_download | |
| import numpy as np | |
| # ============================================================ | |
| # Label Mappings | |
| # ============================================================ | |
| TARGET_CWES = [ | |
| "safe", "CWE-20", "CWE-22", "CWE-78", "CWE-79", "CWE-89", "CWE-94", | |
| "CWE-119", "CWE-125", "CWE-190", "CWE-200", "CWE-264", "CWE-269", | |
| "CWE-276", "CWE-284", "CWE-287", "CWE-310", "CWE-327", "CWE-330", | |
| "CWE-352", "CWE-362", "CWE-399", "CWE-401", "CWE-416", "CWE-434", | |
| "CWE-476", "CWE-502", "CWE-601", "CWE-787", "CWE-798", "CWE-918", | |
| ] | |
| CWE_NAMES = { | |
| "safe": "Safe Code", | |
| "CWE-20": "Improper Input Validation", | |
| "CWE-22": "Path Traversal", | |
| "CWE-78": "OS Command Injection", | |
| "CWE-79": "Cross-Site Scripting (XSS)", | |
| "CWE-89": "SQL Injection", | |
| "CWE-94": "Code Injection", | |
| "CWE-119": "Buffer Overflow", | |
| "CWE-125": "Out-of-bounds Read", | |
| "CWE-190": "Integer Overflow", | |
| "CWE-200": "Information Exposure", | |
| "CWE-264": "Permissions/Privileges/Access Controls", | |
| "CWE-269": "Improper Privilege Management", | |
| "CWE-276": "Incorrect Default Permissions", | |
| "CWE-284": "Improper Access Control", | |
| "CWE-287": "Improper Authentication", | |
| "CWE-310": "Cryptographic Issues", | |
| "CWE-327": "Broken Crypto Algorithm", | |
| "CWE-330": "Insufficient Randomness", | |
| "CWE-352": "Cross-Site Request Forgery (CSRF)", | |
| "CWE-362": "Race Condition", | |
| "CWE-399": "Resource Management Errors", | |
| "CWE-401": "Memory Leak", | |
| "CWE-416": "Use After Free", | |
| "CWE-434": "Unrestricted File Upload", | |
| "CWE-476": "NULL Pointer Dereference", | |
| "CWE-502": "Insecure Deserialization", | |
| "CWE-601": "Open Redirect", | |
| "CWE-787": "Out-of-bounds Write", | |
| "CWE-798": "Hardcoded Credentials", | |
| "CWE-918": "Server-Side Request Forgery (SSRF)", | |
| } | |
| CWE_TO_OWASP = { | |
| "CWE-22": "A01:2021 - Broken Access Control", | |
| "CWE-200": "A01:2021 - Broken Access Control", | |
| "CWE-264": "A01:2021 - Broken Access Control", | |
| "CWE-276": "A01:2021 - Broken Access Control", | |
| "CWE-284": "A01:2021 - Broken Access Control", | |
| "CWE-352": "A01:2021 - Broken Access Control", | |
| "CWE-601": "A01:2021 - Broken Access Control", | |
| "CWE-269": "A01:2021 - Broken Access Control", | |
| "CWE-310": "A02:2021 - Cryptographic Failures", | |
| "CWE-327": "A02:2021 - Cryptographic Failures", | |
| "CWE-330": "A02:2021 - Cryptographic Failures", | |
| "CWE-20": "A03:2021 - Injection", | |
| "CWE-78": "A03:2021 - Injection", | |
| "CWE-79": "A03:2021 - Injection", | |
| "CWE-89": "A03:2021 - Injection", | |
| "CWE-94": "A03:2021 - Injection", | |
| "CWE-119": "A03:2021 - Injection", | |
| "CWE-125": "A03:2021 - Injection", | |
| "CWE-190": "A03:2021 - Injection", | |
| "CWE-416": "A03:2021 - Injection", | |
| "CWE-476": "A03:2021 - Injection", | |
| "CWE-401": "A03:2021 - Injection", | |
| "CWE-787": "A03:2021 - Injection", | |
| "CWE-434": "A04:2021 - Insecure Design", | |
| "CWE-362": "A04:2021 - Insecure Design", | |
| "CWE-399": "A04:2021 - Insecure Design", | |
| "CWE-287": "A07:2021 - Identification & Auth Failures", | |
| "CWE-798": "A07:2021 - Identification & Auth Failures", | |
| "CWE-502": "A08:2021 - Software & Data Integrity Failures", | |
| "CWE-918": "A10:2021 - Server-Side Request Forgery", | |
| } | |
| SEVERITY_MAP = { | |
| "CWE-89": ("Critical", 95), "CWE-78": ("Critical", 93), | |
| "CWE-94": ("Critical", 92), "CWE-502": ("Critical", 90), | |
| "CWE-918": ("Critical", 88), "CWE-798": ("Critical", 87), | |
| "CWE-119": ("High", 85), "CWE-787": ("High", 84), | |
| "CWE-416": ("High", 83), "CWE-79": ("High", 80), | |
| "CWE-22": ("High", 78), "CWE-287": ("High", 77), | |
| "CWE-284": ("High", 76), "CWE-434": ("High", 75), | |
| "CWE-125": ("Medium", 70), "CWE-190": ("Medium", 68), | |
| "CWE-352": ("Medium", 67), "CWE-476": ("Medium", 65), | |
| "CWE-362": ("Medium", 63), "CWE-20": ("Medium", 60), | |
| "CWE-264": ("Medium", 58), "CWE-269": ("Medium", 57), | |
| "CWE-310": ("Medium", 65), "CWE-327": ("Medium", 62), | |
| "CWE-330": ("Medium", 55), "CWE-399": ("Low", 45), | |
| "CWE-401": ("Low", 42), "CWE-200": ("Low", 40), | |
| "CWE-276": ("Low", 38), "CWE-601": ("Medium", 55), | |
| } | |
| EXPLANATIONS = { | |
| "CWE-89": "**SQL Injection** means an attacker can manipulate your database queries by injecting malicious SQL code through user inputs. This could let them steal, modify, or delete ALL your data.", | |
| "CWE-79": "**Cross-Site Scripting (XSS)** lets attackers inject malicious JavaScript into your web pages. When other users visit the page, the script runs in their browser - stealing cookies, session tokens, or redirecting them to fake sites.", | |
| "CWE-78": "**OS Command Injection** means user input is being passed directly to system commands. An attacker could run ANY command on your server.", | |
| "CWE-94": "**Code Injection** allows attackers to inject and execute arbitrary code. Functions like `eval()`, `exec()`, or dynamic code compilation with untrusted input are the usual culprits.", | |
| "CWE-119": "**Buffer Overflow** happens when your code writes data beyond the allocated memory buffer. Attackers can exploit this to crash your program or execute malicious code.", | |
| "CWE-125": "**Out-of-bounds Read** means your code reads memory outside the intended buffer. This can leak sensitive data like passwords or encryption keys.", | |
| "CWE-190": "**Integer Overflow** occurs when an arithmetic operation produces a value too large for the data type, which can be chained with buffer overflows for code execution.", | |
| "CWE-200": "**Information Exposure** means sensitive data (API keys, passwords, stack traces) is being leaked to unauthorized parties.", | |
| "CWE-264": "**Improper Access Control** means users can access resources or perform actions they shouldn't be authorized for.", | |
| "CWE-287": "**Authentication Bypass** means the login/identity verification can be circumvented.", | |
| "CWE-310": "**Cryptographic Issues** - you're using weak, broken, or improperly configured encryption.", | |
| "CWE-352": "**CSRF** tricks authenticated users into performing unwanted actions on your site.", | |
| "CWE-362": "**Race Condition** means two operations compete for the same resource without proper synchronization.", | |
| "CWE-416": "**Use After Free** - memory is being used after it's been freed. Attackers can exploit this for arbitrary code execution.", | |
| "CWE-434": "**Unrestricted File Upload** lets attackers upload malicious files (like web shells) to your server.", | |
| "CWE-476": "**NULL Pointer Dereference** - your code tries to use a pointer that's NULL, causing crashes.", | |
| "CWE-502": "**Insecure Deserialization** means untrusted data is deserialized without validation, enabling code execution.", | |
| "CWE-601": "**Open Redirect** lets attackers redirect users from your trusted site to a malicious one for phishing.", | |
| "CWE-787": "**Out-of-bounds Write** - data is written outside the intended memory buffer, often leading to remote code execution.", | |
| "CWE-798": "**Hardcoded Credentials** - passwords, API keys, or tokens are embedded directly in the source code.", | |
| "CWE-918": "**SSRF** lets attackers make your server send requests to internal systems, accessing internal APIs or cloud metadata.", | |
| "CWE-22": "**Path Traversal** means user input is used in file paths without sanitization. Attackers can use `../` to access any file on the server.", | |
| "CWE-269": "**Privilege Escalation** - a user can gain higher privileges than intended.", | |
| "CWE-276": "**Incorrect Permissions** - files or resources have permissions that are too permissive.", | |
| "CWE-327": "**Broken Cryptography** - you're using algorithms like MD5 or SHA1 that are cryptographically broken.", | |
| "CWE-330": "**Insufficient Randomness** - security-critical random values (tokens, keys) are predictable.", | |
| "CWE-399": "**Resource Management Issues** - improper handling of system resources can lead to denial of service.", | |
| "CWE-401": "**Memory Leak** - memory is allocated but never freed, eventually causing crashes.", | |
| "CWE-20": "**Improper Input Validation** - user input isn't properly checked before use, enabling many other vulnerabilities.", | |
| "CWE-284": "**Broken Access Control** - authorization checks are missing or incorrectly implemented.", | |
| } | |
| # ============================================================ | |
| # Model Loading | |
| # ============================================================ | |
| CLASSIFIER_ID = "ayshajavd/graphcodebert-vuln-classifier" | |
| FIXER_ID = "ayshajavd/codet5p-vuln-fixer" | |
| THRESHOLDS = {cwe: 0.3 for cwe in TARGET_CWES} | |
| TEMPERATURE = 1.0 | |
| print("Loading classifier...") | |
| try: | |
| cls_tokenizer = AutoTokenizer.from_pretrained(CLASSIFIER_ID) | |
| cls_model = AutoModelForSequenceClassification.from_pretrained(CLASSIFIER_ID) | |
| cls_model.eval() | |
| CLASSIFIER_LOADED = True | |
| print("Classifier loaded successfully") | |
| try: | |
| config_path = hf_hub_download(CLASSIFIER_ID, "label_config.json") | |
| with open(config_path) as f: | |
| label_config = json.load(f) | |
| if "optimized_thresholds" in label_config: | |
| THRESHOLDS = label_config["optimized_thresholds"] | |
| print(f"Per-class thresholds loaded ({len(THRESHOLDS)} classes)") | |
| if "temperature" in label_config: | |
| TEMPERATURE = label_config["temperature"] | |
| print(f"Temperature calibration loaded (T={TEMPERATURE:.4f})") | |
| except Exception as e: | |
| print(f"Could not load label_config: {e}. Using defaults.") | |
| except Exception as e: | |
| print(f"Classifier not available: {e}") | |
| cls_tokenizer = AutoTokenizer.from_pretrained("huggingface/CodeBERTa-small-v1") | |
| cls_model = AutoModelForSequenceClassification.from_pretrained( | |
| "huggingface/CodeBERTa-small-v1", num_labels=31, problem_type="multi_label_classification", | |
| ) | |
| cls_model.eval() | |
| CLASSIFIER_LOADED = False | |
| print("Loading fix generator...") | |
| try: | |
| fix_tokenizer = AutoTokenizer.from_pretrained(FIXER_ID) | |
| fix_model = T5ForConditionalGeneration.from_pretrained(FIXER_ID) | |
| fix_model.eval() | |
| FIXER_LOADED = True | |
| print("Fix generator loaded successfully") | |
| except Exception as e: | |
| print(f"Fix generator not available: {e}") | |
| fix_tokenizer = AutoTokenizer.from_pretrained("Salesforce/codet5p-220m") | |
| fix_model = T5ForConditionalGeneration.from_pretrained("Salesforce/codet5p-220m") | |
| fix_model.eval() | |
| FIXER_LOADED = False | |
| def detect_language(code: str) -> str: | |
| code_lower = code[:500].lower() | |
| if "<?php" in code_lower: return "PHP" | |
| if "package main" in code_lower and "func " in code_lower: return "Go" | |
| if "#include" in code_lower: | |
| if "class " in code_lower or "std::" in code_lower or "cout" in code_lower: return "C++" | |
| return "C" | |
| if "import java" in code_lower or "public class" in code_lower: return "Java" | |
| if re.search(r'\b(const |let |var |function |=>|require\(|module\.exports)', code_lower): return "JavaScript" | |
| if re.search(r'\b(def |import |from |class |self\.|print\()', code_lower): return "Python" | |
| return "Unknown" | |
| def classify_code(code): | |
| inputs = cls_tokenizer(code, return_tensors="pt", max_length=512, truncation=True, padding=True) | |
| with torch.no_grad(): | |
| logits = cls_model(**inputs).logits.squeeze() | |
| calibrated_logits = logits / TEMPERATURE | |
| probs = torch.sigmoid(calibrated_logits).numpy() | |
| detected = [] | |
| for i, (cwe, p) in enumerate(zip(TARGET_CWES, probs)): | |
| if cwe == "safe": | |
| continue | |
| threshold = THRESHOLDS.get(cwe, 0.3) | |
| if p > threshold: | |
| detected.append((cwe, float(p))) | |
| detected.sort(key=lambda x: x[1], reverse=True) | |
| return detected, float(probs[0]), {cwe: float(p) for cwe, p in zip(TARGET_CWES, probs)} | |
| def generate_fix(code, language, cwe_id=None): | |
| if cwe_id: | |
| cwe_name = CWE_NAMES.get(cwe_id, cwe_id) | |
| prefix = f"fix {cwe_name} vulnerability in {language.lower()}: " | |
| else: | |
| prefix = f"fix {language.lower()}: " | |
| input_ids = fix_tokenizer(prefix + code, return_tensors="pt", max_length=512, truncation=True).input_ids | |
| with torch.no_grad(): | |
| out = fix_model.generate(input_ids, max_length=512, num_beams=5, early_stopping=True, no_repeat_ngram_size=3) | |
| return fix_tokenizer.decode(out[0], skip_special_tokens=True) | |
| def build_json_report(code): | |
| language = detect_language(code) | |
| detected, safe_prob, all_probs = classify_code(code) | |
| if not detected: | |
| overall_risk = max(0, int(100 - 100 * safe_prob)) | |
| risk_level = "Low" | |
| else: | |
| max_sev = max(SEVERITY_MAP.get(c, ("Low", 30))[1] for c, _ in detected) | |
| avg_conf = sum(p for _, p in detected) / len(detected) | |
| overall_risk = min(100, int(max_sev * avg_conf * 1.2)) | |
| risk_level = "Critical" if overall_risk >= 80 else "High" if overall_risk >= 60 else "Medium" if overall_risk >= 40 else "Low" | |
| vulns = [] | |
| for cwe, conf in detected: | |
| sev, score = SEVERITY_MAP.get(cwe, ("Medium", 50)) | |
| threshold_used = THRESHOLDS.get(cwe, 0.3) | |
| vulns.append({ | |
| "cwe_id": cwe, "name": CWE_NAMES.get(cwe, cwe), | |
| "owasp_category": CWE_TO_OWASP.get(cwe, "N/A"), | |
| "severity": sev, "severity_score": score, | |
| "detection_confidence": round(conf, 4), | |
| "threshold_used": round(threshold_used, 3), | |
| "exploit_likelihood": min(100, int(conf * score)), | |
| "explanation": EXPLANATIONS.get(cwe, "Security risk detected.").replace("**", ""), | |
| }) | |
| chain = None | |
| if len(detected) > 1: | |
| steps = [] | |
| cats = {c for c, _ in detected} | |
| if cats & {"CWE-20","CWE-89","CWE-79","CWE-78","CWE-94"}: | |
| steps.append({"step": len(steps)+1, "phase": "Initial Access", "description": "Exploit input validation weakness"}) | |
| if cats & {"CWE-264","CWE-269","CWE-284","CWE-287"}: | |
| steps.append({"step": len(steps)+1, "phase": "Privilege Escalation", "description": "Bypass access controls"}) | |
| if cats & {"CWE-200","CWE-22","CWE-125"}: | |
| steps.append({"step": len(steps)+1, "phase": "Data Exfiltration", "description": "Read sensitive files or memory"}) | |
| if cats & {"CWE-119","CWE-416","CWE-787","CWE-502"}: | |
| steps.append({"step": len(steps)+1, "phase": "Code Execution", "description": "Exploit memory corruption"}) | |
| if steps: chain = steps | |
| fix = None | |
| try: | |
| top_cwe = detected[0][0] if detected else None | |
| f = generate_fix(code, language, top_cwe) | |
| if f and f.strip(): fix = f | |
| except: pass | |
| return { | |
| "language": language, | |
| "model_status": { | |
| "classifier": "trained_v2" if CLASSIFIER_LOADED else "base_model", | |
| "fix_generator": "trained_v2" if FIXER_LOADED else "base_model", | |
| "calibration": f"T={TEMPERATURE:.4f}" if TEMPERATURE != 1.0 else "none", | |
| "thresholds": "per_class_optimized" if any(v != 0.3 for v in THRESHOLDS.values()) else "global_0.3", | |
| }, | |
| "overall_risk_score": overall_risk, "risk_level": risk_level, | |
| "safe_probability": round(safe_prob, 4), "num_vulnerabilities": len(vulns), | |
| "vulnerabilities": vulns, "attack_chain": chain, "suggested_fix": fix, | |
| "all_class_probabilities": all_probs, | |
| "timestamp": time.strftime("%Y-%m-%dT%H:%M:%SZ", time.gmtime()), | |
| } | |
| def analyze_code(code): | |
| if not code or not code.strip(): return "Please paste some code to analyze." | |
| data = build_json_report(code) | |
| r = ["# Code Security Analysis Report\n"] | |
| r.append(f"**Language:** {data['language']}") | |
| cls_status = "Trained v2 (GraphCodeBERT + ASL)" if data['model_status']['classifier'] == 'trained_v2' else "Base Model" | |
| fix_status = "Trained v2 (CodeT5+ CWE-aware)" if data['model_status']['fix_generator'] == 'trained_v2' else "Base Model" | |
| r.append(f"**Classifier:** {cls_status}") | |
| r.append(f"**Fix Generator:** {fix_status}") | |
| if data['model_status']['calibration'] != 'none': | |
| r.append(f"**Calibration:** {data['model_status']['calibration']} | **Thresholds:** {data['model_status']['thresholds']}") | |
| r.append("") | |
| if data['num_vulnerabilities'] == 0: | |
| r.append("## No Vulnerabilities Detected") | |
| r.append(f"**Risk Score:** {data['overall_risk_score']}/100 | **Safe Confidence:** {data['safe_probability']:.1%}\n") | |
| r.append("Code appears safe. Always supplement with manual review and SAST tools.") | |
| return "\n".join(r) | |
| emoji = {"Critical":"π΄","High":"π ","Medium":"π‘","Low":"π’"}.get(data['risk_level'],"βͺ") | |
| r.append(f"## {emoji} {data['num_vulnerabilities']} Vulnerability(ies) Detected\n") | |
| r.append(f"**Risk Score:** {data['overall_risk_score']}/100 ({data['risk_level']}) | **Safe Probability:** {data['safe_probability']:.1%}\n---\n") | |
| for i, v in enumerate(data['vulnerabilities'], 1): | |
| se = {"Critical":"π΄","High":"π ","Medium":"π‘","Low":"π’"}.get(v['severity'],"βͺ") | |
| r.append(f"### {i}. {se} {v['name']}") | |
| r.append("| Property | Value |\n|----------|-------|") | |
| r.append(f"| **CWE ID** | {v['cwe_id']} |") | |
| r.append(f"| **OWASP** | {v['owasp_category']} |") | |
| r.append(f"| **Severity** | {v['severity']} ({v['severity_score']}/100) |") | |
| r.append(f"| **Confidence** | {v['detection_confidence']:.1%} (calibrated) |") | |
| r.append(f"| **Threshold** | {v['threshold_used']:.3f} (per-class optimized) |") | |
| r.append(f"| **Exploit Likelihood** | {v['exploit_likelihood']}% |") | |
| r.append(f"\n**Why Dangerous:** {v['explanation']}\n") | |
| if data['attack_chain']: | |
| r.append("---\n## Attack Chain\n") | |
| for s in data['attack_chain']: | |
| r.append(f"{s['step']}. **{s['phase']}** β {s['description']}") | |
| r.append("\n---\n## Suggested Fix\n") | |
| if data['suggested_fix']: | |
| r.append(f"```{data['language'].lower()}\n{data['suggested_fix']}\n```") | |
| else: | |
| r.append("*Fix generation unavailable. Please review manually.*") | |
| r.append("\n---\n*AI-generated report (v2: calibrated probabilities + per-class thresholds). Verify with manual review and SAST tools.*") | |
| return "\n".join(r) | |
| def get_json_report(code): | |
| if not code or not code.strip(): return {"error": "No code provided"} | |
| return build_json_report(code) | |
| def create_pdf(report_text): | |
| pdf_path = "security_report.pdf" | |
| doc = SimpleDocTemplate(pdf_path) | |
| styles = getSampleStyleSheet() | |
| elements = [ | |
| Paragraph( | |
| report_text.replace("\n", "<br/>"), | |
| styles["BodyText"] | |
| ) | |
| ] | |
| doc.build(elements) | |
| return pdf_path | |
| from reportlab.platypus import SimpleDocTemplate, Paragraph | |
| from reportlab.lib.styles import getSampleStyleSheet | |
| def create_pdf(report_text): | |
| pdf_path = "security_report.pdf" | |
| doc = SimpleDocTemplate(pdf_path) | |
| styles = getSampleStyleSheet() | |
| elements = [ | |
| Paragraph( | |
| str(report_text).replace("\n", "<br/>"), | |
| styles["BodyText"] | |
| ) | |
| ] | |
| doc.build(elements) | |
| return pdf_path | |
| EXAMPLES = [ | |
| ["""import sqlite3\n\ndef get_user(username):\n conn = sqlite3.connect('users.db')\n query = f"SELECT * FROM users WHERE username = '{username}'"\n return conn.execute(query).fetchone()\n"""], | |
| ["""#include <stdio.h>\n#include <string.h>\n\nvoid process_input(char *user_input) {\n char buffer[64];\n strcpy(buffer, user_input);\n printf("Processed: %s\\n", buffer);\n}\n"""], | |
| ["""const express = require('express');\nconst app = express();\n\napp.get('/search', (req, res) => {\n const query = req.query.q;\n res.send(`<h1>Results for: ${query}</h1>`);\n});\n"""], | |
| ["""import requests, hashlib\n\nAPI_KEY = "sk-proj-abc123def456"\nDB_PASSWORD = "admin123"\n\ndef hash_password(password):\n return hashlib.md5(password.encode()).hexdigest()\n"""], | |
| ["""import sqlite3\nfrom hashlib import sha256\nimport hmac, secrets\n\ndef get_user(username):\n conn = sqlite3.connect('users.db')\n conn.execute("SELECT * FROM users WHERE username = ?", (username,))\n return conn.fetchone()\n"""], | |
| ] | |
| with gr.Blocks( | |
| title="Code Security Risk Analyzer v2", | |
| theme=gr.themes.Soft(), | |
| css=".gradio-container { max-width: 1200px; margin: auto; }", | |
| ) as demo: | |
| gr.Markdown(""" | |
| # π AI-Powered Code Security Risk Analyzer v2 | |
| ### Detect OWASP Top 10 & CWE vulnerabilities with calibrated confidence + per-class thresholds | |
| Paste code in Python, JavaScript, Java, C, C++, PHP, or Go. | |
| **Models:** [GraphCodeBERT](https://huggingface.co/ayshajavd/graphcodebert-vuln-classifier) | |
| + [CodeT5+](https://huggingface.co/ayshajavd/codet5p-vuln-fixer) | |
| **Dataset:** 175K samples | |
| """) | |
| with gr.Row(): | |
| # LEFT COLUMN | |
| with gr.Column(scale=1): | |
| code_input = gr.Code( | |
| label="Paste Your Code Here", | |
| language="python", | |
| lines=20 | |
| ) | |
| # LEFT COLUMN | |
| with gr.Column(scale=1): | |
| code_input = gr.Code( | |
| label="Paste Your Code Here", | |
| language="python", | |
| lines=20 | |
| ) | |
| with gr.Row(): | |
| analyze_btn = gr.Button( | |
| "π Analyze Security", | |
| variant="primary", | |
| size="lg" | |
| ) | |
| json_btn = gr.Button( | |
| "π JSON Report", | |
| variant="secondary", | |
| size="lg" | |
| ) | |
| # RIGHT COLUMN | |
| with gr.Column(scale=1): | |
| report_output = gr.Markdown( | |
| label="Security Report" | |
| ) | |
| download_btn = gr.Button( | |
| "π Generate PDF Report" | |
| ) | |
| pdf_file = gr.File( | |
| label="Download Report" | |
| ) | |
| json_output = gr.JSON( | |
| label="JSON Report", | |
| visible=False | |
| ) | |
| gr.Examples(examples=EXAMPLES, inputs=[code_input], label="Example Code Snippets") | |
| def show_json(code): | |
| return gr.update(visible=True, value=get_json_report(code)) | |
| analyze_btn.click( | |
| fn=analyze_code, inputs=[code_input], outputs=[report_output], api_name="analyze" | |
| ) | |
| json_btn.click( | |
| fn=show_json, | |
| inputs=[code_input], | |
| outputs=[json_output] | |
| ) | |
| download_btn.click( | |
| fn=create_pdf, | |
| inputs=[report_output], | |
| outputs=[pdf_file] | |
| ) | |
| with gr.Row(visible=False): | |
| api_json_btn = gr.Button("get_json", visible=False) | |
| api_json_btn.click(fn=get_json_report, inputs=[code_input], outputs=[json_output], api_name="get_json_report") | |
| with gr.Accordion("π REST API Documentation", open=False): | |
| gr.Markdown(""" | |
| ### Python Client | |
| ```python | |
| from gradio_client import Client | |
| client = Client("ayshajavd/code-security-analyzer") | |
| report = client.predict(code="your code here", api_name="/analyze") | |
| json_report = client.predict(code="your code here", api_name="/get_json_report") | |
| ``` | |
| ### cURL | |
| ```bash | |
| curl -X POST https://ayshajavd-code-security-analyzer.hf.space/call/analyze \\ | |
| -H "Content-Type: application/json" -d '{"data": ["your code here"]}' | |
| ``` | |
| """) | |
| gr.Markdown(""" | |
| --- | |
| ### 30 CWE Vulnerability Classes β OWASP Top 10 | |
| | OWASP Category | CWEs | | |
| |---|---| | |
| | **A01: Broken Access Control** | CWE-22, 200, 264, 269, 276, 284, 352, 601 | | |
| | **A02: Cryptographic Failures** | CWE-310, 327, 330 | | |
| | **A03: Injection** | CWE-20, 78, 79, 89, 94, 119, 125, 190, 401, 416, 476, 787 | | |
| | **A04: Insecure Design** | CWE-362, 399, 434 | | |
| | **A07: Auth Failures** | CWE-287, 798 | | |
| | **A08: Integrity Failures** | CWE-502 | | |
| | **A10: SSRF** | CWE-918 | | |
| """) | |
| if __name__ == "__main__": | |
| demo.launch() | |