Mobile-Security-Framework-MobSF/MobSF_AI/sidecar/app.py at 4e19a26827d0c1b4af3a64d2a8b12e0db100c2a9 · MobSF/Mobile-Security-Framework-MobSF · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
from flask import Flask, render_template, request, jsonify
import requests
import os
from openai import OpenAI
import json

app = Flask(__name__)

MOBSF_URL = os.environ.get('MOBSF_URL', 'http://mobsf:8000')
MOBSF_API_KEY = os.environ.get('MOBSF_API_KEY', '')
OPENAI_API_KEY = os.environ.get('OPENAI_API_KEY', '')

client = OpenAI(api_key=OPENAI_API_KEY)


@app.route('/chat/<scan_hash>/')
def chat_ui(scan_hash):
    # We can pass scan_hash to the template
    return render_template('chat.html', scan_hash=scan_hash)


@app.route('/api/chat', methods=['POST'])
def chat_api():
    data = request.json
    scan_hash = data.get('hash')
    message = data.get('message')
    history = data.get('history', [])

    if not scan_hash or not message:
        return jsonify({'error': 'Missing hash or message'}), 400

    headers = {'Authorization': MOBSF_API_KEY}
    try:
        # Fetch report from MobSF
        resp = requests.post(f"{MOBSF_URL}/api/v1/report_json",
                             data={'hash': scan_hash}, headers=headers)
        if resp.status_code != 200:
            return jsonify({'error': f"MobSF Error: {resp.status_code} {resp.text}"}), 500

        report_data = resp.json()
    except Exception as e:
        return jsonify({'error': str(e)}), 500

    system_instruction = f"""
    You are a security analyst assistant for MobSF.
    Report Context:
    {json.dumps(report_data, default=str)[:50000]}

    Answer the user's question based on this report.
    """

    messages = [{"role": "system", "content": system_instruction}]
    for turn in history:
        # Gemini format adaptation if needed, but sidecar uses new format
        role = turn.get('role', 'user')
        if role == 'model':
            role = 'assistant'

        content = turn.get('content', '')
        if not content and 'parts' in turn:
            content = turn['parts'][0]
        messages.append({"role": role, "content": str(content)})

    messages.append({"role": "user", "content": message})

    try:
        completion = client.chat.completions.create(
            model="gpt-4o",
            messages=messages
        )
        reply = completion.choices[0].message.content
        return jsonify({'response': reply})
    except Exception as e:
        return jsonify({'error': str(e)}), 500


if __name__ == '__main__':
    app.run()