-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathscanner.py
More file actions
98 lines (78 loc) · 2.67 KB
/
scanner.py
File metadata and controls
98 lines (78 loc) · 2.67 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
import os
from dotenv import load_dotenv
import google.generativeai as genai
from colorama import init, Fore, Style
import sys
init(autoreset=True)
# Load environment variables from .env file
load_dotenv()
# Configure with your API key from environment variable
api_key = os.getenv("GOOGLE_API_KEY")
genai.configure(api_key=api_key)
# Initialize the model
model = genai.GenerativeModel("gemini-2.5-flash")
# Vulnerable code example 1: SQL Injection
vulnerable_code_1 = '''
def get_user(username):
query = "SELECT * FROM users WHERE username = '" + username + "'"
cursor.execute(query)
return cursor.fetchone()
'''
# Vulnerable code example 2: Hardcoded credentials
vulnerable_code_2 = '''
DATABASE_PASSWORD = "supersecret123"
API_KEY = "sk-1234567890abcdef"
def connect_db():
return psycopg2.connect(
host="localhost",
password=DATABASE_PASSWORD
)
'''
# Vulnerable code example 3: Weak cryptography
vulnerable_code_3 = '''
import hashlib
def hash_password(password):
return hashlib.md5(password.encode()).hexdigest()
'''
security_prompt = """
Analyze this code for security vulnerabilities. Be concise.
For each issue use this exact format:
- --
SEVERITY: [CRITICAL/HIGH/MEDIUM/LOW]
TYPE: [Vulnerability Name]
DESCRIPTION: [One sentence explaining the issue]
IMPACT: [One sentence on potential damage]
FIX: [Code snippet only]
---
Code:
{code}
"""
def add_colors_to_output(text):
"""Add colors to severity levels in the output."""
text = text.replace("SEVERITY: CRITICAL", f"SEVERITY: {Fore.RED}{Style.BRIGHT}CRITICAL{Style.RESET_ALL}")
text = text.replace("SEVERITY: HIGH", f"SEVERITY: {Fore.YELLOW}{Style.BRIGHT}HIGH{Style.RESET_ALL}")
text = text.replace("SEVERITY: MEDIUM", f"SEVERITY: {Fore.BLUE}MEDIUM{Style.RESET_ALL}")
text = text.replace("SEVERITY: LOW", f"SEVERITY: {Fore.GREEN}LOW{Style.RESET_ALL}")
return text
def scan_file(filepath):
"""Read a file and analyze it for vulnerabilities."""
try:
with open(filepath, 'r') as f:
code = f.read()
print(f"\n{'=' * 60}")
print(f"Scanning: {filepath}")
print(f"{'=' * 60}\n")
# Use already defined security prompt
response = model.generate_content(security_prompt.format(code=code))
output = add_colors_to_output(response.text)
print(output)
except FileNotFoundError:
print(f"{Fore.RED}Error: File '{filepath}' not found.{Style.RESET_ALL}")
# Check if a filename was provided
if len(sys.argv) > 1:
filepath = sys.argv[1]
print(f"Scanning file: {filepath}\n")
scan_file(filepath)
else:
print("Usage: python scanner.py <filepath>")
print("Example: python scanner.py vulnerable.py")