adding client

app.py

@@ -0,0 +1,174 @@
+import gradio as gr
+from smolagents import InferenceClientModel, CodeAgent, MCPClient
+
+# MCP Server URL for GitHub tools
+MCP_SERVER_URL = "https://Baction-Vulnerability_Scanner_MCP_Server.hf.space/gradio_api/mcp/"
+
+def parse_github_url(url):
+    """Parse GitHub URL to extract owner, repo, and file path"""
+    import re
+    
+    # Handle repository URLs
+    repo_pattern = r'https://github\.com/([^/]+)/([^/]+)/?$'
+    repo_match = re.match(repo_pattern, url.strip())
+    if repo_match:
+        return repo_match.group(1), repo_match.group(2), None
+    
+    # Handle file URLs
+    file_pattern = r'https://github\.com/([^/]+)/([^/]+)/blob/[^/]+/(.+)$'
+    file_match = re.match(file_pattern, url.strip())
+    if file_match:
+        return file_match.group(1), file_match.group(2), file_match.group(3)
+    
+    return None, None, None
+
+
+def analyze_vulnerabilities(message, history, hf_token):
+    """Analyze GitHub repository or specific file for vulnerabilities using AI agent"""
+    
+    # Validate HF token input
+    if not hf_token.strip():
+        return "❌ Please provide a Hugging Face API key. Get one from [Hugging Face](https://huggingface.co/settings/tokens)"
+    
+    try:
+        # Connect to MCP server
+        mcp_client = MCPClient({
+            "url": MCP_SERVER_URL,
+            "timeout": 120
+        })
+        tools = mcp_client.get_tools()
+        
+        # Initialize AI model with user's token
+        model = InferenceClientModel(token=hf_token.strip())
+        
+        # Create AI agent with GitHub MCP tools
+        agent = CodeAgent(
+            tools=[*tools], 
+            model=model, 
+            additional_authorized_imports=["json", "ast", "urllib", "base64", "re"],
+            max_steps=10
+        )
+        
+        # Parse the GitHub URL
+        owner, repo, file_path = parse_github_url(message)
+        
+        if not owner or not repo:
+            return "❌ Invalid GitHub URL. Please provide a valid GitHub repository or file URL."
+        
+        # Generate different prompts based on whether it's a file or repository
+        if file_path:
+            enhanced_prompt = f"""
+You are a cybersecurity expert. Analyze the specific GitHub file for security vulnerabilities.
+
+GitHub URL: {message}
+Repository: {owner}/{repo}
+File Path: {file_path}
+
+Please:
+1. First, get repository information to verify it exists
+2. Get the content of the specific file: {file_path}
+3. Analyze the file content line by line for security vulnerabilities
+4. Look for these security issues:
+   - Command injection: os.system, exec, eval calls
+   - Input validation: unvalidated user inputs
+   - Error handling: unhandled exceptions that could leak info
+   - Hardcoded secrets: API keys, passwords, tokens
+   - Unsafe operations: file operations without validation
+
+5. Create a professional security report with:
+   - 🔍 File Overview (path, language, size)
+   - 📊 Vulnerability Summary (counts by severity)
+   - 🚨 Detailed Findings (line numbers, code snippets, impacts, fixes)
+
+Use simple string operations and avoid complex regex patterns. Focus on clear, actionable security findings.
+"""
+        else:
+            enhanced_prompt = f"""
+You are a cybersecurity expert. Analyze the GitHub repository for security vulnerabilities.
+
+Repository: {message}
+
+Please:
+1. First, get repository information to verify it exists
+2. Scan the repository for code files (.py, .js, .ts, .php, .java, .cpp, .c, .cs, .go, .rb, .rs, .swift, .kt, .scala, .sh, .bash, .ps1, .ipynb, .sql, .xml, .yaml, .yml, .json, .config, .ini, .env)
+3. For the first 5-10 most important code files, get their content and analyze for security issues
+4. Look for these security vulnerabilities:
+   - Command injection: os.system, exec, eval calls
+   - Input validation: unvalidated user inputs, missing parameter checks
+   - Error handling: unhandled exceptions, information disclosure
+   - Hardcoded secrets: API keys, passwords, database credentials
+   - Unsafe operations: file operations, deserialization without validation
+
+5. Generate a comprehensive security report with:
+   - 🔍 Repository Overview
+   - 📁 Files Analyzed
+   - 📊 Vulnerability Summary (counts by severity)
+   - 🚨 Detailed Findings (file paths, line numbers, code snippets, impacts, remediation)
+
+Use simple string operations and focus on the most critical security issues. Limit analysis to prevent timeouts.
+"""
+        
+        # Run the AI agent analysis
+        result = agent.run(enhanced_prompt)
+        
+        # Disconnect MCP client
+        mcp_client.disconnect()
+        
+        return str(result)
+        
+    except Exception as e:
+        return f"❌ Error analyzing repository: {str(e)}\n\nPlease ensure:\n• Valid GitHub repository URL\n• Hugging Face token is correct\n• Repository is accessible"
+
+
+# Gradio UI
+with gr.Blocks(theme=gr.themes.Soft(primary_hue="blue")) as demo:
+    gr.Markdown("## 🛡️ AI-Powered GitHub Vulnerability Scanner")
+    gr.Markdown("""
+    **Advanced Security Analysis Tool for GitHub Repositories**
+    
+    This intelligent vulnerability scanner leverages cutting-edge AI agents and Model Context Protocol (MCP) tools to perform comprehensive security analysis of GitHub repositories and individual files. 
+    
+    **Key Features:**
+    -  **Deep Code Analysis**: Scans for common security vulnerabilities including SQL injection, XSS, command injection, and more
+    -  **AI-Powered Detection**: Uses advanced language models to understand code context and identify complex security issues
+    -  **Repository & File Support**: Analyze entire repositories or focus on specific files
+    -  **Detailed Reports**: Get comprehensive security reports with severity levels, line numbers, and remediation suggestions
+    -  **Secure Processing**: Your API keys are used securely and never stored
+    
+    **Project Links:**
+    - 📂 **Source Code**: [GitHub Repository](https://github.com/banno-0720/vulnerability-scanner)
+    - 🔧 **MCP Server**: [Hugging Face Space](https://huggingface.co/spaces/HimanshuGoyal2004/github-mcp-server)
+    
+    ⚠️ **Important Notice**: This tool is designed for legitimate security research and vulnerability assessment purposes only. Do not use this scanner for malicious activities, unauthorized access, or any illegal purposes. Always ensure you have proper authorization before scanning repositories that don't belong to you.
+    """)
+    gr.Markdown("---")
+
+    # API Configuration Section
+    with gr.Row():
+        with gr.Column(scale=1):
+            gr.Markdown("### 🔑 API Configuration")
+            hf_token_box = gr.Textbox(
+                label="🤗 Hugging Face API Key",
+                placeholder="Enter your Hugging Face API key for AI model access",
+                type="password",
+                info="🔗 Get your free key: https://huggingface.co/settings/tokens"
+            )
+
+    gr.Markdown("---")
+    gr.Markdown("### 💬 Security Analysis Chat")
+    gr.Markdown("Paste any GitHub repository or file URL below to start the security analysis.")
+
+    # Chatbot Interface
+    chatbot = gr.ChatInterface(
+        fn=lambda msg, hist, hf_token: analyze_vulnerabilities(msg, hist, hf_token),
+        additional_inputs=[hf_token_box],
+        type="messages",
+        examples=[
+            ["https://github.com/ayushmittal62/vunreability_scanner_testing", ""],
+            ["https://github.com/ayushmittal62/vunreability_scanner_testing/blob/master/database/schema.sql", ""], 
+            ["https://github.com/ayushmittal62/vunreability_scanner_testing/blob/master/python/database.py", ""]
+        ],
+    )
+
+if __name__ == "__main__":
+    demo.launch()

requirements.txt

@@ -0,0 +1,9 @@
+gradio[oauth,mcp]==5.45.0
+fastapi==0.115.2
+uvicorn==0.24.0
+mcp==1.10.1
+smolagents>=0.1.0
+requests>=2.28.0
+python-dotenv>=1.0.0
+pydantic>=2.11,<2.12
+smolagents[mcp]>=0.1.0