open-deep-research-vulnerability-intelligence

Running

App Files Files Community

open-deep-research-vulnerability-intelligence / scripts /report_generator.py

daqc

Upload 36 files

52b089b verified 28 days ago

raw

history blame

10.6 kB

	import json
	import os
	from datetime import datetime
	from typing import Dict, List, Optional
	from smolagents import Tool
	import plotly.graph_objects as go
	import plotly.express as px
	from jinja2 import Template

	class ReportGeneratorTool(Tool):
	"""Tool for generating interactive HTML vulnerability reports with charts."""

	name = "generate_vulnerability_report"
	description = "Generates an interactive HTML report with charts and vulnerability analysis. The report is generated from CVEDB search results."
	inputs = {
	"vulnerability_data": {
	"type": "string",
	"description": "Vulnerability data in JSON format",
	},
	"report_type": {
	"type": "string",
	"description": "Report type: 'cve' for a specific CVE or 'product' for a product",
	}
	}
	output_type = "string"

	def __init__(self):
	super().__init__()

	# Base HTML template
	self.html_template = """
	<!DOCTYPE html>
	<html>
	<head>
	<title>Vulnerability Report</title>
	<script src="https://cdn.plot.ly/plotly-latest.min.js"></script>
	<style>
	body { font-family: Arial, sans-serif; margin: 20px; }
	.container { max-width: 1200px; margin: 0 auto; }
	.header { text-align: center; margin-bottom: 30px; }
	.section { margin-bottom: 40px; }
	.chart { margin: 20px 0; }
	.summary { background-color: #f5f5f5; padding: 20px; border-radius: 5px; }
	.critical { color: #dc3545; }
	.high { color: #fd7e14; }
	.medium { color: #ffc107; }
	.low { color: #28a745; }
	</style>
	</head>
	<body>
	<div class="container">
	<div class="header">
	<h1>Vulnerability Report</h1>
	<p>Generated on {{ generation_date }}</p>
	</div>

	<div class="section">
	<h2>Summary</h2>
	<div class="summary">
	{{ summary }}
	</div>
	</div>

	<div class="section">
	<h2>Severity Distribution (CVSS)</h2>
	<div id="cvss_chart" class="chart"></div>
	</div>

	<div class="section">
	<h2>Temporal Trend</h2>
	<div id="timeline_chart" class="chart"></div>
	</div>

	<div class="section">
	<h2>Vulnerability Details</h2>
	{{ vulnerabilities_table }}
	</div>
	</div>

	<script>
	{{ plotly_js }}
	</script>
	</body>
	</html>
	"""

	def forward(self, vulnerability_data: str, report_type: str) -> str:
	"""Generates an HTML report with interactive charts from vulnerability data."""
	try:
	data = json.loads(vulnerability_data)

	# Generate charts with Plotly
	cvss_chart = self._generate_cvss_chart(data)
	timeline_chart = self._generate_timeline_chart(data)

	# Generate vulnerability table
	vulnerabilities_table = self._generate_vulnerabilities_table(data)

	# Generate summary
	summary = self._generate_summary(data, report_type)

	# Render template
	template = Template(self.html_template)
	html = template.render(
	generation_date=datetime.now().strftime("%Y-%m-%d %H:%M:%S"),
	summary=summary,
	vulnerabilities_table=vulnerabilities_table,
	plotly_js=f"""
	var cvssData = {cvss_chart};
	var timelineData = {timeline_chart};
	Plotly.newPlot('cvss_chart', cvssData.data, cvssData.layout);
	Plotly.newPlot('timeline_chart', timelineData.data, timelineData.layout);
	"""
	)

	# Save the report to the reports folder
	# NOTE: Only saves to folder when running locally
	# If deployed on a Hugging Face Space, it doesn't save files
	timestamp = datetime.now().strftime("%Y%m%d_%H%M%S")
	filename = f"vulnerability_report_{report_type}_{timestamp}.html"

	# Create the reports folder if it doesn't exist
	reports_dir = "reports"
	if not os.path.exists(reports_dir):
	os.makedirs(reports_dir)

	# Save the file
	filepath = os.path.join(reports_dir, filename)
	with open(filepath, 'w', encoding='utf-8') as f:
	f.write(html)

	return f"Report generated and saved as: {filepath}\n\n{html}"

	except Exception as e:
	return f"Error generating report: {str(e)}"

	def _generate_cvss_chart(self, data: Dict) -> Dict:
	"""Generates a CVSS score distribution chart."""
	if isinstance(data, list):
	cvss_scores = [v.get('cvss', 0) for v in data if 'cvss' in v]
	else:
	cvss_scores = [data.get('cvss', 0)] if 'cvss' in data else []

	fig = go.Figure()
	fig.add_trace(go.Histogram(
	x=cvss_scores,
	nbinsx=10,
	name='CVSS Scores'
	))

	fig.update_layout(
	title='CVSS Score Distribution',
	xaxis_title='CVSS Score',
	yaxis_title='Number of Vulnerabilities',
	showlegend=False
	)

	return fig.to_json()

	def _generate_timeline_chart(self, data: Dict) -> Dict:
	"""Generates a vulnerability timeline chart."""
	if isinstance(data, list):
	dates = [v.get('published_time', '') for v in data if 'published_time' in v]
	else:
	dates = [data.get('published_time', '')] if 'published_time' in data else []

	# Convert dates to datetime format and count by month
	from collections import Counter
	from datetime import datetime

	date_counts = Counter()
	for date_str in dates:
	try:
	date = datetime.strptime(date_str, "%Y-%m-%dT%H:%M:%S")
	month_key = date.strftime("%Y-%m")
	date_counts[month_key] += 1
	except:
	continue

	months = sorted(date_counts.keys())
	counts = [date_counts[m] for m in months]

	fig = go.Figure()
	fig.add_trace(go.Scatter(
	x=months,
	y=counts,
	mode='lines+markers',
	name='Vulnerabilities'
	))

	fig.update_layout(
	title='Vulnerability Timeline Trend',
	xaxis_title='Month',
	yaxis_title='Number of Vulnerabilities',
	showlegend=False
	)

	return fig.to_json()

	def _generate_vulnerabilities_table(self, data: Dict) -> str:
	"""Generates an HTML table with vulnerability details."""
	if isinstance(data, list):
	vulnerabilities = data
	else:
	vulnerabilities = [data]

	if not vulnerabilities:
	return "<p>No vulnerability data available.</p>"

	table_html = """
	<table border="1" style="width: 100%; border-collapse: collapse;">
	<thead>
	<tr style="background-color: #f2f2f2;">
	<th style="padding: 8px; text-align: left;">CVE ID</th>
	<th style="padding: 8px; text-align: left;">CVSS Score</th>
	<th style="padding: 8px; text-align: left;">EPSS Score</th>
	<th style="padding: 8px; text-align: left;">Known Exploitable</th>
	<th style="padding: 8px; text-align: left;">Publication Date</th>
	<th style="padding: 8px; text-align: left;">Summary</th>
	</tr>
	</thead>
	<tbody>
	"""

	for vuln in vulnerabilities:
	cvss = vuln.get('cvss', 'Not available')
	epss = vuln.get('epss', 'Not available')
	kev = vuln.get('kev', False)

	# Determine risk class based on CVSS score
	risk_class = ""
	if cvss != 'Not available' and isinstance(cvss, (int, float)):
	if cvss >= 7.0:
	risk_class = "critical"
	elif cvss >= 4.0:
	risk_class = "high"
	else:
	risk_class = "low"

	table_html += f"""
	<tr class="{risk_class}">
	<td style="padding: 8px;">{vuln.get('id', 'Not available')}</td>
	<td style="padding: 8px;">{cvss}</td>
	<td style="padding: 8px;">{epss}</td>
	<td style="padding: 8px;">{'Yes' if kev else 'No'}</td>
	<td style="padding: 8px;">{vuln.get('published_time', 'Not available')}</td>
	<td style="padding: 8px;">{vuln.get('summary', 'Not available')[:100]}...</td>
	</tr>
	"""

	table_html += """
	</tbody>
	</table>
	"""

	return table_html

	def _generate_summary(self, data: Dict, report_type: str) -> str:
	"""Generates a summary of the vulnerability data."""
	if isinstance(data, list):
	total_vulns = len(data)
	exploited = sum(1 for v in data if v.get('kev', False))
	avg_cvss = sum(v.get('cvss', 0) for v in data if 'cvss' in v) / max(1, sum(1 for v in data if 'cvss' in v))
	else:
	total_vulns = 1
	exploited = 1 if data.get('kev', False) else 0
	avg_cvss = data.get('cvss', 0)

	summary_html = f"""
	<p>Found <strong>{total_vulns}</strong> vulnerabilities.</p>
	<p>Exploited vulnerabilities: <strong>{exploited}</strong></p>
	<p>Average CVSS Score: <strong>{avg_cvss:.2f}</strong></p>
	<p>Publication date: <strong>{data.get('published_time', 'N/A')}</strong></p>
	"""

	return summary_html