First_Agent_Security_Header_Check

Sleeping

App Files Files Community

First_Agent_Security_Header_Check / app.py

emanuelepicariello

update

4d3737f 4 months ago

raw

history blame contribute delete

3.98 kB

	import os
	from smolagents import CodeAgent,DuckDuckGoSearchTool, HfApiModel,load_tool,tool
	import datetime
	import requests
	import pytz
	import yaml
	from tools.final_answer import FinalAnswerTool
	from smolagents.models import OpenAIServerModel

	from Gradio_UI import GradioUI

	# Below is an example of a tool that does nothing. Amaze us with your creativity !
	@tool
	def my_cutom_tool(arg1:str, arg2:int)-> str: #it's import to specify the return type
	#Keep this format for the description / args / args description but feel free to modify the tool
	"""A tool that does nothing yet
	Args:
	arg1: the first argument
	arg2: the second argument
	"""
	return "What magic will you build ?"

	@tool
	def get_current_time_in_timezone(timezone: str) -> str:
	"""A tool that fetches the current local time in a specified timezone.
	Args:
	timezone: A string representing a valid timezone (e.g., 'America/New_York').
	"""
	try:
	# Create timezone object
	tz = pytz.timezone(timezone)
	# Get current time in that timezone
	local_time = datetime.datetime.now(tz).strftime("%Y-%m-%d %H:%M:%S")
	return f"The current local time in {timezone} is: {local_time}"
	except Exception as e:
	return f"Error fetching time for timezone '{timezone}': {str(e)}"

	@tool
	def analyze_domain_security(domain: str) -> str:
	"""
	A tool that analyzes the cybersecurity posture of a given domain, specifically some headers.

	It performs a GET request to the domain and inspects the HTTP response for:
	- Status Code
	- Common security headers (Content-Security-Policy, Strict-Transport-Security,
	X-Frame-Options, X-XSS-Protection, X-Content-Type-Options)

	Args:
	domain: The URL of the domain to analyze (e.g., "https://emanuelepicariello.com").
	"""
	try:
	response = requests.get(domain, timeout=10)
	analysis = f"Cybersecurity Analysis for {domain}:\n"
	analysis += f"Status Code: {response.status_code}\n"
	headers = response.headers

	# Define the security headers to check
	security_headers = {
	"Content-Security-Policy": "Missing",
	"Strict-Transport-Security": "Missing",
	"X-Frame-Options": "Missing",
	"X-XSS-Protection": "Missing",
	"X-Content-Type-Options": "Missing"
	}

	# Check if each header is present in the response
	for header in security_headers:
	if header in headers:
	security_headers[header] = headers[header]

	analysis += "Security Headers:\n"
	for header, value in security_headers.items():
	analysis += f" {header}: {value}\n"

	return analysis
	except Exception as e:
	return f"Error analyzing domain {domain}: {str(e)}"


	final_answer = FinalAnswerTool()
	"""model = HfApiModel(
	max_tokens=2096,
	temperature=0.5,
	model_id='Qwen/Qwen2.5-Coder-32B-Instruct', #Qwen/Qwen2.5-Coder-32B-Instruct', #https://wxknx1kg971u7k1n.us-east-1.aws.endpoints.huggingface.cloud',# it is possible that this model may be overloaded
	custom_role_conversions=None,
	)"""
	mistral_api_key = os.environ.get("API_KEY", "NZmDhwQK9aiz8qj95ZHdWnKTEKd2vUk7")
	model = OpenAIServerModel(model_id='mistral-small-latest', api_base='https://api.mistral.ai/v1', api_key=mistral_api_key)


	# Import tool from Hub
	image_generation_tool = load_tool("agents-course/text-to-image", trust_remote_code=True)

	with open("prompts.yaml", 'r') as stream:
	prompt_templates = yaml.safe_load(stream)

	agent = CodeAgent(
	model=model,
	tools=[final_answer, image_generation_tool, get_current_time_in_timezone, analyze_domain_security], ## add your tools here (don't remove final answer)
	max_steps=6,
	verbosity_level=1,
	grammar=None,
	planning_interval=None,
	name=None,
	description=None,
	prompt_templates=prompt_templates
	)


	GradioUI(agent).launch()