In [2]:
pip install google.generativeai


Collecting google.generativeai
  Obtaining dependency information for google.generativeai from https://files.pythonhosted.org/packages/3b/2c/a82d94e8829d64e1dae2e28cfe8da6010888a8e2dcb942901d4197f73546/google_generativeai-0.5.2-py3-none-any.whl.metadata
  Downloading google_generativeai-0.5.2-py3-none-any.whl.metadata (3.9 kB)
Collecting google-ai-generativelanguage==0.6.2 (from google.generativeai)
  Obtaining dependency information for google-ai-generativelanguage==0.6.2 from https://files.pythonhosted.org/packages/ef/a3/06fa48fcadf2c1f3b32f2e4950333a3bfa16a1a22d9183f64cdd0d359773/google_ai_generativelanguage-0.6.2-py3-none-any.whl.metadata
  Downloading google_ai_generativelanguage-0.6.2-py3-none-any.whl.metadata (5.6 kB)
Collecting google-api-core (from google.generativeai)
  Obtaining dependency information for google-api-core from https://files.pythonhosted.org/packages/86/75/59a3ad90d9b4ff5b3e0537611dbe885aeb96124521c9d35aa079f1e0f2c9/google_api_core-2.18.0-py3-none-any.whl.meta

In [1]:
%env GOOGLE_API_KEY=AIzaSyB3WX56Uk7po6i83hcdaG6xjs9trsjdubQ

env: GOOGLE_API_KEY=AIzaSyB3WX56Uk7po6i83hcdaG6xjs9trsjdubQ


In [2]:
import pathlib
import textwrap
import time

import google.generativeai as genai


from IPython import display
from IPython.display import Markdown

def to_markdown(text):
  text = text.replace('•', '  *')
  return Markdown(textwrap.indent(text, '> ', predicate=lambda _: True))

In [3]:
try:
    # Used to securely store your API key
    from google.colab import userdata

    # Or use `os.getenv('API_KEY')` to fetch an environment variable.
    GOOGLE_API_KEY=userdata.get('GOOGLE_API_KEY')
except ImportError:
    import os
    GOOGLE_API_KEY = os.environ['GOOGLE_API_KEY']

genai.configure(api_key=GOOGLE_API_KEY)

In [5]:
import pandas as pd
import sys

csv_path = sys.argv[1]
df = pd.read_csv(csv_path)

In [6]:
print(df.head())  # Display the first few rows of the data frame

    vulnerability
0  CVE-2022-37436
1  CVE-2022-36760
2  CVE-2022-31813
3  CVE-2022-30556
4  CVE-2022-29404


In [15]:
# Function to process each CVE and call Gemini for descriptions
def process_cve(cve_id):
  # The prompt for Gemini
  prompt = f"""## Vulnerability Details for CVE-{cve_id}

What is the description of the vulnerability CVE-{cve_id}?

## Attack Vectors
How can CVE-{cve_id} be exploited?

## Possible Attacks
What are some specific attacks that could leverage CVE-{cve_id}?

## Impact
What are the potential consequences of CVE-{cve_id} being exploited?

## Root Cause
What is the underlying cause of CVE-{cve_id}?

## Patch/Remediation
How can CVE-{cve_id} be fixed or mitigated?

## Severity Score
What is the overall base security score of CVE-{cve_id}?

## Threat Score Impact
How does the severity of CVE-{cve_id} affect the overall threat score (Very High, High, Medium, Low)?

## Possibility of Threat
How likely is it that CVE-{cve_id} will be exploited (Very High, High, Medium, Low)?

## Vulnerability of Asset
How critical is the asset that is vulnerable to CVE-{cve_id} (Very High, High, Medium, Low)?


"""

  # Use Gemini to generate text for each section of the prompt
  response = genai.generate_text(prompt=prompt)
  response_data = response.candidates[0]

  # Process the response and extract relevant information
  # (This part requires parsing the response text based on prompt structure)
  description = response_data['output'].split("\n\n**Description:**\n\n")[1].split("\n\n")[0]   # Extract description from response
  attack_vector = response_data['output'].split("\n\n**Attack Vectors:**\n\n")[1].split("\n\n")[0]
  possible_attack = response_data['output'].split("\n\n**Possible Attacks:**\n\n")[1].split("\n\n")[0]
  impact = response_data['output'].split("\n\n**Impact:**\n\n")[1].split("\n\n")[0]
  root_cause = response_data['output'].split("\n\n**Root Cause:**\n\n")[1].split("\n\n")[0]    
  patch = response_data['output'].split("\n\n**Patch/Remediation:**\n\n")[1].split("\n\n")[0]
  tsi = response_data['output'].split("\n\n**Threat Score Impact:**\n\n")[1].split("\n\n")[0]
  pt = response_data['output'].split("\n\n**Possibility of Threat:**\n\n")[1].split("\n\n")[0]
  va = response_data['output'].split("\n\n**Vulnerability of Asset:**\n\n")[1].split("\n\n")[0]
  sev_score = response_data['output'].split("\n\n**Severity Score:**\n\n")[1].split("\n\n")[0]

  # Process the response line by line
  section = None
  for line in response_data['output'].splitlines():
    if line.startswith("## Description:"):
      section = "description"
    elif line.startswith("## Attack Vectors:"):
      section = "attack_vector"
    elif line.startswith("## Possible Attacks:"):
      section = "possible_attack"
    elif line.startswith("## Impact:"):
      section = "impact"
    elif line.startswith("## Patch/Remediation:"):
      section = "patch"
    elif line.startswith("## Threat Score Impact:"):
      section = "tsi"
    elif line.startswith("## Possibility of Threat:"):
      section = "pt"
    elif line.startswith("## Vulnerability of Asset:"):
      section = "va"
    elif line.startswith("## Severity Score:"):
      section = "sev_score"
   

    elif section:
      if line:  # Skip empty lines within sections
        if section == "description":
          description += line + "\n"
        if section == "attack_vector":
          attack_vector += line + "\n"
        if section == "possible_attack":
          possible_attack += line + "\n"
        if section == "impact":
          impact += line + "\n"
        if section == "patch":
          patch += line + "\n"
        if section == "tsi":
          tsi += line + "\n"
        if section == "pt":
          pt += line + "\n"
        if section == "va":
          va += line + "\n"
        if section == "sev_score":
          sev_score += line + "\n"
        
        
  

# Create a dictionary to store the information for this CVE
  cve_data = {
      "CVE ID": cve_id,
      "Description": description,
      "Attack Vector": attack_vector,
      "Possible Attacks": possible_attack,
      "Impact": impact,
      "Root Cause": root_cause,
      "Patch/Remediation": patch,
      "Threat Score Impact": tsi,
      "Possibility of Threat": pt,
      "Vulnerability of Asset": va,
      "Severity Score": sev_score
      
  }
  return cve_data




In [16]:
# Process each CVE in the DataFrame
cve_details = []

for index,row in df.head(5).iterrows():
  cve_id = row["vulnerability"]
  cve_data = process_cve(cve_id)
  cve_details.append(cve_data)




In [17]:
# Write data to a text file
with open("cve_report.txt", "w") as outfile:
  for cve_data in cve_details:
    # Add CVE ID in a simulated large font (using headers)
    outfile.write(f"#  CVE ID: {cve_data['CVE ID']}\n\n")
    # Add attributes and data with placeholders for different font sizes
    outfile.write(f"Description: {cve_data['Description']}\n\n")
    outfile.write(f"Severity Score: {cve_data['Severity Score']}\n\n\n")
    outfile.write(f"Attack Vectors: {cve_data['Attack Vector']}\n\n")
    outfile.write(f"Possible Attacks: {cve_data['Possible Attacks']}\n\n")
    outfile.write(f"Impact: {cve_data['Impact']}\n\n")
    outfile.write(f"Root Cause: {cve_data['Root Cause']}\n\n")
    outfile.write(f"Patch/Remediation: {cve_data['Patch/Remediation']}\n\n")
    outfile.write(f"Threat Score Impact: {cve_data['Threat Score Impact']}\n\n")
    outfile.write(f"Possibility of Threat: {cve_data['Possibility of Threat']}\n\n")
    outfile.write(f"Vulnerability of Asset: {cve_data['Vulnerability of Asset']}\n\n")