In [None]:
import requests
import google.generativeai as genai
from google.colab import drive
import pandas as pd
import os
import time
import random

# Mount Google Drive
drive.mount('/content/drive')

# Function to generate an answer using the Gemini API
def generate_cvss_vector(cve_id, description, gemini_key, max_attempts=5):
    prompt = f"""Given the following CVE description, provide values for each base metric: AV, AC, PR, UI, S, C, I, and A. Summarize each metric’s value and provide the final CVSS v3.1 vector string.
    Valid options for each metric are as follows:
    - Attack Vector (AV): Network (N), Adjacent (A), Local (L), Physical (P)
    - Attack Complexity (AC): Low (L), High (H)
    - Privileges Required (PR): None (N), Low (L), High (H)
    - User Interaction (UI): None (N), Required (R)
    - Scope (S): Unchanged (U), Changed (C)
    - Confidentiality (C): None (N), Low (L), High (H)
    - Integrity (I): None (N), Low (L), High (H)
    - Availability (A): None (N), Low (L), High (H)
    Summarize each metric’s value and provide the final CVSS v3.1 vector string. Ensure the final line of your response contains only the CVSS v3 Vector String in the following format:
    Example format: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    CVEDescription: {description}"""

    if not gemini_key:
        raise ValueError("API key for Gemini is not set.")

    # Configure the Gemini API
    genai.configure(api_key=gemini_key)

    # Configuration of the model
    generation_config = {
        "temperature": 0.7,
        "top_p": 1,
        "top_k": 5,
        "max_output_tokens": 512,
    }

    for attempt in range(max_attempts):
        try:
            # Call the generative model with the configured settings
            response = genai.GenerativeModel(
                model_name="gemini-1.0-pro",
                generation_config=generation_config
            ).generate_content(prompt)

            # Debugging: Print the entire response
            print(f"Response for {cve_id} on attempt {attempt + 1}: {response}")

            # Check if there are candidates in the response
            if response.candidates:
                generated_text = response.candidates[0].content.parts[0].text
                # Extract the last line for the CVSS vector
                cvss_vector = generated_text.strip().split('\n')[-1]
                return cvss_vector
            else:
                print(f"No valid candidates in response for {cve_id} on attempt {attempt + 1}.")
        except requests.exceptions.Timeout:
            print(f"Timeout occurred during API call for {cve_id} on attempt {attempt + 1}")
        except Exception as e:
            print(f"Exception during API call for {cve_id} on attempt {attempt + 1}: {e}")

        # Exponential backoff with jitter
        time.sleep((2 ** attempt) + random.uniform(0, 1))

    return None

# Main function to process input and generate the CVSS vectors
def main(input_filepath, api_keys):
    # Read the input data
    df = pd.read_excel(input_filepath)
    cvss_vectors = []

    # Iterate over each CVE entry and generate the CVSS vector
    for index, row in df.iterrows():
        cve_id = row['CVE ID']
        description = row['Description']
        cvss_vector = None

        for key_index, gemini_key in enumerate(api_keys):
            try:
                cvss_vector = generate_cvss_vector(cve_id, description, gemini_key)
                if cvss_vector:
                    print(f"Generated CVSS Vector for {cve_id} using API key {key_index + 1}: {cvss_vector}")
                    break
            except Exception as e:
                print(f"Error during API call for {cve_id} with API key {key_index + 1}: {e}")

        if cvss_vector:
            cvss_vectors.append(cvss_vector)
        else:
            print(f"Skipping CVE {cve_id} due to errors with all API keys.")
            cvss_vectors.append(None)

    # Add the CVSS vectors to the dataframe
    df['CVSS v3.1 Vector'] = cvss_vectors

    # Save the data with CVSS vectors to a new Excel file in Drive
    output_filepath = '/content/drive/MyDrive/vsp.xlsx'
    df.to_excel(output_filepath, index=False)
    print(f"Data with CVSS v3.1 vectors saved to {output_filepath}")

if __name__ == "__main__":
    # Input file containing the CVE data
    input_filepath = '/content/drive/MyDrive/CVE_data.xlsx'

    # List of API keys to use
    api_keys = [
        "AIzaSyA6C0BzRxHy75Z3nW2eULOMfdlOo4BNqaM",
        "AIzaSyDYcgZQKq-xL97xcLg2lCrJQvO5wZau4Xg",
        "AIzaSyDhBBf2ompDiRdr2caqBVtB5ClFWqT8zTM",
        "AIzaSyCVmy6EOK0c8UY1hTEPHwclgR1_a7CQLY4"
    ]

    main(input_filepath, api_keys)


[1;30;43mLe flux de sortie a été tronqué et ne contient que les 5000 dernières lignes.[0m
            {
              "category": "HARM_CATEGORY_HATE_SPEECH",
              "probability": "NEGLIGIBLE"
            },
            {
              "category": "HARM_CATEGORY_HARASSMENT",
              "probability": "NEGLIGIBLE"
            },
            {
              "category": "HARM_CATEGORY_DANGEROUS_CONTENT",
              "probability": "MEDIUM"
            }
          ]
        }
      ],
      "usage_metadata": {
        "prompt_token_count": 336,
        "total_token_count": 336
      }
    }),
)
Exception during API call for CVE-2024-38053 on attempt 4: list index (0) out of range
Response for CVE-2024-38053 on attempt 5: response:
GenerateContentResponse(
    done=True,
    iterator=None,
    result=protos.GenerateContentResponse({
      "candidates": [
        {
          "content": {
            "parts": [
              {
                "text": "**AV:** L (Attack Vector i

KeyboardInterrupt: 

In [None]:
import requests
from bs4 import BeautifulSoup
import csv
import time

def extract_description_and_vector(url):
    try:
        response = requests.get(url, timeout=10)
        response.raise_for_status()
        soup = BeautifulSoup(response.content, "html.parser")

        # Extract description
        description_tag = soup.find("p", {"data-testid": "vuln-description"})
        description = description_tag.text.strip() if description_tag else "No description found"

        # Extract vector from the tooltipCvss3CnaMetrics class
        vector_tag = soup.find("span", {"class": "tooltipCvss3CnaMetrics"})
        vector = vector_tag.text.strip() if vector_tag else "No vector found"

        return description, vector
    except Exception as e:
        print(f"Error fetching data from {url}: {e}")
        return "No description found", "No vector found"

def save_descriptions_and_vectors_to_csv(start, end):
    with open('cve_descriptions_and_vectors.csv', mode='w', newline='', encoding='utf-8') as file:
        writer = csv.writer(file)
        writer.writerow(['URL', 'Description', 'Vector'])  # Header

    for i in range(start, end + 1):
        cve_id = f"{i:04d}"  # Format CVE ID with leading zeros
        url = f"https://nvd.nist.gov/vuln/detail/CVE-2024-{cve_id}"
        print(f"Processing {url}...")

        description, vector = extract_description_and_vector(url)
        print(f"Description: {description[:100]}... | Vector: {vector}")

        with open('cve_descriptions_and_vectors.csv', mode='a', newline='', encoding='utf-8') as file:
            writer = csv.writer(file)
            writer.writerow([url, description, vector])

        time.sleep(3)  # Slight delay to avoid rate limiting

# Example usage
save_descriptions_and_vectors_to_csv(20300, 25001)  # Adjust the range as needed


[1;30;43mStreaming output truncated to the last 5000 lines.[0m
Description: No description found... | Vector: No vector found
Processing https://nvd.nist.gov/vuln/detail/CVE-2024-21187...
Description: No description found... | Vector: No vector found
Processing https://nvd.nist.gov/vuln/detail/CVE-2024-21188...
Description: Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Fina... | Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Processing https://nvd.nist.gov/vuln/detail/CVE-2024-21189...
Description: No description found... | Vector: No vector found
Processing https://nvd.nist.gov/vuln/detail/CVE-2024-21190...
Description: No description found... | Vector: No vector found
Processing https://nvd.nist.gov/vuln/detail/CVE-2024-21191...
Description: No description found... | Vector: No vector found
Processing https://nvd.nist.gov/vuln/detail/CVE-2024-21192...
Description: No description found... | Vector: No vector found
Processing ht

In [None]:
from google.colab import files

# Spécifiez le chemin du fichier que vous souhaitez télécharger
file_path = '/content/cve_descriptions_and_vectors.csv'  # Remplacez 'your_file.csv' par le nom de votre fichier

# Téléchargez le fichier
files.download(file_path)
