In [None]:
import google.generativeai as genai
import csv
import time

# Function to generate an answer using Google Generative AI
def generate_answer(prompt, api_key):
    if not api_key:
        raise ValueError("API key for Generative AI is not set.")

    # Configure the API
    genai.configure(api_key=api_key)

    # Configuration for the model
    generation_config = {
        "temperature": 0.7,
        "max_output_tokens": 150,
    }

    try:
        # Attempt to generate content
        response = genai.generate_text(prompt=prompt, **generation_config)

        # Extract the generated text from the response candidates
        if response and hasattr(response, 'candidates') and response.candidates:
            # Assuming the candidates contain a dictionary with the key 'output' or 'content'
            generated_text = response.candidates[0].get('output') or response.candidates[0].get('content', '').strip()
            return generated_text if generated_text else "No content generated."
        else:
            return "No content generated."
    except Exception as e:
        print(f"Error during API call: {e}")
        return None

# Main function to process a CSV file of CVE descriptions
def process_cve_file(filename, api_key):
    with open(filename, mode='r') as file:
        csv_reader = csv.DictReader(file)
        for row in csv_reader:
            cve_description = row['Description'].strip()  # Use the 'Description' column

            # Create the prompt
            prompt = f"""Analyze the following CVE description and calculate the CVSS v3.1 Base Score. Determine the
values for each base metric: AV, AC, PR, UI, S, C, I, and A. Summarize each metric’s value and
provide the final CVSS v3.1 vector string.
Valid options for each metric are as follows:
- Attack Vector (AV): Network (N), Adjacent (A), Local (L), Physical (P)
- Attack Complexity (AC): Low (L), High (H)
- Privileges Required (PR): None (N), Low (L), High (H)
- User Interaction (UI): None (N), Required (R)
- Scope (S): Unchanged (U), Changed (C)
- Confidentiality (C): None (N), Low (L), High (H)
- Integrity (I): None (N), Low (L), High (H)
- Availability (A): None (N), Low (L), High (H)
Summarize each metric’s value and provide the final CVSS v3.1 vector string. Ensure the final line
of your response contains only the CVSS v3 Vector String in the following format:
Example format: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
important : the output should contain just the cvss of every description it is very enough without writing every metrics value alone please focus on this part

CVE Description: {cve_description}"""

            # Generate the response
            generated_text = generate_answer(prompt, api_key)

            # Print the result
            print(f"CVE Description: {cve_description}")
            print(f"Generated Output: {generated_text}\n")

            # Wait for 4 seconds before making the next request
            time.sleep(4)

# Example usage
if __name__ == "__main__":
    api_key = "AIzaSyDoyoQOqfej_ZJBud99ilYK9RI-3UIiyDs"  # Replace with your actual API key
    process_cve_file("/content/vsp.csv", api_key)


CVE Description: In the Linux kernel through 6.7.1, there is a use-after-free in cec_queue_msg_fh, related to drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c.
Generated Output: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

CVE Description: IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in a OpenPages environment using Native authentication. If OpenPages is using Native authentication an attacker with access to the OpenPages database could through a series of specially crafted steps could exploit this weakness and gain unauthorized access to other OpenPages accounts. IBM X-Force ID: 262594.
Generated Output: AV: N, AC: L, PR: N, UI: N, S: C, C: H, I: H, A: H
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CVE Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MailMunch Constant Contact Forms by MailMunch allows Stored XSS.This issue affects Constant Contact Forms by Ma

KeyboardInterrupt: 

In [None]:
import csv
import re

def extract_cve_and_cvss(input_text):
    # Regular expression patterns to match CVE descriptions and CVSS values
    cve_pattern = r"CVE Description:\s*(.*?)\n"
    cvss_pattern = r"CVSS:3.1/[A-Z:0-9/]+"

    # Find all matches in the input text
    cve_descriptions = re.findall(cve_pattern, input_text, re.DOTALL)
    cvss_values = re.findall(cvss_pattern, input_text)

    return cve_descriptions, cvss_values

def write_to_csv(cve_descriptions, cvss_values, output_filename):
    with open(output_filename, mode='w', newline='') as file:
        writer = csv.writer(file)
        writer.writerow(["CVE Description", "CVSS Value"])  # Write the header

        # Write each CVE description and corresponding CVSS value to the CSV file
        for cve, cvss in zip(cve_descriptions, cvss_values):
            writer.writerow([cve.strip(), cvss.strip()])

def main():
    input_filename = '/content/vspeval.txt'  # Replace with your actual input file name
    output_filename = 'cve_cvss_output.csv'

    with open(input_filename, 'r') as file:
        input_text = file.read()

    # Extract CVE descriptions and CVSS values
    cve_descriptions, cvss_values = extract_cve_and_cvss(input_text)

    # Write the data to a CSV file
    write_to_csv(cve_descriptions, cvss_values, output_filename)

    print(f"Data has been written to {output_filename}")

if __name__ == "__main__":
    main()


Data has been written to cve_cvss_output.csv


In [None]:
import pandas as pd

def join_csv_files(file1, file2, output_file):
    # Read the CSV files into DataFrames
    df1 = pd.read_csv(file1)
    df2 = pd.read_csv(file2)

    # Merge the DataFrames on the 'Description' column
    merged_df = pd.merge(df1, df2, on='Description', how='inner')

    # Write the merged DataFrame to a new CSV file
    merged_df.to_csv(output_file, index=False)

    print(f"Data has been merged and written to {output_file}")

def main():
    file1 = '/content/cve_cvss_output.csv'  # Replace with your first CSV file
    file2 = '/content/vsp.csv'  # Replace with your second CSV file
    output_file = 'merged_output.csv'  # Name of the output file

    # Call the function to join the CSV files
    join_csv_files(file1, file2, output_file)

if __name__ == "__main__":
    main()


Data has been merged and written to merged_output.csv


In [None]:
import pandas as pd

def compare_columns(file_path, column1, column2):
    # Read the CSV file into a DataFrame
    df = pd.read_csv(file_path)

    # Convert both columns to uppercase to ensure case-insensitive comparison
    df[column1] = df[column1].str.upper()
    df[column2] = df[column2].str.upper()

    # Calculate the number of matches and differences
    matches = (df[column1] == df[column2]).sum()
    differences = (df[column1] != df[column2]).sum()

    # Calculate the total number of rows
    total = len(df)

    # Calculate the taux (percentage) of matches and differences
    match_taux = (matches / total) * 100
    difference_taux = (differences / total) * 100

    return match_taux, difference_taux

def main():
    file_path = '/content/merged_output.csv'  # Replace with your actual CSV file path
    column1 = 'CVSS Value'  # The first column to compare
    column2 = 'GT'          # The second column to compare

    # Get the taux of matches and differences
    match_taux, difference_taux = compare_columns(file_path, column1, column2)

    # Print the results
    print(f"Match Taux: {match_taux:.2f}%")
    print(f"Difference Taux: {difference_taux:.2f}%")

if __name__ == "__main__":
    main()


Match Taux: 15.50%
Difference Taux: 84.50%


In [None]:
!pip install cvss
import pandas as pd
from cvss import CVSS3
import pickle

Collecting cvss
  Downloading cvss-3.1-py2.py3-none-any.whl.metadata (3.5 kB)
Downloading cvss-3.1-py2.py3-none-any.whl (30 kB)
Installing collected packages: cvss
Successfully installed cvss-3.1


In [None]:
model_name = 'Gemini'  # corresponds to the column name in the respone sheet

In [None]:
def get_cvss_score(cvss_vector):
    c = CVSS3(cvss_vector)
    cvss_score = c.scores()[0]
    return cvss_score

In [None]:
def compute_vsp_mad(fname, col):
    cvss_prefix = ''   # Remove the prefix, assuming the model provides the complete vector
    df = pd.read_csv(fname)

    if col not in df.columns:
        print(f"Error: Column '{col}' not found in the DataFrame.")
        return None

    error = 0
    total = 0
    for idx, row in df.iterrows():
        pred = row[col].upper()
        gt = row['GT'].upper()
        try:
            pred_vector = cvss_prefix + pred  # Now just uses the model's output directly
            pred_score = get_cvss_score(pred_vector)
            gt_score = get_cvss_score(gt)
            error += abs(pred_score-gt_score)
        except Exception as e:
            print('Invalid response at row {}'.format(idx+1))
            print(e)
            continue
        total += 1

    return error/total

In [None]:
print('Mean Absolute Deviation:', compute_vsp_mad('/content/merged_output (1).csv', model_name))

Invalid response at row 528
Unknown value "P" in field "A:P"
Mean Absolute Deviation: 2.4389891696750907
