In [None]:
 import google.generativeai as genai
import csv
import time

# Function to generate an answer using Google Generative AI
def generate_answer(prompt, api_key):
    if not api_key:
        raise ValueError("API key for Generative AI is not set.")

    # Configure the API
    genai.configure(api_key=api_key)

    # Configuration for the model
    generation_config = {
        "temperature": 0.7,
        "max_output_tokens": 150,
    }

    # Call the generative model with the configured settings
    try:
        model = genai.GenerativeModel(model_name="gemini-1.0-pro", generation_config=generation_config)
        response = model.generate_content(prompt)

        # Check if the response has candidates and content
        if response.candidates and len(response.candidates[0].content.parts) > 0:
            generated_text = response.candidates[0].content.parts[0].text.strip()
        else:
            generated_text = "No content generated."
        return generated_text
    except Exception as e:
        print(f"Error during API call: {e}")
        return None

# Main function to process a CSV file of CVE descriptions
def process_cve_file(filename, api_key):
    with open(filename, mode='r') as file:
        csv_reader = csv.DictReader(file)
        for row in csv_reader:
            cve_description = row['Description'].strip()  # Use the 'Description' column

            # Create the prompt
            prompt = f"""You are a cybersecurity expert specializing in cyber threat intelligence.
            Analyze the following CVE description and map it to the appropriate CWE.
            Ensure the last line of your response contains only the CWE ID.
            dont write any justification please
            CVE Description: {cve_description}"""

            # Generate the response
            generated_text = generate_answer(prompt, api_key)

            # Print the result
            print(f"CVE Description: {cve_description}")
            print(f"Generated Output: {generated_text}\n")

            # Wait for 4 seconds before making the next request
            time.sleep(4)

# Example usage
if __name__ == "__main__":
    api_key = "AIzaSyDoyoQOqfej_ZJBud99ilYK9RI-3UIiyDs"  # Replace with your actual API key
    process_cve_file("/content/rcm.csv", api_key)


CVE Description: In the Linux kernel through 6.7.1, there is a use-after-free in cec_queue_msg_fh, related to drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c.
Generated Output: No content generated.

CVE Description: IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in a OpenPages environment using Native authentication. If OpenPages is using Native authentication an attacker with access to the OpenPages database could through a series of specially crafted steps could exploit this weakness and gain unauthorized access to other OpenPages accounts. IBM X-Force ID: 262594.
Generated Output: No content generated.

CVE Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MailMunch Constant Contact Forms by MailMunch allows Stored XSS.This issue affects Constant Contact Forms by MailMunch: from n/a through 2.0.11.
Generated Output: CWE-79

## [CWE-79: Improper Neutralization o

KeyboardInterrupt: 

In [None]:
import google.generativeai as genai
import csv
import time

# Function to generate an answer using Google Generative AI
def generate_answer(prompt, api_keys):
    if not api_keys or len(api_keys) == 0:
        raise ValueError("No API keys provided.")

    # Iterate over the list of API keys
    for api_key in api_keys:
        try:
            # Configure the API
            genai.configure(api_key=api_key)

            # Configuration for the model
            generation_config = {
                "temperature": 0.7,
                "max_output_tokens": 150,
            }

            # Call the generative model with the configured settings
            model = genai.GenerativeModel(model_name="gemini-1.0-pro", generation_config=generation_config)
            response = model.generate_content(prompt)

            # Check if the response has candidates and content
            if response.candidates and len(response.candidates[0].content.parts) > 0:
                generated_text = response.candidates[0].content.parts[0].text.strip()
                return generated_text
            else:
                print(f"API key {api_key} returned no content, trying next key...")
        except Exception as e:
            print(f"Error with API key {api_key}: {e}, trying next key...")

    return "Failed to generate content with all provided API keys."

# Main function to process a CSV file of CVE descriptions
def process_cve_file(filename, api_keys):
    with open(filename, mode='r') as file:
        csv_reader = csv.DictReader(file)
        for row in csv_reader:
            cve_description = row['Description'].strip()  # Use the 'Description' column

            # Create the prompt
            prompt = f"""You are a cybersecurity expert specializing in cyber threat intelligence.
            Analyze the following CVE description and map it to the appropriate CWE.
            Provide a brief justification for your choice.
            Ensure the last line of your response contains only the CWE ID.
            CVE Description: {cve_description}"""

            # Generate the response
            generated_text = generate_answer(prompt, api_keys)

            # Print the result
            print(f"CVE Description: {cve_description}")
            print(f"Generated Output: {generated_text}\n")

            # Wait for 4 seconds before making the next request
            time.sleep(5)

# Example usage
if __name__ == "__main__":
    api_keys = [
        "AIzaSyBNON4fefRk1xRrFlT444JainfmGLdpp-k",  # Replace with your actual API keys
        "AIzaSyD0YFrE5vvTOj-KETcVKU-jFxA8Eev89Y4",
        "AIzaSyDoyoQOqfej_ZJBud99ilYK9RI-3UIiyDs"
    ]
    process_cve_file("/content/rcm.csv", api_keys)


API key AIzaSyBNON4fefRk1xRrFlT444JainfmGLdpp-k returned no content, trying next key...
API key AIzaSyD0YFrE5vvTOj-KETcVKU-jFxA8Eev89Y4 returned no content, trying next key...
API key AIzaSyDoyoQOqfej_ZJBud99ilYK9RI-3UIiyDs returned no content, trying next key...
CVE Description: In the Linux kernel through 6.7.1, there is a use-after-free in cec_queue_msg_fh, related to drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c.
Generated Output: Failed to generate content with all provided API keys.

CVE Description: IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in a OpenPages environment using Native authentication. If OpenPages is using Native authentication an attacker with access to the OpenPages database could through a series of specially crafted steps could exploit this weakness and gain unauthorized access to other OpenPages accounts. IBM X-Force ID: 262594.
Generated Output: This CVE description suggests that an attacker could 

KeyboardInterrupt: 

In [None]:
# Function to clean the text file by removing "No content generated" and "Justification" entries
def clean_text_file(input_file, output_file):
    with open(input_file, 'r') as file:
        lines = file.readlines()

    cleaned_lines = []
    skip_next = False

    for i in range(len(lines)):
        line = lines[i].strip()

        if skip_next:
            skip_next = False
            continue

        if "No content generated." in line or "Justification" in line:
            # Remove the corresponding CVE description (previous line) and skip the next line
            cleaned_lines.pop()  # Remove the corresponding CVE description
            skip_next = True
        else:
            cleaned_lines.append(line)

    # Write the cleaned data to a new file
    with open(output_file, 'w') as file:
        for line in cleaned_lines:
            file.write(line + '\n')

# Example usage
input_file = '/content/rcmeval.txt'  # Replace with your input text file
output_file = 'cleaned_file.txt'    # Replace with your desired output text file
clean_text_file(input_file, output_file)

print(f"Cleaned file '{output_file}' created successfully.")


Cleaned file 'cleaned_file.txt' created successfully.


In [None]:
import csv
import re

# Function to process the text file and create a CSV
def process_to_csv(input_file, output_file):
    with open(input_file, 'r') as file:
        lines = file.readlines()

    # Initialize lists to hold CVE Descriptions and CWE IDs
    cve_descriptions = []
    cwe_ids = []

    i = 0
    while i < len(lines):
        cve_line = lines[i].strip()

        # Check if there's another line to avoid IndexError
        if i + 1 < len(lines):
            output_line = lines[i + 1].strip()

            # Extract CVE Description
            if cve_line.startswith("CVE Description:"):
                cve_description = cve_line.replace("CVE Description: ", "")
                cve_descriptions.append(cve_description)

                # Extract CWE ID
                cwe_match = re.search(r"CWE-\d+", output_line)
                if cwe_match:
                    cwe_ids.append(cwe_match.group(0))
                else:
                    cwe_ids.append("")

        i += 2  # Move to the next pair of lines

    # Write to CSV
    with open(output_file, 'w', newline='') as csvfile:
        csvwriter = csv.writer(csvfile)
        csvwriter.writerow(['CVE Description', 'CWE ID'])  # Write header
        for cve_description, cwe_id in zip(cve_descriptions, cwe_ids):
            csvwriter.writerow([cve_description, cwe_id])

# Example usage
input_file = '/content/cleaned_file.txt'  # Replace with your input text file
output_file = 'output_file.csv'     # Replace with your desired output CSV file
process_to_csv(input_file, output_file)

print(f"CSV file '{output_file}' created successfully.")


CSV file 'output_file.csv' created successfully.


In [None]:
!pip install cvss

import pandas as pd
from cvss import CVSS3
import pickle

Collecting cvss
  Downloading cvss-3.1-py2.py3-none-any.whl.metadata (3.5 kB)
Downloading cvss-3.1-py2.py3-none-any.whl (30 kB)
Installing collected packages: cvss
Successfully installed cvss-3.1


In [None]:
import pandas as pd

def join_csv_files(file1, file2, output_file):
    # Read the CSV files into DataFrames
    df1 = pd.read_csv(file1)
    df2 = pd.read_csv(file2)

    # Merge the DataFrames on the 'Description' column
    merged_df = pd.merge(df1, df2, on='Description', how='inner')

    # Write the merged DataFrame to a new CSV file
    merged_df.to_csv(output_file, index=False)

    print(f"Data has been merged and written to {output_file}")

def main():
    file1 = '/content/output_file (1).csv'  # Replace with your first CSV file
    file2 = '/content/rcm.csv'  # Replace with your second CSV file
    output_file = 'merged_output.csv'  # Name of the output file

    # Call the function to join the CSV files
    join_csv_files(file1, file2, output_file)

if __name__ == "__main__":
    main()


Data has been merged and written to merged_output.csv


In [None]:
import pandas as pd

def compare_columns(file_path, column1, column2):
    # Read the CSV file into a DataFrame
    df = pd.read_csv(file_path)

    # Convert both columns to uppercase to ensure case-insensitive comparison
    df[column1] = df[column1].str.upper()
    df[column2] = df[column2].str.upper()

    # Calculate the number of matches and differences
    matches = (df[column1] == df[column2]).sum()
    differences = (df[column1] != df[column2]).sum()

    # Calculate the total number of rows
    total = len(df)

    # Calculate the taux (percentage) of matches and differences
    match_taux = (matches / total) * 100
    difference_taux = (differences / total) * 100

    return match_taux, difference_taux

def main():
    file_path = '/content/merged_output.csv'  # Replace with your actual CSV file path
    column1 = 'CWE ID'  # The first column to compare
    column2 = 'GT'          # The second column to compare

    # Get the taux of matches and differences
    match_taux, difference_taux = compare_columns(file_path, column1, column2)

    # Print the results
    print(f"Match Taux: {match_taux:.2f}%")
    print(f"Difference Taux: {difference_taux:.2f}%")

if __name__ == "__main__":
    main()


Match Taux: 78.70%
Difference Taux: 21.30%


In [None]:
model_name = 'Gemini'  # corresponds to the column name in the respone sheet

def compute_rcm_accuracy(fname, col):
    df = pd.read_csv(fname)
    # Print the available columns to verify if 'Gemini' exists
    print(df.columns)  # Add this line to check column names

    correct = 0
    total = 0
    for idx, row in df.iterrows():
        pred = row[col].upper()
        gt = row['GT'].upper()
        if pred.startswith('CWE-'):
            total += 1
        else:
            print('Invalid response at row {}'.format(idx+1))
        if pred == gt:
            correct += 1
    return correct/total*100

In [None]:
print('Accuracy:', compute_rcm_accuracy('/content/merged_output (2).csv', model_name))

Index(['GT', 'Gemini'], dtype='object')
Accuracy: 78.69565217391305


In [None]:
print('Accuracy:', compute_rcm_accuracy('/content/merged_output (2).csv', model_name))

Index(['GT', 'Gemini'], dtype='object')
Accuracy: 78.69565217391305
