Add Cybersecurity PoC Agent Python Script #689
Conversation
|
Warning Rate limit exceeded@Dhivya-Bharathy has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 11 minutes and 38 seconds before requesting another review. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. 📒 Files selected for processing (2)
WalkthroughTwo new Python scripts have been added. The first implements a chatbot assistant for Chilean government services, using Firecrawl API and translation utilities to answer user queries in English by searching Spanish government pages. The second script provides a lightweight agent for automating the search, filtering, and static validation of cybersecurity PoC exploits for CVEs. Changes
Sequence Diagram(s)Chile Government Services AssistantsequenceDiagram
participant User
participant Assistant (Tomás)
participant Translator
participant Firecrawl API
User->>Assistant (Tomás): Enter query (in English)
Assistant (Tomás)->>Translator: Translate query to Spanish
Translator-->>Assistant (Tomás): Spanish query
Assistant (Tomás)->>Firecrawl API: Search ChileAtiende pages (in Spanish)
Firecrawl API-->>Assistant (Tomás): Search results (Spanish)
Assistant (Tomás)->>Translator: Translate results to English
Translator-->>Assistant (Tomás): Results in English
Assistant (Tomás)-->>User: Display formatted answer
Pocky Cybersecurity PoC AgentsequenceDiagram
participant User
participant Pocky Agent
participant AttackIntentAgent
participant ValidationAgent
User->>Pocky Agent: Provide CVE ID
Pocky Agent->>AttackIntentAgent: Extract attack intent from CVE description
AttackIntentAgent-->>Pocky Agent: Attack intent
Pocky Agent->>ValidationAgent: Validate PoC sample against attack intent
ValidationAgent-->>Pocky Agent: Validation result
Pocky Agent-->>User: Print results
Suggested labels
Poem
✨ Finishing Touches
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
SupportNeed help? Create a ticket on our support page for assistance with any issues or questions. Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
CodeRabbit Configuration File (
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Summary of Changes
Hello @Dhivya-Bharathy, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!
This pull request primarily introduces the 'Pocky CVE PoC Query Tool,' a new Python script aimed at streamlining the process of finding, analyzing, and validating Proof-of-Concept exploits for cybersecurity vulnerabilities. It's designed to automate parts of the cybersecurity research workflow. Additionally, the PR includes an unrelated Python script that functions as an AI chatbot providing information on Chilean government services.
Highlights
- New Tool: Pocky CVE PoC Agent: A new Python script (
pocky_cybersecurity_poc_agent.py) has been added. This script introduces the 'Pocky CVE PoC Query Tool,' designed to automate the search, filtering, and validation of Common Vulnerabilities and Exposures (CVE) Proof-of-Concept (PoC) exploits. It includes a framework for defining attack intent and validating PoC samples against that intent, with placeholder logic for demonstration. - Unexpected Addition: Chile Government Services Assistant: A separate, seemingly unrelated Python script (
chile_government_services_assistant_.py) has also been added. This script implements an AI chatbot named 'Tomás' that answers questions about Chilean government services and procedures. It leverages the Firecrawl API for information retrieval fromchileatiende.gob.clanddeep_translatorfor English-Spanish translation, operating as a conversational agent.
Using Gemini Code Assist
The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.
Invoking Gemini
You can request assistance from Gemini at any point in your pull request via creating an issue comment (i.e. comment on the pull request page) using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands.
| Feature | Command | Description |
|---|---|---|
| Code Review | /gemini review |
Performs a code review for the current pull request in its current state. |
| Pull Request Summary | /gemini summary |
Provides a summary of the current pull request in its current state. |
| Comment | @gemini-code-assist | Responds in comments when explicitly tagged, both in issue comments and review comments. |
| Help | /gemini help |
Displays a list of available commands. |
Customization
To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.
Limitations & Feedback
Gemini Code Assist is currently in preview and may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments to provide feedback.
You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.
Footnotes
-
Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #689 +/- ##
==========================================
- Coverage 14.50% 14.23% -0.27%
==========================================
Files 25 25
Lines 2517 2571 +54
Branches 357 367 +10
==========================================
+ Hits 365 366 +1
- Misses 2136 2189 +53
Partials 16 16
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
There was a problem hiding this comment.
Code Review
The pull request adds two new Python scripts: one for a Chile Government Services Assistant and another for a Pocky Cybersecurity PoC Agent. The main feedback is to improve the clarity of the API key setup by using more descriptive variable names.
| os.environ['FIRECRAWL_API_KEY'] = "your api key here" | ||
| os.environ['OPENAI_API_KEY'] = "your api key here" |
There was a problem hiding this comment.
Consider using more descriptive variable names than just assigning the string "your api key here" to the environment variables. This will help avoid confusion and make the code more readable.
| os.environ['FIRECRAWL_API_KEY'] = "your api key here" | |
| os.environ['OPENAI_API_KEY'] = "your api key here" | |
| os.environ['FIRECRAWL_API_KEY'] = 'YOUR_ACTUAL_FIRECRAWL_API_KEY' | |
| os.environ['OPENAI_API_KEY'] = 'YOUR_ACTUAL_OPENAI_API_KEY' |
| os.environ["EXA_API_KEY"] = "your api key" | ||
| os.environ["OPENAI_API_KEY"] = "your api key" | ||
| os.environ["OPENAI_BASE_URL"] = "https://api.openai.com/v1" # Optional, for custom OpenAI endpoints |
There was a problem hiding this comment.
Consider using more descriptive variable names than just assigning the string "your api key" to the environment variables. This will help avoid confusion and make the code more readable.
os.environ["EXA_API_KEY"] = "YOUR_ACTUAL_EXA_API_KEY"
os.environ["OPENAI_API_KEY"] = "YOUR_ACTUAL_OPENAI_API_KEY"
os.environ["OPENAI_BASE_URL"] = "https://api.openai.com/v1"![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 11
🧹 Nitpick comments (4)
examples/python/tools/exa-tool/chile_government_services_assistant_.py (4)
33-38: Improve error handling in translation function.The current error handling prints to console but doesn't provide meaningful feedback to the caller about translation failures.
def translate_to_spanish(text): try: return GoogleTranslator(source='auto', target='es').translate(text) except Exception as e: - print("Translation to Spanish failed:", e) + print(f"Translation to Spanish failed: {e}") return textConsider logging errors instead of printing and potentially raising specific exceptions for different failure modes.
77-89: Simplify control flow by removing unnecessary else clause.The else clause after return is redundant and can be removed to improve readability.
if filtered_results: for num, result in enumerate(filtered_results, start=1): response_md += self.template.format( result_number=num, page_title=str(result.get("title", "")), page_url=str(result.get("url", "")), page_content=str(result.get("markdown", "")) ) return response_md - else: - return None + return None else: return None
134-139: Improve error handling and user feedback.The current error handling could provide more informative feedback to users and handle edge cases better.
# Only translate if we got a real answer - if spanish_answer and isinstance(spanish_answer, str) and spanish_answer.strip() and "Error" not in spanish_answer: + if spanish_answer and isinstance(spanish_answer, str) and spanish_answer.strip() and not spanish_answer.startswith("Error"): try: english_answer = translate_to_english(spanish_answer) print("\nTomás (in English):\n", english_answer) except Exception as e: - print(f"\nTomás: I found information, but couldn't translate it. Here it is in Spanish:\n{spanish_answer}\n(Translation error: {e})") + print(f"\nTomás: I found information, but couldn't translate it. Here it is in Spanish:\n{spanish_answer}\n(Translation error: {str(e)})") else: - print("\nTomás: Sorry, I couldn't find relevant information. Try rephrasing your question or ask about another service.") + error_msg = spanish_answer if spanish_answer and spanish_answer.startswith("Error") else "No relevant information found" + print(f"\nTomás: Sorry, I couldn't find relevant information. {error_msg}. Try rephrasing your question or ask about another service.")
52-59: Consider adding input validation and documentation.The class could benefit from better documentation and more robust input validation.
class FirecrawlTool: + """ + A tool for searching Chilean government services using Firecrawl API. + + Args: + api_key: Firecrawl API key + instruction: Prefix to add to search queries + template: Template for formatting search results + """ def __init__(self, api_key, instruction: str, template: str): if not api_key: raise ValueError("Firecrawl API key not provided.") + if not instruction or not template: + raise ValueError("Instruction and template must be provided.") self.app = FirecrawlApp(api_key=api_key) self.instruction = instruction self.template = template
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (2)
examples/python/tools/exa-tool/chile_government_services_assistant_.py(1 hunks)examples/python/tools/exa-tool/pocky_cybersecurity_poc_agent.py(1 hunks)
🧰 Additional context used
🪛 Ruff (0.11.9)
examples/python/tools/exa-tool/pocky_cybersecurity_poc_agent.py
24-24: SyntaxError: Expected a statement
24-24: SyntaxError: Simple statements must be separated by newlines or semicolons
24-24: SyntaxError: Simple statements must be separated by newlines or semicolons
24-24: SyntaxError: Simple statements must be separated by newlines or semicolons
24-24: SyntaxError: Simple statements must be separated by newlines or semicolons
24-24: SyntaxError: Simple statements must be separated by newlines or semicolons
24-24: SyntaxError: Simple statements must be separated by newlines or semicolons
examples/python/tools/exa-tool/chile_government_services_assistant_.py
114-114: Undefined name FIRECRAWL_INSTRUCTION
(F821)
115-115: Undefined name FIRECRAWL_TEMPLATE
(F821)
🪛 Flake8 (7.2.0)
examples/python/tools/exa-tool/pocky_cybersecurity_poc_agent.py
[error] 24-24: SyntaxError: invalid syntax
(E999)
examples/python/tools/exa-tool/chile_government_services_assistant_.py
[error] 29-29: module level import not at top of file
(E402)
[error] 30-30: module level import not at top of file
(E402)
[error] 31-31: module level import not at top of file
(E402)
[error] 33-33: expected 2 blank lines, found 1
(E302)
[error] 40-40: expected 2 blank lines, found 1
(E302)
[error] 52-52: expected 2 blank lines, found 1
(E302)
[error] 112-112: expected 2 blank lines after class or function definition, found 1
(E305)
[error] 114-114: undefined name 'FIRECRAWL_INSTRUCTION'
(F821)
[error] 115-115: undefined name 'FIRECRAWL_TEMPLATE'
(F821)
🪛 Pylint (3.3.7)
examples/python/tools/exa-tool/pocky_cybersecurity_poc_agent.py
[error] 24-24: Parsing failed: 'invalid syntax (pocky_cybersecurity_poc_agent, line 24)'
(E0001)
examples/python/tools/exa-tool/chile_government_services_assistant_.py
[refactor] 77-87: Unnecessary "else" after "return", remove the "else" and de-indent the code inside it
(R1705)
[refactor] 52-52: Too few public methods (1/2)
(R0903)
[error] 114-114: Undefined variable 'FIRECRAWL_INSTRUCTION'
(E0602)
[error] 115-115: Undefined variable 'FIRECRAWL_TEMPLATE'
(E0602)
⏰ Context from checks skipped due to timeout of 90000ms (2)
- GitHub Check: quick-test
- GitHub Check: test-core (3.11)
🔇 Additional comments (1)
examples/python/tools/exa-tool/pocky_cybersecurity_poc_agent.py (1)
61-76: Excellent validation prompt design.The YAML-style prompt is well-structured and provides clear guidance for PoC validation. The emphasis on static analysis without execution is appropriate for security tools.
|
|
||
| """# Example Usage""" | ||
|
|
||
| run_pocky_for_cve("CVE-2023-4450") |
There was a problem hiding this comment.
🛠️ Refactor suggestion
Add error handling for the example usage.
The example usage should demonstrate proper error handling, especially since the current implementation will fail.
-run_pocky_for_cve("CVE-2023-4450")
+if __name__ == "__main__":
+ # Example usage
+ try:
+ run_pocky_for_cve("CVE-2023-4450")
+ except Exception as e:
+ print(f"Error running example: {e}")
+ print("Note: This is a template implementation that requires actual API integration.")📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| run_pocky_for_cve("CVE-2023-4450") | |
| if __name__ == "__main__": | |
| # Example usage | |
| try: | |
| run_pocky_for_cve("CVE-2023-4450") | |
| except Exception as e: | |
| print(f"Error running example: {e}") | |
| print("Note: This is a template implementation that requires actual API integration.") |
🤖 Prompt for AI Agents
In examples/python/tools/exa-tool/pocky_cybersecurity_poc_agent.py at line 100,
the example call to run_pocky_for_cve("CVE-2023-4450") lacks error handling.
Wrap this call in a try-except block to catch and handle potential exceptions,
and print or log an appropriate error message to demonstrate proper error
handling in the example usage.
| # Install Dependencies | ||
| """ | ||
|
|
||
| !pip install praisonaiagents exa-py python-dotenv requests beautifulsoup4 |
There was a problem hiding this comment.
Fix the invalid Jupyter notebook syntax.
The !pip command is Jupyter notebook syntax and causes syntax errors in Python scripts. Remove this line and add proper dependency management.
-!pip install praisonaiagents exa-py python-dotenv requests beautifulsoup4Consider adding a requirements.txt file or using a setup script for dependency management instead.
📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| !pip install praisonaiagents exa-py python-dotenv requests beautifulsoup4 |
🧰 Tools
🪛 Ruff (0.11.9)
24-24: SyntaxError: Expected a statement
24-24: SyntaxError: Simple statements must be separated by newlines or semicolons
24-24: SyntaxError: Simple statements must be separated by newlines or semicolons
24-24: SyntaxError: Simple statements must be separated by newlines or semicolons
24-24: SyntaxError: Simple statements must be separated by newlines or semicolons
24-24: SyntaxError: Simple statements must be separated by newlines or semicolons
24-24: SyntaxError: Simple statements must be separated by newlines or semicolons
🪛 Flake8 (7.2.0)
[error] 24-24: SyntaxError: invalid syntax
(E999)
🪛 Pylint (3.3.7)
[error] 24-24: Parsing failed: 'invalid syntax (pocky_cybersecurity_poc_agent, line 24)'
(E0001)
🤖 Prompt for AI Agents
In examples/python/tools/exa-tool/pocky_cybersecurity_poc_agent.py at line 24,
remove the line starting with "!pip install" because it is invalid syntax in a
Python script. Instead, manage dependencies properly by creating a
requirements.txt file listing these packages or using a setup script to handle
installation outside the script.
| import json | ||
| from openai import OpenAI | ||
| from exa_py import Exa |
There was a problem hiding this comment.
🛠️ Refactor suggestion
Add missing import for unused OpenAI and Exa clients.
The OpenAI and Exa imports are declared but never used in the current implementation. Either remove them or implement the actual functionality.
Since this appears to be a template, consider adding TODO comments or implementing the actual API integration:
import json
-from openai import OpenAI
-from exa_py import Exa
+# TODO: Implement actual API integration
+# from openai import OpenAI
+# from exa_py import Exa📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| import json | |
| from openai import OpenAI | |
| from exa_py import Exa | |
| import json | |
| # TODO: Implement actual API integration | |
| # from openai import OpenAI | |
| # from exa_py import Exa |
🤖 Prompt for AI Agents
In examples/python/tools/exa-tool/pocky_cybersecurity_poc_agent.py around lines
37 to 39, the OpenAI and Exa imports are present but unused. To fix this, either
remove these imports if they are unnecessary or add TODO comments indicating
where and how to implement the OpenAI and Exa client integrations to clarify
their intended use in the template.
| """# Set API Keys""" | ||
|
|
||
| import os | ||
|
|
||
| # Set your API keys here (replace with your actual keys) | ||
| os.environ["EXA_API_KEY"] = "your api key" | ||
| os.environ["OPENAI_API_KEY"] = "your api key" | ||
| os.environ["OPENAI_BASE_URL"] = "https://api.openai.com/v1" # Optional, for custom OpenAI endpoints |
There was a problem hiding this comment.
Remove hardcoded API keys and improve security.
Hardcoded API keys in source code pose security risks. The current implementation sets placeholder values that won't work and could accidentally expose real keys if updated.
-"""# Set API Keys"""
-
-import os
-
-# Set your API keys here (replace with your actual keys)
-os.environ["EXA_API_KEY"] = "your api key"
-os.environ["OPENAI_API_KEY"] = "your api key"
-os.environ["OPENAI_BASE_URL"] = "https://api.openai.com/v1" # Optional, for custom OpenAI endpoints
+import os
+from dotenv import load_dotenv
+
+# Load environment variables from .env file
+load_dotenv()
+
+# Validate required API keys
+required_keys = ["EXA_API_KEY", "OPENAI_API_KEY"]
+missing_keys = [key for key in required_keys if not os.getenv(key)]
+if missing_keys:
+ raise ValueError(f"Missing required environment variables: {', '.join(missing_keys)}")
+
+# Optional: Set custom OpenAI endpoint
+if not os.getenv("OPENAI_BASE_URL"):
+ os.environ["OPENAI_BASE_URL"] = "https://api.openai.com/v1"📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| """# Set API Keys""" | |
| import os | |
| # Set your API keys here (replace with your actual keys) | |
| os.environ["EXA_API_KEY"] = "your api key" | |
| os.environ["OPENAI_API_KEY"] = "your api key" | |
| os.environ["OPENAI_BASE_URL"] = "https://api.openai.com/v1" # Optional, for custom OpenAI endpoints | |
| import os | |
| from dotenv import load_dotenv | |
| # Load environment variables from .env file | |
| load_dotenv() | |
| # Validate required API keys | |
| required_keys = ["EXA_API_KEY", "OPENAI_API_KEY"] | |
| missing_keys = [key for key in required_keys if not os.getenv(key)] | |
| if missing_keys: | |
| raise ValueError(f"Missing required environment variables: {', '.join(missing_keys)}") | |
| # Optional: Set custom OpenAI endpoint | |
| if not os.getenv("OPENAI_BASE_URL"): | |
| os.environ["OPENAI_BASE_URL"] = "https://api.openai.com/v1" |
🤖 Prompt for AI Agents
In examples/python/tools/exa-tool/pocky_cybersecurity_poc_agent.py around lines
26 to 33, remove the hardcoded API key assignments from the source code.
Instead, modify the code to read these API keys from environment variables or a
secure configuration file at runtime, ensuring no sensitive keys are stored
directly in the codebase. This improves security by preventing accidental
exposure of real keys.
| # -*- coding: utf-8 -*- | ||
| """Pocky_Cybersecurity_PoC_Agent.ipynb | ||
|
|
||
| Automatically generated by Colab. | ||
|
|
||
| Original file is located at | ||
| https://colab.research.google.com/drive/1hnNLGS90GopXOhwHHIqxaGJERcajSMQJ | ||
|
|
||
| # Pocky Query Tool: Automated CVE PoC Search & Validation | ||
|
|
||
| A lightweight, web-scale agent that helps you find, filter, and fetch real-world PoC exploits — so you don't have to. | ||
|
|
||
| **Features:** | ||
| - Automatically searches multiple security-related websites | ||
| - Intelligently analyzes and extracts PoC code | ||
| - Automatically selects the most reliable PoC samples | ||
| - Supports collection of PoCs from multiple sources | ||
|
|
||
| [](https://colab.research.google.com/github/DhivyaBharathy-web/PraisonAI/blob/main/examples/cookbooks/Pocky_Cybersecurity_PoC_Agent.ipynb) | ||
|
|
||
| # Install Dependencies | ||
| """ |
There was a problem hiding this comment.
🛠️ Refactor suggestion
Convert the header comment to a proper module docstring.
The multi-line string at the beginning should be converted to a proper module docstring for better documentation.
-# -*- coding: utf-8 -*-
-"""Pocky_Cybersecurity_PoC_Agent.ipynb
-
-Automatically generated by Colab.
-
-Original file is located at
- https://colab.research.google.com/drive/1hnNLGS90GopXOhwHHIqxaGJERcajSMQJ
-
-# Pocky Query Tool: Automated CVE PoC Search & Validation
-
-A lightweight, web-scale agent that helps you find, filter, and fetch real-world PoC exploits — so you don't have to.
-
-**Features:**
-- Automatically searches multiple security-related websites
-- Intelligently analyzes and extracts PoC code
-- Automatically selects the most reliable PoC samples
-- Supports collection of PoCs from multiple sources
-
-[](https://colab.research.google.com/github/DhivyaBharathy-web/PraisonAI/blob/main/examples/cookbooks/Pocky_Cybersecurity_PoC_Agent.ipynb)
-
-# Install Dependencies
-"""
+# -*- coding: utf-8 -*-
+"""Pocky Query Tool: Automated CVE PoC Search & Validation
+
+A lightweight, web-scale agent that helps you find, filter, and fetch real-world PoC exploits.
+
+Features:
+- Automatically searches multiple security-related websites
+- Intelligently analyzes and extracts PoC code
+- Automatically selects the most reliable PoC samples
+- Supports collection of PoCs from multiple sources
+
+Original file is located at:
+ https://colab.research.google.com/drive/1hnNLGS90GopXOhwHHIqxaGJERcajSMQJ
+"""📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| # -*- coding: utf-8 -*- | |
| """Pocky_Cybersecurity_PoC_Agent.ipynb | |
| Automatically generated by Colab. | |
| Original file is located at | |
| https://colab.research.google.com/drive/1hnNLGS90GopXOhwHHIqxaGJERcajSMQJ | |
| # Pocky Query Tool: Automated CVE PoC Search & Validation | |
| A lightweight, web-scale agent that helps you find, filter, and fetch real-world PoC exploits — so you don't have to. | |
| **Features:** | |
| - Automatically searches multiple security-related websites | |
| - Intelligently analyzes and extracts PoC code | |
| - Automatically selects the most reliable PoC samples | |
| - Supports collection of PoCs from multiple sources | |
| [](https://colab.research.google.com/github/DhivyaBharathy-web/PraisonAI/blob/main/examples/cookbooks/Pocky_Cybersecurity_PoC_Agent.ipynb) | |
| # Install Dependencies | |
| """ | |
| # -*- coding: utf-8 -*- | |
| """Pocky Query Tool: Automated CVE PoC Search & Validation | |
| A lightweight, web-scale agent that helps you find, filter, and fetch real-world PoC exploits. | |
| Features: | |
| - Automatically searches multiple security-related websites | |
| - Intelligently analyzes and extracts PoC code | |
| - Automatically selects the most reliable PoC samples | |
| - Supports collection of PoCs from multiple sources | |
| Original file is located at: | |
| https://colab.research.google.com/drive/1hnNLGS90GopXOhwHHIqxaGJERcajSMQJ | |
| """ |
🤖 Prompt for AI Agents
In examples/python/tools/exa-tool/pocky_cybersecurity_poc_agent.py at lines 1 to
22, the header comment is currently a plain multi-line comment. Convert this
entire header comment into a proper Python module docstring by enclosing it
within triple double quotes at the start of the file. This will improve
documentation and make it accessible via introspection tools.
| def run_pocky_for_cve(cve_id): | ||
| # Example: Simulate fetching a description and PoC (replace with real logic) | ||
| description = f"Description for {cve_id} (replace with real Exa/OpenAI search)" | ||
| poc_sample = f"PoC code for {cve_id} (replace with real PoC search)" | ||
|
|
||
| # Stage 2: Attack Intent | ||
| intent = AttackIntentAgent(description).run() | ||
| print(f"Attack Intent: {intent}") | ||
|
|
||
| # Stage 3: Validation | ||
| validation_input = json.dumps({"attack_intent": intent, "poc_sample": poc_sample}, indent=2) | ||
| valid = ValidationAgent(validation_input).run() | ||
| print(f"Validation Result: {valid}") | ||
| if valid: | ||
| print(f"PoC for {cve_id} is valid and ready to use.") | ||
| else: | ||
| print(f"PoC for {cve_id} failed validation.") | ||
|
|
There was a problem hiding this comment.
🛠️ Refactor suggestion
Implement actual CVE data fetching and processing.
The main function currently only simulates the workflow with placeholder data. For a cybersecurity tool, this needs to integrate with real CVE databases and PoC sources.
def run_pocky_for_cve(cve_id):
- # Example: Simulate fetching a description and PoC (replace with real logic)
- description = f"Description for {cve_id} (replace with real Exa/OpenAI search)"
- poc_sample = f"PoC code for {cve_id} (replace with real PoC search)"
+ # TODO: Implement actual CVE data fetching
+ # 1. Fetch CVE description from NVD or other CVE databases
+ # 2. Search for PoC samples using Exa API
+ # 3. Filter and rank PoC samples by relevance
+
+ try:
+ # Placeholder for actual implementation
+ description = fetch_cve_description(cve_id) # Not implemented
+ poc_sample = search_poc_samples(cve_id) # Not implemented
+ except Exception as e:
+ print(f"Error fetching data for {cve_id}: {e}")
+ return
- # Stage 2: Attack Intent
- intent = AttackIntentAgent(description).run()
- print(f"Attack Intent: {intent}")
+ try:
+ # Stage 2: Attack Intent
+ intent = AttackIntentAgent(description).run()
+ print(f"Attack Intent: {intent}")
- # Stage 3: Validation
- validation_input = json.dumps({"attack_intent": intent, "poc_sample": poc_sample}, indent=2)
- valid = ValidationAgent(validation_input).run()
- print(f"Validation Result: {valid}")
- if valid:
- print(f"PoC for {cve_id} is valid and ready to use.")
- else:
- print(f"PoC for {cve_id} failed validation.")
+ # Stage 3: Validation
+ validation_input = json.dumps({"attack_intent": intent, "poc_sample": poc_sample}, indent=2)
+ valid = ValidationAgent(validation_input).run()
+ print(f"Validation Result: {valid}")
+ if valid:
+ print(f"PoC for {cve_id} is valid and ready to use.")
+ else:
+ print(f"PoC for {cve_id} failed validation.")
+ except NotImplementedError as e:
+ print(f"Feature not yet implemented: {e}")
+ except Exception as e:
+ print(f"Error processing {cve_id}: {e}")📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| def run_pocky_for_cve(cve_id): | |
| # Example: Simulate fetching a description and PoC (replace with real logic) | |
| description = f"Description for {cve_id} (replace with real Exa/OpenAI search)" | |
| poc_sample = f"PoC code for {cve_id} (replace with real PoC search)" | |
| # Stage 2: Attack Intent | |
| intent = AttackIntentAgent(description).run() | |
| print(f"Attack Intent: {intent}") | |
| # Stage 3: Validation | |
| validation_input = json.dumps({"attack_intent": intent, "poc_sample": poc_sample}, indent=2) | |
| valid = ValidationAgent(validation_input).run() | |
| print(f"Validation Result: {valid}") | |
| if valid: | |
| print(f"PoC for {cve_id} is valid and ready to use.") | |
| else: | |
| print(f"PoC for {cve_id} failed validation.") | |
| def run_pocky_for_cve(cve_id): | |
| # TODO: Implement actual CVE data fetching | |
| # 1. Fetch CVE description from NVD or other CVE databases | |
| # 2. Search for PoC samples using Exa API | |
| # 3. Filter and rank PoC samples by relevance | |
| try: | |
| # Placeholder for actual implementation | |
| description = fetch_cve_description(cve_id) # Not implemented | |
| poc_sample = search_poc_samples(cve_id) # Not implemented | |
| except Exception as e: | |
| print(f"Error fetching data for {cve_id}: {e}") | |
| return | |
| try: | |
| # Stage 2: Attack Intent | |
| intent = AttackIntentAgent(description).run() | |
| print(f"Attack Intent: {intent}") | |
| # Stage 3: Validation | |
| validation_input = json.dumps( | |
| {"attack_intent": intent, "poc_sample": poc_sample}, indent=2 | |
| ) | |
| valid = ValidationAgent(validation_input).run() | |
| print(f"Validation Result: {valid}") | |
| if valid: | |
| print(f"PoC for {cve_id} is valid and ready to use.") | |
| else: | |
| print(f"PoC for {cve_id} failed validation.") | |
| except NotImplementedError as e: | |
| print(f"Feature not yet implemented: {e}") | |
| except Exception as e: | |
| print(f"Error processing {cve_id}: {e}") |
🤖 Prompt for AI Agents
In examples/python/tools/exa-tool/pocky_cybersecurity_poc_agent.py around lines
80 to 97, the function run_pocky_for_cve uses placeholder strings for CVE
description and PoC code instead of real data. Replace these placeholders by
integrating actual CVE data fetching from reliable CVE databases or APIs and
retrieve real PoC samples from trusted sources. Update the function to process
and use this real data in the subsequent attack intent and validation stages.
| firecrawl_tool = FirecrawlTool( | ||
| api_key=os.environ['FIRECRAWL_API_KEY'], | ||
| instruction=FIRECRAWL_INSTRUCTION, | ||
| template=FIRECRAWL_TEMPLATE | ||
| ) |
There was a problem hiding this comment.
Fix undefined variable references.
The code references FIRECRAWL_INSTRUCTION and FIRECRAWL_TEMPLATE which are commented out above, causing runtime errors.
This issue is resolved by uncommenting the template definitions in lines 95-108 as suggested in the previous comment.
🧰 Tools
🪛 Ruff (0.11.9)
114-114: Undefined name FIRECRAWL_INSTRUCTION
(F821)
115-115: Undefined name FIRECRAWL_TEMPLATE
(F821)
🪛 Flake8 (7.2.0)
[error] 112-112: expected 2 blank lines after class or function definition, found 1
(E305)
[error] 114-114: undefined name 'FIRECRAWL_INSTRUCTION'
(F821)
[error] 115-115: undefined name 'FIRECRAWL_TEMPLATE'
(F821)
🪛 Pylint (3.3.7)
[error] 114-114: Undefined variable 'FIRECRAWL_INSTRUCTION'
(E0602)
[error] 115-115: Undefined variable 'FIRECRAWL_TEMPLATE'
(E0602)
🤖 Prompt for AI Agents
In examples/python/tools/exa-tool/chile_government_services_assistant_.py around
lines 112 to 116, the variables FIRECRAWL_INSTRUCTION and FIRECRAWL_TEMPLATE are
used but currently commented out, causing runtime errors. To fix this, uncomment
the definitions of FIRECRAWL_INSTRUCTION and FIRECRAWL_TEMPLATE in lines 95 to
108 so these variables are properly defined before use.
| os.environ['FIRECRAWL_API_KEY'] = "your api key here" | ||
| os.environ['OPENAI_API_KEY'] = "your api key here" |
There was a problem hiding this comment.
Security risk: Remove hardcoded API keys from source code.
API keys should never be hardcoded in source code as they can be exposed in version control and create security vulnerabilities.
Consider using a .env file or environment variables set externally:
-os.environ['FIRECRAWL_API_KEY'] = "your api key here"
-os.environ['OPENAI_API_KEY'] = "your api key here"
+# Load from .env file or set these environment variables externally
+# FIRECRAWL_API_KEY=your_actual_api_key
+# OPENAI_API_KEY=your_actual_openai_keyAdd a .env.example file to show the required environment variables without exposing actual values.
📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| os.environ['FIRECRAWL_API_KEY'] = "your api key here" | |
| os.environ['OPENAI_API_KEY'] = "your api key here" | |
| # Load from .env file or set these environment variables externally | |
| # FIRECRAWL_API_KEY=your_actual_api_key | |
| # OPENAI_API_KEY=your_actual_openai_key |
🤖 Prompt for AI Agents
In examples/python/tools/exa-tool/chile_government_services_assistant_.py at
lines 24-25, remove the hardcoded API keys from the source code to avoid
security risks. Instead, load these keys from environment variables set
externally or from a .env file using a library like python-dotenv. Also, create
a .env.example file listing the required environment variables without actual
values to guide users on what keys to provide.
| # FIRECRAWL_INSTRUCTION = "ChileAtiende: " | ||
| # FIRECRAWL_TEMPLATE = """ | ||
| # # Result {result_number} | ||
|
|
||
| # ## Page Name: | ||
| # "{page_title}" | ||
|
|
||
| # ## URL: | ||
| # {page_url} | ||
|
|
||
| # ## Content: | ||
| # {page_content} | ||
|
|
||
| # """ |
There was a problem hiding this comment.
Uncomment and define required template variables.
The template variables FIRECRAWL_INSTRUCTION and FIRECRAWL_TEMPLATE are commented out but used later in the code, causing undefined variable errors.
-# FIRECRAWL_INSTRUCTION = "ChileAtiende: "
-# FIRECRAWL_TEMPLATE = """
-# # Result {result_number}
-#
-# ## Page Name:
-# "{page_title}"
-#
-# ## URL:
-# {page_url}
-#
-# ## Content:
-# {page_content}
-#
-# """
+FIRECRAWL_INSTRUCTION = "ChileAtiende: "
+FIRECRAWL_TEMPLATE = """
+# Result {result_number}
+
+## Page Name:
+"{page_title}"
+
+## URL:
+{page_url}
+
+## Content:
+{page_content}
+
+"""📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| # FIRECRAWL_INSTRUCTION = "ChileAtiende: " | |
| # FIRECRAWL_TEMPLATE = """ | |
| # # Result {result_number} | |
| # ## Page Name: | |
| # "{page_title}" | |
| # ## URL: | |
| # {page_url} | |
| # ## Content: | |
| # {page_content} | |
| # """ | |
| FIRECRAWL_INSTRUCTION = "ChileAtiende: " | |
| FIRECRAWL_TEMPLATE = """ | |
| # Result {result_number} | |
| ## Page Name: | |
| "{page_title}" | |
| ## URL: | |
| {page_url} | |
| ## Content: | |
| {page_content} | |
| """ |
🤖 Prompt for AI Agents
In examples/python/tools/exa-tool/chile_government_services_assistant_.py around
lines 95 to 108, the variables FIRECRAWL_INSTRUCTION and FIRECRAWL_TEMPLATE are
commented out but used later, causing undefined variable errors. Uncomment these
lines and ensure the variables are properly defined with the given string values
so they can be referenced without errors.
| from firecrawl import FirecrawlApp, ScrapeOptions | ||
| from deep_translator import GoogleTranslator | ||
| import re |
There was a problem hiding this comment.
🛠️ Refactor suggestion
Move imports to the top of the file.
Following PEP 8 guidelines, all imports should be placed at the top of the file after module docstrings and before module globals.
+from firecrawl import FirecrawlApp, ScrapeOptions
+from deep_translator import GoogleTranslator
+import re
+import os
+
# """# Set API Keys"""
-import os
-
os.environ['FIRECRAWL_API_KEY'] = "your api key here"
os.environ['OPENAI_API_KEY'] = "your api key here"
# """# Import Libraries & Translator"""
-from firecrawl import FirecrawlApp, ScrapeOptions
-from deep_translator import GoogleTranslator
-import re📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| from firecrawl import FirecrawlApp, ScrapeOptions | |
| from deep_translator import GoogleTranslator | |
| import re | |
| # (place this at the top of the file, after any module docstring) | |
| from firecrawl import FirecrawlApp, ScrapeOptions | |
| from deep_translator import GoogleTranslator | |
| import re | |
| import os | |
| # """# Set API Keys""" | |
| os.environ['FIRECRAWL_API_KEY'] = "your api key here" | |
| os.environ['OPENAI_API_KEY'] = "your api key here" | |
| # """# Import Libraries & Translator""" | |
| # (the old imports below have been removed) |
🧰 Tools
🪛 Flake8 (7.2.0)
[error] 29-29: module level import not at top of file
(E402)
[error] 30-30: module level import not at top of file
(E402)
[error] 31-31: module level import not at top of file
(E402)
🤖 Prompt for AI Agents
In examples/python/tools/exa-tool/chile_government_services_assistant_.py around
lines 29 to 31, the imports are not at the top of the file as required by PEP 8.
Move all import statements to the very top of the file, immediately after any
module-level docstrings and before any global variables or other code.
Dhivya-Bharathy
changed the title
…nt-Services-Assistant.py
Adds the Pocky CVE PoC Query Tool as a standalone Python script.
Automates searching, filtering, and validating CVE proof-of-concept exploits.
Includes API key setup, modular agent logic, and sample usage.
Summary by CodeRabbit