OWASP-BLT · atharva9980 · Jul 31, 2025 · coderabbitai · Jul 31, 2025 · coderabbitai
diff --git a/blt/settings.py b/blt/settings.py
@@ -101,6 +101,7 @@
     "dj_rest_auth.registration",
     "storages",
     "channels",
+
 )
 
 if DEBUG:
@@ -165,7 +166,7 @@
 TEMPLATES = [
     {
         "BACKEND": "django.template.backends.django.DjangoTemplates",
-        "DIRS": [],
+        "DIRS": ['templates'],   
         "APP_DIRS": False,
         "OPTIONS": {
             "debug": DEBUG,
@@ -629,3 +630,7 @@
 }
 THROTTLE_WINDOW = 60  # 60 seconds (1 minute)
 THROTTLE_EXEMPT_PATHS = ["/admin/", "/static/", "/media/"]
+
+from dotenv import load_dotenv
+load_dotenv()
+GEMINI_API_KEY = os.environ.get("GEMINI_API_KEY")
-from dotenv import load_dotenv
-load_dotenv()
-GEMINI_API_KEY = os.environ.get("GEMINI_API_KEY")
+GEMINI_API_KEY = os.environ.get("GEMINI_API_KEY")
+if not GEMINI_API_KEY:
+    raise Exception("GEMINI_API_KEY environment variable is required for Gemini integration.")
-from dotenv import load_dotenv
-load_dotenv()
-GEMINI_API_KEY = os.environ.get("GEMINI_API_KEY")
+GEMINI_API_KEY = os.environ.get("GEMINI_API_KEY")
+if not GEMINI_API_KEY:
+    raise Exception("GEMINI_API_KEY environment variable is required for Gemini integration.")
diff --git a/blt/urls.py b/blt/urls.py
@@ -358,8 +358,14 @@
 
 handler404 = "website.views.core.handler404"
 handler500 = "website.views.core.handler500"
+from django.contrib import admin
+from django.urls import path, include
+from django.conf import settings
+from django.conf.urls.static import static
 
 urlpatterns = [
+    path('', include('website.urls')),
+    path(settings.ADMIN_URL + "/", admin.site.urls),
-from django.contrib import admin
-from django.urls import path, include
-from django.conf import settings
-from django.conf.urls.static import static
-
-urlpatterns = [
-    path('', include('website.urls')),
-    path(settings.ADMIN_URL + "/", admin.site.urls),
+urlpatterns = [
+    path('', include('website.urls')),
+]
-from django.contrib import admin
-from django.urls import path, include
-from django.conf import settings
-from django.conf.urls.static import static
-
-urlpatterns = [
-    path('', include('website.urls')),
-    path(settings.ADMIN_URL + "/", admin.site.urls),
+urlpatterns = [
+    path('', include('website.urls')),
+]
     path("simulation/", dashboard, name="dashboard"),
     path("banned_apps/", BannedAppsView.as_view(), name="banned_apps"),
     path("api/banned_apps/search/", search_banned_apps, name="search_banned_apps"),
@@ -1106,3 +1112,7 @@
         re_path(r"^__debug__/", include(debug_toolbar.urls)),
     ] + urlpatterns
     urlpatterns += static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT)
+
+
+
+
diff --git a/website/templates/gemini_input.html b/website/templates/gemini_input.html
@@ -0,0 +1,49 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8" />
+  <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+  <title>Ask Gemini</title>
+  <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/tailwindcss@2.2.19/dist/tailwind.min.css">
+  <script src="https://cdn.jsdelivr.net/npm/marked/marked.min.js"></script>
+</head>
+<body class="bg-white text-gray-800 font-sans">
+  <nav class="bg-white shadow-md p-4">
+    <div class="text-red-600 font-bold text-2xl">OWASP BLT</div>
+  </nav>
+
+  <main class="max-w-3xl mx-auto mt-12 px-4">
+    <h1 class="text-3xl font-bold text-gray-900 mb-4">Ask Gemini</h1>
+    <form id="gemini-form" class="mb-6">
+      <textarea id="user-input" rows="4" class="w-full border rounded-md p-4 focus:outline-none focus:ring-2 focus:ring-red-500" placeholder="Type your question..."></textarea>
+      <button type="submit" class="mt-4 bg-red-500 text-white px-6 py-2 rounded-md hover:bg-red-600">Submit</button>
+    </form>
+
+    <div id="response-container" class="prose max-w-none"></div>
+  </main>
+
+  <script>
+    const form = document.getElementById('gemini-form');
+    const input = document.getElementById('user-input');
+    const responseContainer = document.getElementById('response-container');
+
+    form.addEventListener('submit', async (e) => {
+      e.preventDefault();
+      const prompt = input.value.trim();
+      if (!prompt) return;
+
+      responseContainer.innerHTML = '<p class="text-gray-500">Loading...</p>';
+
+      const response = await fetch('/api/test-gemini/?prompt=' + encodeURIComponent(prompt));
+      const result = await response.json();
+
+      if (result.response) {
+        const formatted = marked.parse(result.response);
+        responseContainer.innerHTML = formatted;
+      } else {
+        responseContainer.innerHTML = '<p class="text-red-600">' + (result.error || 'Something went wrong.') + '</p>';
+      }
+    });
+  </script>
+</body>
+</html>
diff --git a/website/urls.py b/website/urls.py
@@ -0,0 +1,9 @@
+from django.urls import path
+from website.views.core import home
+from website.views.gemini import test_gemini, gemini_ui  # <-- use gemini_ui, not gemini_input_page
+
+urlpatterns = [
+    path('', home, name='home'),
+    path('api/test-gemini/', test_gemini, name='test_gemini'),
+    path('ask-gemini/', gemini_ui, name='gemini_ui'),
+]
diff --git a/website/utils.py b/website/utils.py
@@ -24,6 +24,38 @@
 from openai import OpenAI
 from PIL import Image
 
+# website/utils.py
+import requests
+from django.conf import settings
+
+def call_gemini(prompt: str) -> str:
+    url = "https://generativelanguage.googleapis.com/v1beta/models/gemini-2.5-flash:generateContent"
+    headers = {"Content-Type": "application/json"}
+
+    # Add domain-specific context to act like a security assistant
+    context_prompt = (
+        "You are Gemini, a helpful, polite assistant integrated into OWASP BLT, a suite of security tools. "
+        "You help users understand cybersecurity, bug bounty, appsec, secure coding, OWASP Top 10, and other web security concerns. "
+        "Provide clear, well-formatted answers suitable for developers and researchers. Respond in markdown format."
+    )
+
+    full_prompt = f"{context_prompt}\n\nUser's question: {prompt}"
+
+    payload = {
+        "contents": [{"parts": [{"text": full_prompt}]}]
+    }
+
+    params = {"key": settings.GEMINI_API_KEY}
+    response = requests.post(url, headers=headers, json=payload, params=params)
+
+    data = response.json()
+    if "candidates" in data:
+        return data["candidates"][0]["content"]["parts"][0]["text"]
+    else:
+        return str(data)
+
-def call_gemini(prompt: str) -> str:
-    url = "https://generativelanguage.googleapis.com/v1beta/models/gemini-2.5-flash:generateContent"
-    headers = {"Content-Type": "application/json"}
-
-    # Add domain-specific context to act like a security assistant
-    context_prompt = (
-        "You are Gemini, a helpful, polite assistant integrated into OWASP BLT, a suite of security tools. "
-        "You help users understand cybersecurity, bug bounty, appsec, secure coding, OWASP Top 10, and other web security concerns. "
-        "Provide clear, well-formatted answers suitable for developers and researchers. Respond in markdown format."
-    )
-
-    full_prompt = f"{context_prompt}\n\nUser's question: {prompt}"
-
-    payload = {
-        "contents": [{"parts": [{"text": full_prompt}]}]
-    }
-
-    params = {"key": settings.GEMINI_API_KEY}
-    response = requests.post(url, headers=headers, json=payload, params=params)
-
-    data = response.json()
-    if "candidates" in data:
-        return data["candidates"][0]["content"]["parts"][0]["text"]
-    else:
-        return str(data)
+def call_gemini(prompt: str) -> str:
+    url = "https://generativelanguage.googleapis.com/v1beta/models/gemini-2.5-flash:generateContent"
+    headers = {
+        "Content-Type": "application/json",
+        "x-goog-api-key": settings.GEMINI_API_KEY
+    }
+
+    # Add domain-specific context to act like a security assistant
+    context_prompt = (
+        "You are Gemini, a helpful, polite assistant integrated into OWASP BLT, a suite of security tools. "
+        "You help users understand cybersecurity, bug bounty, appsec, secure coding, OWASP Top 10, and other web security concerns. "
+        "Provide clear, well-formatted answers suitable for developers and researchers. Respond in markdown format."
+    )
+
+    full_prompt = f"{context_prompt}\n\nUser's question: {prompt}"
+
+    payload = {
+        "contents": [{"parts": [{"text": full_prompt}]}]
+    }
+
+    response = requests.post(url, headers=headers, json=payload, timeout=30)
+    response.raise_for_status()  # Raise exception for HTTP errors
+
+    data = response.json()
+    if "candidates" in data and len(data["candidates"]) > 0:
+        parts = data["candidates"][0].get("content", {}).get("parts", [])
+        if parts and len(parts) > 0:
+            return parts[0].get("text", "No response generated")
+        else:
+            return "No response content available"
+    else:
+        error_msg = data.get("error", {}).get("message", "Unknown API error")
+        raise Exception(f"Gemini API error: {error_msg}")
-def call_gemini(prompt: str) -> str:
-    url = "https://generativelanguage.googleapis.com/v1beta/models/gemini-2.5-flash:generateContent"
-    headers = {"Content-Type": "application/json"}
-
-    # Add domain-specific context to act like a security assistant
-    context_prompt = (
-        "You are Gemini, a helpful, polite assistant integrated into OWASP BLT, a suite of security tools. "
-        "You help users understand cybersecurity, bug bounty, appsec, secure coding, OWASP Top 10, and other web security concerns. "
-        "Provide clear, well-formatted answers suitable for developers and researchers. Respond in markdown format."
-    )
-
-    full_prompt = f"{context_prompt}\n\nUser's question: {prompt}"
-
-    payload = {
-        "contents": [{"parts": [{"text": full_prompt}]}]
-    }
-
-    params = {"key": settings.GEMINI_API_KEY}
-    response = requests.post(url, headers=headers, json=payload, params=params)
-
-    data = response.json()
-    if "candidates" in data:
-        return data["candidates"][0]["content"]["parts"][0]["text"]
-    else:
-        return str(data)
+def call_gemini(prompt: str) -> str:
+    url = "https://generativelanguage.googleapis.com/v1beta/models/gemini-2.5-flash:generateContent"
+    headers = {
+        "Content-Type": "application/json",
+        "x-goog-api-key": settings.GEMINI_API_KEY
+    }
+
+    # Add domain-specific context to act like a security assistant
+    context_prompt = (
+        "You are Gemini, a helpful, polite assistant integrated into OWASP BLT, a suite of security tools. "
+        "You help users understand cybersecurity, bug bounty, appsec, secure coding, OWASP Top 10, and other web security concerns. "
+        "Provide clear, well-formatted answers suitable for developers and researchers. Respond in markdown format."
+    )
+
+    full_prompt = f"{context_prompt}\n\nUser's question: {prompt}"
+
+    payload = {
+        "contents": [{"parts": [{"text": full_prompt}]}]
+    }
+
+    response = requests.post(url, headers=headers, json=payload, timeout=30)
+    response.raise_for_status()  # Raise exception for HTTP errors
+
+    data = response.json()
+    if "candidates" in data and len(data["candidates"]) > 0:
+        parts = data["candidates"][0].get("content", {}).get("parts", [])
+        if parts and len(parts) > 0:
+            return parts[0].get("text", "No response generated")
+        else:
+            return "No response content available"
+    else:
+        error_msg = data.get("error", {}).get("message", "Unknown API error")
+        raise Exception(f"Gemini API error: {error_msg}")
+
+
 from website.models import DailyStats
 
 from .models import PRAnalysisReport

diff --git a/website/views/gemini.py b/website/views/gemini.py
@@ -0,0 +1,16 @@
+from django.shortcuts import render
+from django.http import JsonResponse
+from website.utils import call_gemini
+
+def gemini_ui(request):
+    return render(request, "gemini_input.html")  # <-- match your actual path
+
+def test_gemini(request):
+    prompt = request.GET.get("prompt")
+    if not prompt:
+        return JsonResponse({"error": "No prompt provided"}, status=400)
+    try:
+        response = call_gemini(prompt)
+        return JsonResponse({"response": response})
+    except Exception as e:
+        return JsonResponse({"error": str(e)}, status=500)
-def test_gemini(request):
-    prompt = request.GET.get("prompt")
-    if not prompt:
-        return JsonResponse({"error": "No prompt provided"}, status=400)
-    try:
-        response = call_gemini(prompt)
-        return JsonResponse({"response": response})
-    except Exception as e:
-        return JsonResponse({"error": str(e)}, status=500)
+def test_gemini(request):
+    prompt = request.GET.get("prompt")
+    if not prompt:
+        return JsonResponse({"error": "No prompt provided"}, status=400)
+    try:
+        response = call_gemini(prompt)
+        return JsonResponse({"response": response})
+    except Exception as e:
+        # Log the full error for debugging but return a generic message to the user
+        import logging
+        logging.error(f"Gemini API error: {e}")
+        return JsonResponse(
+            {"error": "An error occurred while processing your request"},
+            status=500
+        )
-def test_gemini(request):
-    prompt = request.GET.get("prompt")
-    if not prompt:
-        return JsonResponse({"error": "No prompt provided"}, status=400)
-    try:
-        response = call_gemini(prompt)
-        return JsonResponse({"response": response})
-    except Exception as e:
-        return JsonResponse({"error": str(e)}, status=500)
+def test_gemini(request):
+    prompt = request.GET.get("prompt")
+    if not prompt:
+        return JsonResponse({"error": "No prompt provided"}, status=400)
+    try:
+        response = call_gemini(prompt)
+        return JsonResponse({"response": response})
+    except Exception as e:
+        # Log the full error for debugging but return a generic message to the user
+        import logging
+        logging.error(f"Gemini API error: {e}")
+        return JsonResponse(
+            {"error": "An error occurred while processing your request"},
+            status=500
+        )