Hugging Face's logo

Spaces:
daqc
/
open-deep-research-vulnerability-intelligence
Running

App Files Community
daqc commited on
Commit
b1ced03
Β·
verified Β·
1 Parent(s): d01dce5

Update app.py

Browse files
Files changed (1) hide show
  1. app.py +25 -3
app.py CHANGED
@@ -309,6 +309,12 @@ class GradioUI:
309
  return message, "error"
310
 
311
  def interact_with_agent(self, prompt, messages, session_state):
 
 
 
 
 
 
312
  # Get or create session-specific agent
313
  if "agent" not in session_state:
314
  # Check if we have a valid HF_TOKEN in session
@@ -433,6 +439,16 @@ User Query: """
433
 
434
  messages.append(msg)
435
  yield messages
 
 
 
 
 
 
 
 
 
 
436
  yield messages
437
  except Exception as e:
438
  logger.error(f"Error in interaction: {str(e)}")
@@ -461,7 +477,7 @@ User Query: """
461
  is_valid, message = validate_hf_api_key(token_to_use)
462
 
463
  if is_valid:
464
- # Store HF_TOKEN in session state
465
  session_state["hf_token"] = token_to_use
466
  session_state["max_steps"] = max_steps
467
  logger.info(f"API key stored in session from {source}: {token_to_use[:10]}...")
@@ -483,6 +499,8 @@ User Query: """
483
  logger.warning(f"Invalid API key from {source}: {token_to_use[:10] if token_to_use else 'None'}...")
484
  return f"❌ Invalid API key from {source}: {message}"
485
 
 
 
486
  def upload_file(
487
  self,
488
  file,
@@ -675,7 +693,7 @@ This AI agent specializes in automated vulnerability research and analysis, buil
675
  # API Key Configuration Section
676
  with gr.Accordion("πŸ”‘ API Configuration", open=False):
677
  gr.Markdown("**Configure your Hugging Face API Key**")
678
- gr.Markdown("All API keys are stored only in session memory, not persisted.")
679
  gr.Markdown("Get your API key from: https://huggingface.co/settings/tokens")
680
 
681
  api_key_input = gr.Textbox(
@@ -750,6 +768,8 @@ This AI agent specializes in automated vulnerability research and analysis, buil
750
  [api_key_input, max_steps_slider, session_state],
751
  [api_key_status]
752
  )
 
 
753
 
754
  text_input.submit(
755
  self.log_user_message,
@@ -826,7 +846,7 @@ This AI agent specializes in automated vulnerability research and analysis, buil
826
  # API Key Configuration Section for Mobile
827
  with gr.Accordion("πŸ”‘ API Configuration", open=False):
828
  gr.Markdown("**Configure your Hugging Face API Key**")
829
- gr.Markdown("Due to recent API changes, you need to provide your own Hugging Face API key to use this application.")
830
  gr.Markdown("Get your API key from: https://huggingface.co/settings/tokens")
831
 
832
  mobile_api_key_input = gr.Textbox(
@@ -878,6 +898,8 @@ This AI agent specializes in automated vulnerability research and analysis, buil
878
  [mobile_api_key_status]
879
  )
880
 
 
 
881
  # Mobile Example button events
882
  mobile_example_btn_1 = gr.Button("πŸ” MobaXterm 24.0 vulnerabilities", size="sm", variant="secondary")
883
  mobile_example_btn_2 = gr.Button("πŸ” Chrome 120.0.6099.109 security analysis", size="sm", variant="secondary")
 
309
  return message, "error"
310
 
311
  def interact_with_agent(self, prompt, messages, session_state):
312
+ # Clear any stale session data at the beginning
313
+ if "hf_token" in session_state and not session_state.get("hf_token"):
314
+ del session_state["hf_token"]
315
+ if "agent" in session_state and not session_state.get("agent"):
316
+ del session_state["agent"]
317
+
318
  # Get or create session-specific agent
319
  if "agent" not in session_state:
320
  # Check if we have a valid HF_TOKEN in session
 
439
 
440
  messages.append(msg)
441
  yield messages
442
+
443
+ # Clear sensitive data from session after interaction (AUTOMATIC)
444
+ if "hf_token" in session_state:
445
+ del session_state["hf_token"]
446
+ if "agent" in session_state:
447
+ del session_state["agent"]
448
+ if "HF_TOKEN" in os.environ:
449
+ del os.environ["HF_TOKEN"]
450
+ logger.info("Session automatically cleared after interaction")
451
+
452
  yield messages
453
  except Exception as e:
454
  logger.error(f"Error in interaction: {str(e)}")
 
477
  is_valid, message = validate_hf_api_key(token_to_use)
478
 
479
  if is_valid:
480
+ # Store HF_TOKEN in session state (but will be cleared after use)
481
  session_state["hf_token"] = token_to_use
482
  session_state["max_steps"] = max_steps
483
  logger.info(f"API key stored in session from {source}: {token_to_use[:10]}...")
 
499
  logger.warning(f"Invalid API key from {source}: {token_to_use[:10] if token_to_use else 'None'}...")
500
  return f"❌ Invalid API key from {source}: {message}"
501
 
502
+
503
+
504
  def upload_file(
505
  self,
506
  file,
 
693
  # API Key Configuration Section
694
  with gr.Accordion("πŸ”‘ API Configuration", open=False):
695
  gr.Markdown("**Configure your Hugging Face API Key**")
696
+ gr.Markdown("πŸ”’ **Security**: API keys are automatically cleared after each interaction for your privacy.")
697
  gr.Markdown("Get your API key from: https://huggingface.co/settings/tokens")
698
 
699
  api_key_input = gr.Textbox(
 
768
  [api_key_input, max_steps_slider, session_state],
769
  [api_key_status]
770
  )
771
+
772
+
773
 
774
  text_input.submit(
775
  self.log_user_message,
 
846
  # API Key Configuration Section for Mobile
847
  with gr.Accordion("πŸ”‘ API Configuration", open=False):
848
  gr.Markdown("**Configure your Hugging Face API Key**")
849
+ gr.Markdown("πŸ”’ **Security**: API keys are automatically cleared after each interaction for your privacy.")
850
  gr.Markdown("Get your API key from: https://huggingface.co/settings/tokens")
851
 
852
  mobile_api_key_input = gr.Textbox(
 
898
  [mobile_api_key_status]
899
  )
900
 
901
+
902
+
903
  # Mobile Example button events
904
  mobile_example_btn_1 = gr.Button("πŸ” MobaXterm 24.0 vulnerabilities", size="sm", variant="secondary")
905
  mobile_example_btn_2 = gr.Button("πŸ” Chrome 120.0.6099.109 security analysis", size="sm", variant="secondary")