Update app.py

app.py

@@ -4,16 +4,19 @@ import gradio as gr
 from datetime import datetime
 from transformers import pipeline
 
-# Initialize a question-answering pipeline (You can replace the model with any capable one)
+# Initialize a question-answering pipeline
 qa_pipeline = pipeline("question-answering", model="deepset/roberta-base-squad2")
 
 # Function to analyze each section with prompts
 def prompt_based_analysis(question, context):
-    response = qa_pipeline(question=question, context=context)
-    return response['answer']
+    try:
+        response = qa_pipeline(question=question, context=context)
+        return response['answer']
+    except Exception as e:
+        return f"Error analyzing data: {str(e)}"
 
 # Function to analyze audit data for GDPR compliance using prompts
-def analyze_data_for_gdpr(audit_data):
+def analyze_gdpr_compliance(audit_data):
     system_info_context = f"OS Version: {audit_data.get('os_version', 'Unknown')}, Architecture: {audit_data.get('architecture', 'Unknown')}, Memory: {audit_data.get('memory', 'Unknown')}"
     disk_usage_context = f"Disk Usage: {audit_data.get('disk_usage', {}).get('usage_percent', 'Unknown')}%"
     network_info_context = f"Interfaces: {', '.join(audit_data.get('network_info', {}).get('interfaces', []))}"
@@ -22,13 +25,14 @@ def analyze_data_for_gdpr(audit_data):
     software_inventory_context = f"Software Installed: {', '.join(audit_data.get('software_inventory', []))}"
 
     # Prompts for each section
-    system_info_analysis = prompt_based_analysis("Evaluate the system information in terms of GDPR compliance.", system_info_context)
-    disk_usage_analysis = prompt_based_analysis("Evaluate the disk usage with respect to GDPR regulations.", disk_usage_context)
-    network_info_analysis = prompt_based_analysis("Evaluate the network information in terms of GDPR compliance.", network_info_context)
-    security_measures_analysis = prompt_based_analysis("Evaluate the current security measures for compliance with GDPR.", security_measures_context)
-    processes_analysis = prompt_based_analysis("Evaluate the running processes for GDPR compliance.", processes_context)
-    software_inventory_analysis = prompt_based_analysis("Evaluate the installed software for GDPR compliance.", software_inventory_context)
-    
+    system_info_analysis = prompt_based_analysis("Evaluate the system information for GDPR compliance. Highlight any potential risks related to OS version, architecture, and memory.", system_info_context)
+    disk_usage_analysis = prompt_based_analysis("Evaluate the disk usage in terms of GDPR compliance. Discuss data storage practices, retention policies, and any storage-related risks.", disk_usage_context)
+    network_info_analysis = prompt_based_analysis("Evaluate the network interfaces in terms of GDPR compliance. Focus on potential risks related to network security and data transmission.", network_info_context)
+    security_measures_analysis = prompt_based_analysis("Assess the security measures for GDPR compliance, particularly encryption and data anonymization. Identify any weaknesses or gaps in data protection.", security_measures_context)
+    processes_analysis = prompt_based_analysis("Analyze the running processes for GDPR compliance. Identify potential vulnerabilities and risks related to the execution of unauthorized processes.", processes_context)
+    software_inventory_analysis = prompt_based_analysis("Evaluate the installed software for GDPR compliance. Highlight any outdated or vulnerable software that could pose risks.", software_inventory_context)
+    
+    # Findings organized by section
     findings = {
         "system_info": system_info_analysis,
         "disk_usage": disk_usage_analysis,
@@ -38,48 +42,34 @@ def analyze_data_for_gdpr(audit_data):
         "software_inventory": software_inventory_analysis,
     }
     
+    # Recommendations based on the findings
     recommendations = []
-    if 'encryption' not in security_measures_context.lower():
-        recommendations.append("Implement Encryption: Ensure that both stored and transmitted data are encrypted.")
-    if 'anonymization' not in security_measures_context.lower():
-        recommendations.append("Implement Data Anonymization: Ensure that sensitive data is anonymized during storage.")
+    if "Unknown" in system_info_context:
+        recommendations.append("Review System Information: Ensure that the OS, architecture, and memory configurations are well documented and up to date.")
     
-    return findings, recommendations
-
-# Function to analyze audit data for PCI compliance using prompts
-def analyze_data_for_pci(audit_data):
-    pci_security_context = f"Firewall: {audit_data.get('pci_security', {}).get('firewall', False)}, Antivirus: {audit_data.get('pci_security', {}).get('antivirus', False)}, Intrusion Detection: {audit_data.get('pci_security', {}).get('intrusion_detection', False)}"
-    card_data_security_context = f"Card Data Encryption: {audit_data.get('card_data_security', {}).get('encryption', False)}, Storage Protection: {audit_data.get('card_data_security', {}).get('storage_protection', False)}"
-    network_config_context = f"Network Configurations: {', '.join(audit_data.get('network_configurations', []))}"
+    if 'not encrypted' in security_measures_analysis.lower() or 'no encryption' in security_measures_analysis.lower():
+        recommendations.append("Implement Encryption: Ensure that both stored and transmitted data are encrypted.")
     
-    # Prompts for each section
-    pci_security_analysis = prompt_based_analysis("Evaluate the PCI security measures for compliance with PCI DSS.", pci_security_context)
-    card_data_security_analysis = prompt_based_analysis("Evaluate the card data security measures for PCI DSS compliance.", card_data_security_context)
-    network_config_analysis = prompt_based_analysis("Evaluate the network configurations for PCI DSS compliance.", network_config_context)
+    if 'not anonymized' in security_measures_analysis.lower():
+        recommendations.append("Implement Data Anonymization: Ensure that sensitive data is anonymized during storage.")
     
-    findings = {
-        "pci_security": pci_security_analysis,
-        "card_data_security": card_data_security_analysis,
-        "network_configurations": network_config_analysis,
-    }
+    if 'outdated' in software_inventory_analysis.lower() or 'vulnerable' in software_inventory_analysis.lower():
+        recommendations.append("Update Software: Ensure that all installed software is up to date and free from known vulnerabilities.")
     
-    recommendations = []
-    if 'firewall' not in pci_security_context.lower():
-        recommendations.append("Implement Firewall: Ensure that a firewall is in place to protect the network.")
-    if 'encryption' not in card_data_security_context.lower():
-        recommendations.append("Encrypt Card Data: Ensure all cardholder data is encrypted during storage and transmission.")
+    if 'vulnerable processes' in processes_analysis.lower() or 'unauthorized processes' in processes_analysis.lower():
+        recommendations.append("Review Running Processes: Regularly audit running processes and ensure that no unauthorized or vulnerable processes are running.")
     
     return findings, recommendations
 
 # Generate GDPR Compliance Report with advanced prompts for each section
 def generate_gdpr_report(audit_data, company_name="Company Name", system_name="System Name"):
-    findings, recommendations = analyze_data_for_gdpr(audit_data)
+    findings, recommendations = analyze_gdpr_compliance(audit_data)
     
-    report_content = """
+    report_content = f"""
     GDPR Compliance Evaluation Report
     
     Title: GDPR Compliance Evaluation Report
-    Date: {date}
+    Date: {datetime.now().strftime('%Y-%m-%d')}
     Prepared by: [Your Name]
     For: {company_name}
     
@@ -88,78 +78,36 @@ def generate_gdpr_report(audit_data, company_name="Company Name", system_name="S
     Based on the system audit and analysis of data handling processes, this report provides findings, identifies compliance gaps,
     and suggests recommendations to enhance GDPR adherence.
     
-    Findings:
+    Key Findings:
+    
     System Information Analysis:
-    {system_info}
+    {findings['system_info']}
     
     Disk Usage Analysis:
-    {disk_usage}
+    {findings['disk_usage']}
     
     Network Info Analysis:
-    {network_info}
+    {findings['network_info']}
     
     Security Measures Analysis:
-    {security_measures}
+    {findings['security_measures']}
     
     Running Processes Analysis:
-    {running_processes}
+    {findings['running_processes']}
     
     Software Inventory Analysis:
-    {software_inventory}
+    {findings['software_inventory']}
     
     Recommendations:
-    {recommendations}
-    """.format(
-        date=datetime.now().strftime('%Y-%m-%d'),
-        company_name=company_name,
-        system_info=findings['system_info'],
-        disk_usage=findings['disk_usage'],
-        network_info=findings['network_info'],
-        security_measures=findings['security_measures'],
-        running_processes=findings['running_processes'],
-        software_inventory=findings['software_inventory'],
-        recommendations=''.join(f'- {rec}\n' for rec in recommendations)
-    )
+    {''.join(f'- {rec}\n' for rec in recommendations)}
     
-    return report_content
-
-# Generate PCI Compliance Report with advanced prompts for each section
-def generate_pci_report(audit_data, company_name="Company Name", system_name="System Name"):
-    findings, recommendations = analyze_data_for_pci(audit_data)
+    Conclusion:
+    The analysis shows that while {company_name} has some strong protective measures in place, there are several areas for improvement. Implementing the suggested recommendations will enhance {company_name}'s compliance with GDPR and reduce potential risks of non-compliance.
     
-    report_content = """
-    PCI Compliance Evaluation Report
-    
-    Title: PCI Compliance Evaluation Report
-    Date: {date}
-    Prepared by: [Your Name]
-    For: {company_name}
-    
-    Executive Summary:
-    This report evaluates the compliance of {company_name} with the Payment Card Industry Data Security Standard (PCI DSS).
-    Based on the system audit and analysis of data handling processes, this report provides findings, identifies compliance gaps,
-    and suggests recommendations to enhance PCI DSS adherence.
-    
-    Findings:
-    PCI Security Measures Analysis:
-    {pci_security}
-    
-    Card Data Security Analysis:
-    {card_data_security}
-    
-    Network Configurations Analysis:
-    {network_configurations}
-    
-    Recommendations:
-    {recommendations}
-    """.format(
-        date=datetime.now().strftime('%Y-%m-%d'),
-        company_name=company_name,
-        pci_security=findings['pci_security'],
-        card_data_security=findings['card_data_security'],
-        network_configurations=findings['network_configurations'],
-        recommendations=''.join(f'- {rec}\n' for rec in recommendations)
-    )
+    References:
+    - GDPR Regulation (EU) 2016/679
+    - System Audit Report, {datetime.now().strftime('%Y-%m-%d')}
+    """
     
     return report_content
 
@@ -188,20 +136,18 @@ with gr.Blocks() as demo:
         csv_file = gr.File(label="Upload CSV file")
         
         gdpr_compliance = gr.Textbox(lines=10, placeholder="GDPR Compliance Analysis...", label="GDPR Compliance Analysis")
-        pci_compliance = gr.Textbox(lines=10, placeholder="PCI Compliance Analysis...", label="PCI Compliance Analysis")
         
         def run_compliance_checks(csv_file):
             if csv_file is None:
-                return "No file uploaded", "No file uploaded"
+                return "No file uploaded"
             audit_data = analyze_csv_file(csv_file)
             gdpr_report = generate_gdpr_report(audit_data)
-            pci_report = generate_pci_report(audit_data)
-            return gdpr_report, pci_report
+            return gdpr_report
         
         check_compliance_btn = gr.Button("Run Compliance Checks")
-        check_compliance_btn.click(run_compliance_checks, inputs=[csv_file], outputs=[gdpr_compliance, pci_compliance])
+        check_compliance_btn.click(run_compliance_checks, inputs=[csv_file], outputs=[gdpr_compliance])
         
         clear_btn = gr.Button("Clear")
-        clear_btn.click(lambda: ("", ""), None, [gdpr_compliance, pci_compliance])
+        clear_btn.click(lambda: "", None, [gdpr_compliance])
 
 demo.launch(share=True)