strix-agent 0.4.0__py3-none-any.whl → 0.6.2__py3-none-any.whl

strix/tools/registry.py

@@ -7,9 +7,14 @@ from inspect import signature
 from pathlib import Path
 from typing import Any
 
+import defusedxml.ElementTree as DefusedET
+
+from strix.utils.resource_paths import get_strix_resource_path
+
 
 tools: list[dict[str, Any]] = []
 _tools_by_name: dict[str, Callable[..., Any]] = {}
+_tool_param_schemas: dict[str, dict[str, Any]] = {}
 logger = logging.getLogger(__name__)
 
 
@@ -23,17 +28,17 @@ class ImplementedInClientSideOnlyError(Exception):
 
 
 def _process_dynamic_content(content: str) -> str:
-    if "{{DYNAMIC_MODULES_DESCRIPTION}}" in content:
+    if "{{DYNAMIC_SKILLS_DESCRIPTION}}" in content:
         try:
-            from strix.prompts import generate_modules_description
+            from strix.skills import generate_skills_description
 
-            modules_description = generate_modules_description()
-            content = content.replace("{{DYNAMIC_MODULES_DESCRIPTION}}", modules_description)
+            skills_description = generate_skills_description()
+            content = content.replace("{{DYNAMIC_SKILLS_DESCRIPTION}}", skills_description)
         except ImportError:
-            logger.warning("Could not import prompts utilities for dynamic schema generation")
+            logger.warning("Could not import skills utilities for dynamic schema generation")
             content = content.replace(
-                "{{DYNAMIC_MODULES_DESCRIPTION}}",
-                "List of prompt modules to load for this agent (max 5). Module discovery failed.",
+                "{{DYNAMIC_SKILLS_DESCRIPTION}}",
+                "List of skills to load for this agent (max 5). Skill discovery failed.",
             )
 
     return content
@@ -82,6 +87,34 @@ def _load_xml_schema(path: Path) -> Any:
         return tools_dict
 
 
+def _parse_param_schema(tool_xml: str) -> dict[str, Any]:
+    params: set[str] = set()
+    required: set[str] = set()
+
+    params_start = tool_xml.find("<parameters>")
+    params_end = tool_xml.find("</parameters>")
+
+    if params_start == -1 or params_end == -1:
+        return {"params": set(), "required": set(), "has_params": False}
+
+    params_section = tool_xml[params_start : params_end + len("</parameters>")]
+
+    try:
+        root = DefusedET.fromstring(params_section)
+    except DefusedET.ParseError:
+        return {"params": set(), "required": set(), "has_params": False}
+
+    for param in root.findall(".//parameter"):
+        name = param.attrib.get("name")
+        if not name:
+            continue
+        params.add(name)
+        if param.attrib.get("required", "false").lower() == "true":
+            required.add(name)
+
+    return {"params": params, "required": required, "has_params": bool(params or required)}
+
+
 def _get_module_name(func: Callable[..., Any]) -> str:
     module = inspect.getmodule(func)
     if not module:
@@ -95,6 +128,27 @@ def _get_module_name(func: Callable[..., Any]) -> str:
     return "unknown"
 
 
+def _get_schema_path(func: Callable[..., Any]) -> Path | None:
+    module = inspect.getmodule(func)
+    if not module or not module.__name__:
+        return None
+
+    module_name = module.__name__
+
+    if ".tools." not in module_name:
+        return None
+
+    parts = module_name.split(".tools.")[-1].split(".")
+    if len(parts) < 2:
+        return None
+
+    folder = parts[0]
+    file_stem = parts[1]
+    schema_file = f"{file_stem}_schema.xml"
+
+    return get_strix_resource_path("tools", folder, schema_file)
+
+
 def register_tool(
     func: Callable[..., Any] | None = None, *, sandbox_execution: bool = True
 ) -> Callable[..., Any]:
@@ -109,11 +163,8 @@ def register_tool(
         sandbox_mode = os.getenv("STRIX_SANDBOX_MODE", "false").lower() == "true"
         if not sandbox_mode:
             try:
-                module_path = Path(inspect.getfile(f))
-                schema_file_name = f"{module_path.stem}_schema.xml"
-                schema_path = module_path.parent / schema_file_name
-
-                xml_tools = _load_xml_schema(schema_path)
+                schema_path = _get_schema_path(f)
+                xml_tools = _load_xml_schema(schema_path) if schema_path else None
 
                 if xml_tools is not None and f.__name__ in xml_tools:
                     func_dict["xml_schema"] = xml_tools[f.__name__]
@@ -131,6 +182,11 @@ def register_tool(
                     "</tool>"
                 )
 
+        if not sandbox_mode:
+            xml_schema = func_dict.get("xml_schema")
+            param_schema = _parse_param_schema(xml_schema if isinstance(xml_schema, str) else "")
+            _tool_param_schemas[str(func_dict["name"])] = param_schema
+
         tools.append(func_dict)
         _tools_by_name[str(func_dict["name"])] = f
 
@@ -153,6 +209,10 @@ def get_tool_names() -> list[str]:
     return list(_tools_by_name.keys())
 
 
+def get_tool_param_schema(name: str) -> dict[str, Any] | None:
+    return _tool_param_schemas.get(name)
+
+
 def needs_agent_state(tool_name: str) -> bool:
     tool_func = get_tool_by_name(tool_name)
     if not tool_func:
@@ -194,3 +254,4 @@ def get_tools_prompt() -> str:
 def clear_registry() -> None:
     tools.clear()
     _tools_by_name.clear()
+    _tool_param_schemas.clear()

strix/tools/reporting/reporting_actions.py

@@ -3,61 +3,248 @@ from typing import Any
 from strix.tools.registry import register_tool
 
 
+def calculate_cvss_and_severity(
+    attack_vector: str,
+    attack_complexity: str,
+    privileges_required: str,
+    user_interaction: str,
+    scope: str,
+    confidentiality: str,
+    integrity: str,
+    availability: str,
+) -> tuple[float, str, str]:
+    try:
+        from cvss import CVSS3
+
+        vector = (
+            f"CVSS:3.1/AV:{attack_vector}/AC:{attack_complexity}/"
+            f"PR:{privileges_required}/UI:{user_interaction}/S:{scope}/"
+            f"C:{confidentiality}/I:{integrity}/A:{availability}"
+        )
+
+        c = CVSS3(vector)
+        scores = c.scores()
+        severities = c.severities()
+
+        base_score = scores[0]
+        base_severity = severities[0]
+
+        severity = base_severity.lower()
+
+    except Exception:
+        import logging
+
+        logging.exception("Failed to calculate CVSS")
+        return 7.5, "high", ""
+    else:
+        return base_score, severity, vector
+
+
+def _validate_required_fields(**kwargs: str | None) -> list[str]:
+    validation_errors: list[str] = []
+
+    required_fields = {
+        "title": "Title cannot be empty",
+        "description": "Description cannot be empty",
+        "impact": "Impact cannot be empty",
+        "target": "Target cannot be empty",
+        "technical_analysis": "Technical analysis cannot be empty",
+        "poc_description": "PoC description cannot be empty",
+        "poc_script_code": "PoC script/code is REQUIRED - provide the actual exploit/payload",
+        "remediation_steps": "Remediation steps cannot be empty",
+    }
+
+    for field_name, error_msg in required_fields.items():
+        value = kwargs.get(field_name)
+        if not value or not str(value).strip():
+            validation_errors.append(error_msg)
+
+    return validation_errors
+
+
+def _validate_cvss_parameters(**kwargs: str) -> list[str]:
+    validation_errors: list[str] = []
+
+    cvss_validations = {
+        "attack_vector": ["N", "A", "L", "P"],
+        "attack_complexity": ["L", "H"],
+        "privileges_required": ["N", "L", "H"],
+        "user_interaction": ["N", "R"],
+        "scope": ["U", "C"],
+        "confidentiality": ["N", "L", "H"],
+        "integrity": ["N", "L", "H"],
+        "availability": ["N", "L", "H"],
+    }
+
+    for param_name, valid_values in cvss_validations.items():
+        value = kwargs.get(param_name)
+        if value not in valid_values:
+            validation_errors.append(
+                f"Invalid {param_name}: {value}. Must be one of: {valid_values}"
+            )
+
+    return validation_errors
+
+
 @register_tool(sandbox_execution=False)
 def create_vulnerability_report(
     title: str,
-    content: str,
-    severity: str,
+    description: str,
+    impact: str,
+    target: str,
+    technical_analysis: str,
+    poc_description: str,
+    poc_script_code: str,
+    remediation_steps: str,
+    # CVSS Breakdown Components
+    attack_vector: str,
+    attack_complexity: str,
+    privileges_required: str,
+    user_interaction: str,
+    scope: str,
+    confidentiality: str,
+    integrity: str,
+    availability: str,
+    # Optional fields
+    endpoint: str | None = None,
+    method: str | None = None,
+    cve: str | None = None,
+    code_file: str | None = None,
+    code_before: str | None = None,
+    code_after: str | None = None,
+    code_diff: str | None = None,
 ) -> dict[str, Any]:
-    validation_error = None
-    if not title or not title.strip():
-        validation_error = "Title cannot be empty"
-    elif not content or not content.strip():
-        validation_error = "Content cannot be empty"
-    elif not severity or not severity.strip():
-        validation_error = "Severity cannot be empty"
-    else:
-        valid_severities = ["critical", "high", "medium", "low", "info"]
-        if severity.lower() not in valid_severities:
-            validation_error = (
-                f"Invalid severity '{severity}'. Must be one of: {', '.join(valid_severities)}"
-            )
+    validation_errors = _validate_required_fields(
+        title=title,
+        description=description,
+        impact=impact,
+        target=target,
+        technical_analysis=technical_analysis,
+        poc_description=poc_description,
+        poc_script_code=poc_script_code,
+        remediation_steps=remediation_steps,
+    )
+
+    validation_errors.extend(
+        _validate_cvss_parameters(
+            attack_vector=attack_vector,
+            attack_complexity=attack_complexity,
+            privileges_required=privileges_required,
+            user_interaction=user_interaction,
+            scope=scope,
+            confidentiality=confidentiality,
+            integrity=integrity,
+            availability=availability,
+        )
+    )
+
+    if validation_errors:
+        return {"success": False, "message": "Validation failed", "errors": validation_errors}
 
-    if validation_error:
-        return {"success": False, "message": validation_error}
+    cvss_score, severity, cvss_vector = calculate_cvss_and_severity(
+        attack_vector,
+        attack_complexity,
+        privileges_required,
+        user_interaction,
+        scope,
+        confidentiality,
+        integrity,
+        availability,
+    )
 
     try:
         from strix.telemetry.tracer import get_global_tracer
 
         tracer = get_global_tracer()
         if tracer:
+            from strix.llm.dedupe import check_duplicate
+
+            existing_reports = tracer.get_existing_vulnerabilities()
+
+            candidate = {
+                "title": title,
+                "description": description,
+                "impact": impact,
+                "target": target,
+                "technical_analysis": technical_analysis,
+                "poc_description": poc_description,
+                "poc_script_code": poc_script_code,
+                "endpoint": endpoint,
+                "method": method,
+            }
+
+            dedupe_result = check_duplicate(candidate, existing_reports)
+
+            if dedupe_result.get("is_duplicate"):
+                duplicate_id = dedupe_result.get("duplicate_id", "")
+
+                duplicate_title = ""
+                for report in existing_reports:
+                    if report.get("id") == duplicate_id:
+                        duplicate_title = report.get("title", "Unknown")
+                        break
+
+                return {
+                    "success": False,
+                    "message": (
+                        f"Potential duplicate of '{duplicate_title}' "
+                        f"(id={duplicate_id[:8]}...). Do not re-report the same vulnerability."
+                    ),
+                    "duplicate_of": duplicate_id,
+                    "duplicate_title": duplicate_title,
+                    "confidence": dedupe_result.get("confidence", 0.0),
+                    "reason": dedupe_result.get("reason", ""),
+                }
+
+            cvss_breakdown = {
+                "attack_vector": attack_vector,
+                "attack_complexity": attack_complexity,
+                "privileges_required": privileges_required,
+                "user_interaction": user_interaction,
+                "scope": scope,
+                "confidentiality": confidentiality,
+                "integrity": integrity,
+                "availability": availability,
+            }
+
             report_id = tracer.add_vulnerability_report(
                 title=title,
-                content=content,
+                description=description,
                 severity=severity,
+                impact=impact,
+                target=target,
+                technical_analysis=technical_analysis,
+                poc_description=poc_description,
+                poc_script_code=poc_script_code,
+                remediation_steps=remediation_steps,
+                cvss=cvss_score,
+                cvss_breakdown=cvss_breakdown,
+                endpoint=endpoint,
+                method=method,
+                cve=cve,
+                code_file=code_file,
+                code_before=code_before,
+                code_after=code_after,
+                code_diff=code_diff,
             )
 
             return {
                 "success": True,
                 "message": f"Vulnerability report '{title}' created successfully",
                 "report_id": report_id,
-                "severity": severity.lower(),
+                "severity": severity,
+                "cvss_score": cvss_score,
             }
+
         import logging
 
-        logging.warning("Global tracer not available - vulnerability report not stored")
+        logging.warning("Current tracer not available - vulnerability report not stored")
 
-        return {  # noqa: TRY300
-            "success": True,
-            "message": f"Vulnerability report '{title}' created successfully (not persisted)",
-            "warning": "Report could not be persisted - tracer unavailable",
-        }
-
-    except ImportError:
+    except (ImportError, AttributeError) as e:
+        return {"success": False, "message": f"Failed to create vulnerability report: {e!s}"}
+    else:
         return {
             "success": True,
-            "message": f"Vulnerability report '{title}' created successfully (not persisted)",
-            "warning": "Report could not be persisted - tracer module unavailable",
+            "message": f"Vulnerability report '{title}' created (not persisted)",
+            "warning": "Report could not be persisted - tracer unavailable",
         }
-    except (ValueError, TypeError) as e:
-        return {"success": False, "message": f"Failed to create vulnerability report: {e!s}"}