Package io.codemodder.plugins.llm

Class SarifToLLMForMultiOutcomeCodemod

java.lang.Object
io.codemodder.RawFileChanger
io.codemodder.SarifPluginRawFileChanger
io.codemodder.plugins.llm.SarifToLLMForMultiOutcomeCodemod
All Implemented Interfaces:
io.codemodder.CodeChanger
public abstract class SarifToLLMForMultiOutcomeCodemod extends io.codemodder.SarifPluginRawFileChanger
An extension of SarifPluginRawFileChanger that uses large language models (LLMs) to perform some analysis and categorize what's found to drive different potential code changes.

The inspiration for this type was the "remediate something found by tool X" use case. For example, if a tool cites a vulnerability on a given line, we may want to take any of the following actions:

  • Fix the identified issue by doing A
  • Fix the identified issue by doing B
  • Add a suppression comment to the given line since it's likely a false positive
  • Refactor the code so it doesn't trip the rule anymore, without actually "fixing it"
  • Do nothing, since the LLM can't determine which case the code is

To accomplish that, we need the analysis to "bucket" the code into one of the above categories.

  • Field Summary

    Fields inherited from class io.codemodder.RawFileChanger

    reporter

  • Constructor Summary

    Constructors
    Modifier
    Constructor
    Description
    protected
    SarifToLLMForMultiOutcomeCodemod(io.codemodder.RuleSarif sarif, OpenAIService openAI, List<LLMRemediationOutcome> remediationOutcomes)
     
    protected
    SarifToLLMForMultiOutcomeCodemod(io.codemodder.RuleSarif sarif, OpenAIService openAI, List<LLMRemediationOutcome> remediationOutcomes, Model categorizationModel, Model codeChangingModel)
     

  • Method Summary

    Modifier and Type
    Method
    Description
    protected io.codemodder.CodemodChange
    createCodemodChange(com.contrastsecurity.sarif.Result result, int line, String fixDescription)
    Create a CodemodChange from the given code change data.
    protected abstract String
    getThreatPrompt()
    Instructs the LLM on how to assess the risk of the threat.
    io.codemodder.CodemodFileScanningResult
    onFileFound(io.codemodder.CodemodInvocationContext context, List<com.contrastsecurity.sarif.Result> results)
     

    Methods inherited from class io.codemodder.SarifPluginRawFileChanger

    visitFile

    Methods inherited from class io.codemodder.RawFileChanger

    getDescription, getIndividualChangeDescription, getReferences, getSummary

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    Methods inherited from interface io.codemodder.CodeChanger

    shouldRun

  • Constructor Details

  • Method Details

    • onFileFound

      public io.codemodder.CodemodFileScanningResult onFileFound(io.codemodder.CodemodInvocationContext context, List<com.contrastsecurity.sarif.Result> results)
      Specified by:
      onFileFound in class io.codemodder.SarifPluginRawFileChanger

    • createCodemodChange

      protected io.codemodder.CodemodChange createCodemodChange(com.contrastsecurity.sarif.Result result, int line, String fixDescription)
      Create a CodemodChange from the given code change data.
      Parameters:
      line - the line number of the change
      fixDescription - the description of the change

    • getThreatPrompt

      protected abstract String getThreatPrompt()
      Instructs the LLM on how to assess the risk of the threat.
      Returns:
      The prompt.