Package io.codemodder.plugins.llm

Class SarifToLLMForBinaryVerificationAndFixingCodemod

java.lang.Object

io.codemodder.RawFileChanger

io.codemodder.SarifPluginRawFileChanger

io.codemodder.plugins.llm.SarifPluginLLMCodemod

io.codemodder.plugins.llm.SarifToLLMForBinaryVerificationAndFixingCodemod

All Implemented Interfaces:

io.codemodder.CodeChanger

public abstract class SarifToLLMForBinaryVerificationAndFixingCodemod
extends SarifPluginLLMCodemod

An extension of SarifPluginRawFileChanger that uses large language models (LLMs) to more deeply analyze and then fix the files found by the static analysis tool.

It has three phases:

1. Use a SARIF file to find locations of interest for analysis
2. Analyze the "threat" of the location found using a more inexpensive or faster model
3. Using a more reliable (and more expensive model), confirm the finding and rewrite the code

Field Summary

Fields inherited from class io.codemodder.plugins.llm.SarifPluginLLMCodemod

openAI

Fields inherited from class io.codemodder.RawFileChanger

reporter

Constructor Summary

Constructors

Modifier	Constructor	Description
protected	SarifToLLMForBinaryVerificationAndFixingCodemod(io.codemodder.RuleSarif sarif, OpenAIService openAI)	For backwards compatibility with a previous version of this API, uses a GPT 3.5 Turbo model.
protected	SarifToLLMForBinaryVerificationAndFixingCodemod(io.codemodder.RuleSarif sarif, OpenAIService openAI, Model model)

Method Summary

Modifier and Type	Method	Description
protected abstract String	getFixPrompt()	Instructs the LLM on how to fix the threat.
protected abstract String	getThreatPrompt(io.codemodder.CodemodInvocationContext context, List<com.contrastsecurity.sarif.Result> results)	Instructs the LLM on how to assess the risk of the threat.
protected abstract boolean	isPatchExpected(com.github.difflib.patch.Patch<String> patch)	Returns whether the patch returned by the LLM is within the expectations of this codemod.
io.codemodder.CodemodFileScanningResult	onFileFound(io.codemodder.CodemodInvocationContext context, List<com.contrastsecurity.sarif.Result> results)

Methods inherited from class io.codemodder.plugins.llm.SarifPluginLLMCodemod

shouldRun

Methods inherited from class io.codemodder.SarifPluginRawFileChanger

visitFile

Methods inherited from class io.codemodder.RawFileChanger

getDescription, getIndividualChangeDescription, getReferences, getSummary

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

SarifToLLMForBinaryVerificationAndFixingCodemod

protected SarifToLLMForBinaryVerificationAndFixingCodemod(io.codemodder.RuleSarif sarif,
 OpenAIService openAI,
 Model model)

SarifToLLMForBinaryVerificationAndFixingCodemod

protected SarifToLLMForBinaryVerificationAndFixingCodemod(io.codemodder.RuleSarif sarif,
 OpenAIService openAI)

For backwards compatibility with a previous version of this API, uses a GPT 3.5 Turbo model.

Method Details

onFileFound

public io.codemodder.CodemodFileScanningResult onFileFound(io.codemodder.CodemodInvocationContext context,
 List<com.contrastsecurity.sarif.Result> results)

Specified by:

onFileFound in class io.codemodder.SarifPluginRawFileChanger

getThreatPrompt

protected abstract String getThreatPrompt(io.codemodder.CodemodInvocationContext context,
 List<com.contrastsecurity.sarif.Result> results)

Instructs the LLM on how to assess the risk of the threat.

Returns:

The prompt.

getFixPrompt

protected abstract String getFixPrompt()

Instructs the LLM on how to fix the threat.

Returns:

The prompt.

isPatchExpected

protected abstract boolean isPatchExpected(com.github.difflib.patch.Patch<String> patch)

Returns whether the patch returned by the LLM is within the expectations of this codemod.

Returns:

true if the patch is expected; otherwise, false.