Package io.codemodder.plugins.llm

Class SarifToLLMForBinaryVerificationAndFixingCodemod

java.lang.Object
io.codemodder.RawFileChanger
io.codemodder.SarifPluginRawFileChanger
io.codemodder.plugins.llm.SarifToLLMForBinaryVerificationAndFixingCodemod
All Implemented Interfaces:
io.codemodder.CodeChanger
public abstract class SarifToLLMForBinaryVerificationAndFixingCodemod extends io.codemodder.SarifPluginRawFileChanger
An extension of SarifPluginRawFileChanger that uses large language models (LLMs) to more deeply analyze and then fix the files found by the static analysis tool.

It has three phases:

  1. Use a SARIF file to find locations of interest for analysis
  2. Analyze the "threat" of the location found using a more inexpensive or faster model
  3. Using a more reliable (and more expensive model), confirm the finding and rewrite the code

  • Field Summary

    Fields inherited from class io.codemodder.RawFileChanger

    reporter

  • Constructor Summary

    Constructors
    Modifier
    Constructor
    Description
    protected
    SarifToLLMForBinaryVerificationAndFixingCodemod(io.codemodder.RuleSarif sarif, OpenAIService openAI)
     

  • Method Summary

    Modifier and Type
    Method
    Description
    protected abstract String
    getFixPrompt()
    Instructs the LLM on how to fix the threat.
    protected abstract String
    getThreatPrompt(io.codemodder.CodemodInvocationContext context, List<com.contrastsecurity.sarif.Result> results)
    Instructs the LLM on how to assess the risk of the threat.
    protected abstract boolean
    isPatchExpected(com.github.difflib.patch.Patch<String> patch)
    Returns whether the patch returned by the LLM is within the expectations of this codemod.
    io.codemodder.CodemodFileScanningResult
    onFileFound(io.codemodder.CodemodInvocationContext context, List<com.contrastsecurity.sarif.Result> results)
     

    Methods inherited from class io.codemodder.SarifPluginRawFileChanger

    visitFile

    Methods inherited from class io.codemodder.RawFileChanger

    getDescription, getIndividualChangeDescription, getReferences, getSummary

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    Methods inherited from interface io.codemodder.CodeChanger

    shouldRun

  • Constructor Details

    • SarifToLLMForBinaryVerificationAndFixingCodemod

      protected SarifToLLMForBinaryVerificationAndFixingCodemod(io.codemodder.RuleSarif sarif, OpenAIService openAI)

  • Method Details

    • onFileFound

      public io.codemodder.CodemodFileScanningResult onFileFound(io.codemodder.CodemodInvocationContext context, List<com.contrastsecurity.sarif.Result> results)
      Specified by:
      onFileFound in class io.codemodder.SarifPluginRawFileChanger

    • getThreatPrompt

      protected abstract String getThreatPrompt(io.codemodder.CodemodInvocationContext context, List<com.contrastsecurity.sarif.Result> results)
      Instructs the LLM on how to assess the risk of the threat.
      Returns:
      The prompt.

    • getFixPrompt

      protected abstract String getFixPrompt()
      Instructs the LLM on how to fix the threat.
      Returns:
      The prompt.

    • isPatchExpected

      protected abstract boolean isPatchExpected(com.github.difflib.patch.Patch<String> patch)
      Returns whether the patch returned by the LLM is within the expectations of this codemod.
      Returns:
      true if the patch is expected; otherwise, false.