Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: pixee/codemodder-python
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 3.3.0
Choose a base ref
...
head repository: pixee/codemodder-python
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: main
Choose a head ref

Commits on Oct 21, 2024

  1. Update pre-commit hooks (#887)

    chore: update pre-commit hooks
    
    Co-authored-by: drdavella <2458487+drdavella@users.noreply.github.com>
    github-actions[bot] and drdavella authored Oct 21, 2024

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature.
    Copy the full SHA
    6dee00a View commit details
  2. Update dependency types-wtforms to v3.2.0.20241021 (#888)

    Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
    renovate[bot] authored Oct 21, 2024
    Copy the full SHA
    ce85751 View commit details

Commits on Oct 23, 2024

  1. Update dependency types-wtforms to v3.2.1.20241023 (#889)

    Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
    renovate[bot] authored Oct 23, 2024
    Copy the full SHA
    94fe80a View commit details

Commits on Oct 24, 2024

  1. Update dependency flask-wtf to v1.2.2 (#895)

    Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
    renovate[bot] authored Oct 24, 2024
    Copy the full SHA
    ff9bd52 View commit details

Commits on Oct 25, 2024

  1. Update dependency types-wtforms to v3.2.1.20241025 (#896)

    Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
    renovate[bot] authored Oct 25, 2024
    Copy the full SHA
    0babf64 View commit details

Commits on Oct 28, 2024

  1. Update dependency semgrep to >=1.93,<1.94 (#892)

    Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
    renovate[bot] authored Oct 28, 2024
    Copy the full SHA
    9684200 View commit details
  2. Update pre-commit hooks (#893)

    chore: update pre-commit hooks
    
    Co-authored-by: drdavella <2458487+drdavella@users.noreply.github.com>
    github-actions[bot] and drdavella authored Oct 28, 2024
    Copy the full SHA
    de8f2ca View commit details

Commits on Oct 29, 2024

  1. Copy the full SHA
    e2c69d4 View commit details

Commits on Oct 31, 2024

  1. Update pytest-cov requirement from <5.1,>=4.1 to >=4.1,<6.1 (#900)

    Updates the requirements on [pytest-cov](https://github.com/pytest-dev/pytest-cov) to permit the latest version.
    - [Changelog](https://github.com/pytest-dev/pytest-cov/blob/master/CHANGELOG.rst)
    - [Commits](pytest-dev/pytest-cov@v4.1.0...v6.0.0)
    
    ---
    updated-dependencies:
    - dependency-name: pytest-cov
      dependency-type: direct:production
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    dependabot[bot] authored Oct 31, 2024
    Copy the full SHA
    2be26b0 View commit details
  2. Update dependency openai to >=1.53,<1.54 (#901)

    Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
    renovate[bot] authored Oct 31, 2024
    Copy the full SHA
    9721554 View commit details

Commits on Nov 1, 2024

  1. Update dependency semgrep to >=1.95,<1.96 (#902)

    Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
    renovate[bot] authored Nov 1, 2024
    Copy the full SHA
    65129f7 View commit details

Commits on Nov 4, 2024

  1. Copy the full SHA
    199d696 View commit details

Commits on Nov 5, 2024

  1. Do not configure logger in codemodder.run (#905)

    * Only set logger logging level, not global logging level
    
    * Do not configure logger in `codemodder.run`
    
    * Try using caplog context manager
    
    * Configure the logger directly in the test
    drdavella authored Nov 5, 2024
    Copy the full SHA
    f0d95cb View commit details

Commits on Nov 7, 2024

  1. Update dependency openai to >=1.54,<1.55 (#908)

    Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
    renovate[bot] authored Nov 7, 2024
    Copy the full SHA
    9cc1ce9 View commit details
  2. Update pre-commit hooks (#906)

    chore: update pre-commit hooks
    
    Co-authored-by: drdavella <2458487+drdavella@users.noreply.github.com>
    github-actions[bot] and drdavella authored Nov 7, 2024
    Copy the full SHA
    9b5df10 View commit details
  3. Copy the full SHA
    2b01972 View commit details

Commits on Nov 8, 2024

  1. Update dependency semgrep to >=1.96,<1.97 (#911)

    Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
    renovate[bot] authored Nov 8, 2024
    Copy the full SHA
    01fe140 View commit details

Commits on Nov 13, 2024

  1. Update pre-commit hooks (#913)

    Chore: update pre-commit hooks
    
    Co-authored-by: drdavella <2458487+drdavella@users.noreply.github.com>
    github-actions[bot] and drdavella authored Nov 13, 2024
    Copy the full SHA
    68b1653 View commit details

Commits on Nov 14, 2024

  1. Copy the full SHA
    4878ff0 View commit details

Commits on Nov 15, 2024

  1. Update codecov/codecov-action action to v5 (#915)

    Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
    renovate[bot] authored Nov 15, 2024
    Copy the full SHA
    293d03b View commit details

Commits on Nov 18, 2024

  1. Update dependency pyjwt to ~=2.10.0 (#918)

    Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
    renovate[bot] authored Nov 18, 2024
    Copy the full SHA
    0749d3f View commit details
  2. Update pre-commit hooks (#917)

    chore: update pre-commit hooks
    
    Co-authored-by: drdavella <2458487+drdavella@users.noreply.github.com>
    github-actions[bot] and drdavella authored Nov 18, 2024
    Copy the full SHA
    2cf33fd View commit details
  3. Copy the full SHA
    f00d4c0 View commit details

Commits on Nov 21, 2024

  1. Copy the full SHA
    7ebf129 View commit details

Commits on Nov 22, 2024

  1. Update dependency semgrep to >=1.97,<1.98 (#921)

    Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
    renovate[bot] authored Nov 22, 2024
    Copy the full SHA
    4f73e7f View commit details
  2. Update dependency openai to >=1.55,<1.56 (#923)

    Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
    renovate[bot] authored Nov 22, 2024
    Copy the full SHA
    39776ac View commit details
  3. Avoid duplicate findings from multiple sarif files (#927)

    * Add example CodeQL SARIF file
    
    * Prevent duplicate findings from multiple sarif files
    
    * Account for frozen datatypes when updating finding metadata
    
    * Avoid warnings when running test pipeline
    drdavella authored Nov 22, 2024
    Copy the full SHA
    7e5a741 View commit details
  4. Update dependency pydantic to ~=2.10.1 (#924)

    Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
    renovate[bot] authored Nov 22, 2024
    Copy the full SHA
    fe93b4c View commit details

Commits on Nov 25, 2024

  1. Update dependency wrapt to ~=1.17.0 (#928)

    Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
    renovate[bot] authored Nov 25, 2024
    Copy the full SHA
    48734f7 View commit details
  2. Update boltons requirement from ~=21.0.0 to >=21.0,<24.2 (#931)

    Updates the requirements on [boltons](https://github.com/mahmoud/boltons) to permit the latest version.
    - [Release notes](https://github.com/mahmoud/boltons/releases)
    - [Changelog](https://github.com/mahmoud/boltons/blob/master/CHANGELOG.md)
    - [Commits](mahmoud/boltons@21.0.0...24.1.0)
    
    ---
    updated-dependencies:
    - dependency-name: boltons
      dependency-type: direct:production
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    dependabot[bot] authored Nov 25, 2024
    Copy the full SHA
    eae284b View commit details

Commits on Nov 26, 2024

  1. Copy the full SHA
    4109358 View commit details
  2. Update pre-commit hooks (#930)

    chore: update pre-commit hooks
    
    Co-authored-by: drdavella <2458487+drdavella@users.noreply.github.com>
    github-actions[bot] and drdavella authored Nov 26, 2024
    Copy the full SHA
    5b8ef32 View commit details

Commits on Dec 3, 2024

  1. Update dependency openai to >=1.56,<1.57 (#936)

    Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
    renovate[bot] authored Dec 3, 2024
    Copy the full SHA
    7d09566 View commit details
  2. Update pre-commit hooks (#934)

    chore: update pre-commit hooks
    
    Co-authored-by: drdavella <2458487+drdavella@users.noreply.github.com>
    github-actions[bot] and drdavella authored Dec 3, 2024
    Copy the full SHA
    e257a0c View commit details
  3. CodeQL: use "correlationGuid" for finding ID (#937)

    CodeQL: use "correlationGuid" for rule ID
    drdavella authored Dec 3, 2024
    Copy the full SHA
    7f19192 View commit details
  4. Semgrep and codeql finding ids (#939)

    * Move finding ID to SARIF base class
    
    * Include codeflows when filtering applicable findings
    drdavella authored Dec 3, 2024
    Copy the full SHA
    a91d084 View commit details

Commits on Dec 4, 2024

  1. store sarif tool data (#943)

    * store sarif tool data
    
    * apparently we do need init
    clavedeluna authored Dec 4, 2024
    Copy the full SHA
    95bd4b2 View commit details
  2. Update fixed findings metadata to align with CodeTF spec (#941)

    * Update Change.findings => fixedFindings to conform to spec
    
    * Add fixedFindings to ChangeSet per spec
    
    * Fix logic for gathering fixed findings
    drdavella authored Dec 4, 2024
    Copy the full SHA
    5754512 View commit details

Commits on Dec 5, 2024

  1. Copy the full SHA
    fa1f3d6 View commit details
  2. ResultSet or behavior needs update for storing tools (#944)

    * correctly or result
    
    * only add if tool is present
    clavedeluna authored Dec 5, 2024
    Copy the full SHA
    22ea9ac View commit details

Commits on Dec 6, 2024

  1. Update dependency openai to >=1.57,<1.58 (#945)

    Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
    renovate[bot] authored Dec 6, 2024
    Copy the full SHA
    2ad12d2 View commit details
  2. Update dependency semgrep to >=1.99,<1.100 (#946)

    Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
    renovate[bot] authored Dec 6, 2024
    Copy the full SHA
    d0be8fb View commit details

Commits on Dec 18, 2024

  1. Finding ID is optional according to the spec (#959)

    * Finding ID is optional according to the spec
    
    * xfail CLI test
    drdavella authored Dec 18, 2024
    Copy the full SHA
    b4d64d7 View commit details

Commits on Dec 20, 2024

  1. Copy the full SHA
    8d0af71 View commit details
Showing with 783 additions and 495 deletions.
  1. +1 −1 .github/workflows/test.yml
  2. +2 −2 .pre-commit-config.yaml
  3. +11 −9 pyproject.toml
  4. +6 −15 src/codemodder/codemodder.py
  5. +1 −1 src/codemodder/codemods/imported_call_modifier.py
  6. +4 −2 src/codemodder/codemods/libcst_transformer.py
  7. +5 −3 src/codemodder/codemods/regex_transformer.py
  8. +1 −1 src/codemodder/codemods/test/utils.py
  9. +6 −4 src/codemodder/codemods/xml_transformer.py
  10. +5 −24 src/codemodder/codeql.py
  11. +57 −5 src/codemodder/codetf.py
  12. +5 −2 src/codemodder/context.py
  13. +12 −5 src/codemodder/file_context.py
  14. +1 −1 src/codemodder/llm.py
  15. +1 −1 src/codemodder/logging.py
  16. +16 −0 src/codemodder/registry.py
  17. +81 −32 src/codemodder/result.py
  18. +0 −11 src/codemodder/sarifs.py
  19. +4 −25 src/codemodder/semgrep.py
  20. +1 −1 src/codemodder/utils/abc_dataclass.py
  21. +18 −7 src/codemodder/utils/update_finding_metadata.py
  22. +1 −1 src/core_codemods/defectdojo/results.py
  23. +1 −1 src/core_codemods/file_resource_leak.py
  24. +11 −6 src/core_codemods/sonar/results.py
  25. +12 −12 tests/codemods/defectdojo/semgrep/test_avoid_insecure_deserialization.py
  26. +3 −3 tests/codemods/defectdojo/semgrep/test_django_secure_set_cookie.py
  27. +3 −1 tests/codemods/semgrep/test_semgrep_sql_parametrization.py
  28. +4 −4 tests/codemods/sonar/test_sonar_django_json_response_type.py
  29. +2 −2 tests/codemods/sonar/test_sonar_django_receiver_on_top.py
  30. +3 −3 tests/codemods/sonar/test_sonar_fix_assert_tuple.py
  31. +1 −1 tests/codemods/sonar/test_sonar_remove_assertion_in_pytest_raises.py
  32. +1 −0 tests/samples/codeql/python/vulnerable-code-snippets.json
  33. +1 −0 tests/test_cli.py
  34. +293 −268 tests/test_codeql.py
  35. +37 −0 tests/test_codetf.py
  36. +55 −0 tests/test_context.py
  37. +32 −30 tests/test_regex_transformer.py
  38. +26 −1 tests/test_registry.py
  39. +14 −8 tests/test_sarif_processing.py
  40. +2 −2 tests/test_sonar_results.py
  41. +43 −0 tests/test_update_finding_metadata.py
2 changes: 1 addition & 1 deletion .github/workflows/test.yml
Original file line number Diff line number Diff line change
@@ -78,6 +78,6 @@ jobs:
- name: Run unit tests
run: make test
- name: Upload coverage reports to Codecov
uses: codecov/codecov-action@v4
uses: codecov/codecov-action@v5
env:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
4 changes: 2 additions & 2 deletions .pre-commit-config.yaml
Original file line number Diff line number Diff line change
@@ -27,7 +27,7 @@ repos:
tests/samples/.*|
)$
- repo: https://github.com/pre-commit/mirrors-mypy
rev: v1.12.0
rev: v1.13.0
hooks:
- id: mypy
exclude: |
@@ -45,7 +45,7 @@ repos:
"types-requests~=2.13",
]
- repo: https://github.com/astral-sh/ruff-pre-commit
rev: v0.7.0
rev: v0.8.1
hooks:
- id: ruff
exclude: tests/samples/
20 changes: 11 additions & 9 deletions pyproject.toml
Original file line number Diff line number Diff line change
@@ -11,18 +11,19 @@ readme = "README.md"
license = {file = "LICENSE"}
description = "A pluggable framework for building codemods in Python"
dependencies = [
"boltons>=21.0,<24.2",
"GitPython<4",
"isort>=5.12,<5.14",
"libcst>=1.1,<1.6",
"packaging>=23.2,<25.0",
"pydantic~=2.9.0",
"pydantic~=2.10.1",
"pylint>=3.3,<3.4",
"python-json-logger~=2.0.0",
"PyYAML~=6.0.0",
"semgrep>=1.92,<1.93",
"semgrep>=1.99,<1.100",
"toml~=0.10.2",
"tomlkit~=0.13.0",
"wrapt~=1.16.0",
"wrapt~=1.17.0",
"chardet~=5.2.0",
"setuptools~=75.0",
]
@@ -54,20 +55,20 @@ test = [
"coverage-threshold~=0.4",
"defusedxml==0.7.1",
"types-defusedxml==0.7.0.20240218",
"flask-wtf==1.2.1",
"types-WTForms==3.1.0.20240425",
"flask-wtf==1.2.2",
"types-WTForms==3.2.1.20241025",
"Flask<4",
"httpx~=0.27",
"Jinja2~=3.1.2",
"jsonschema~=4.23.0",
"lxml>=5.3.0,<6.0.0",
"openai>=1.52,<1.53",
"openai>=1.57,<1.58",
"mock==5.1.*",
"pre-commit<5",
"Pyjwt~=2.9.0",
"Pyjwt~=2.10.0",
"pytest>=8.2,<9",
"pytest-asyncio~=0.23",
"pytest-cov>=4.1,<5.1",
"pytest-cov>=4.1,<6.1",
"pytest-mock>=3.12,<3.15",
"pytest-randomly==3.*",
"pytest-xdist==3.*",
@@ -85,7 +86,7 @@ complexity = [
"xenon==0.9.*",
]
openai = [
"openai>=1.52,<1.53",
"openai>=1.57,<1.58",
]
azure = [
"azure-ai-inference>=1.0.0b1,<2.0",
@@ -118,6 +119,7 @@ version_file = "src/codemodder/_version.py"
[tool.pytest.ini_options]
# Ignore integration tests and ci tests by default
testpaths = ["tests"]
asyncio_default_fixture_loop_scope = "function"

[tool.black]
extend-exclude = '''
21 changes: 6 additions & 15 deletions src/codemodder/codemodder.py
Original file line number Diff line number Diff line change
@@ -15,17 +15,11 @@
from codemodder.context import CodemodExecutionContext
from codemodder.dependency import Dependency
from codemodder.llm import MisconfiguredAIClient
from codemodder.logging import (
OutputFormat,
configure_logger,
log_list,
log_section,
logger,
)
from codemodder.logging import configure_logger, log_list, log_section, logger
from codemodder.project_analysis.file_parsers.package_store import PackageStore
from codemodder.project_analysis.python_repo_manager import PythonRepoManager
from codemodder.result import ResultSet
from codemodder.sarifs import DuplicateToolError, detect_sarif_tools
from codemodder.sarifs import detect_sarif_tools
from codemodder.semgrep import run as run_semgrep


@@ -124,8 +118,6 @@ def run(
output: Path | str | None = None,
output_format: str = "codetf",
verbose: bool = False,
log_format: OutputFormat = OutputFormat.JSON,
project_name: str | None = None,
tool_result_files_map: DefaultDict[str, list[Path]] = defaultdict(list),
path_include: list[str] | None = None,
path_exclude: list[str] | None = None,
@@ -135,6 +127,7 @@ def run(
original_cli_args: list[str] | None = None,
codemod_registry: registry.CodemodRegistry | None = None,
sast_only: bool = False,
ai_client: bool = True,
) -> tuple[CodeTF | None, int]:
start = datetime.datetime.now()

@@ -147,8 +140,6 @@ def run(

provider_registry = providers.load_providers()

configure_logger(verbose, log_format, project_name)

log_section("startup")
logger.info("codemodder: python/%s", __version__)

@@ -173,6 +164,7 @@ def run(
path_exclude,
tool_result_files_map,
max_workers,
ai_client,
)
except MisconfiguredAIClient as e:
logger.error(e)
@@ -243,7 +235,7 @@ def _run_cli(original_args) -> int:
tool_result_files_map: DefaultDict[str, list[Path]] = detect_sarif_tools(
[Path(name) for name in argv.sarif or []]
)
except (DuplicateToolError, FileNotFoundError) as err:
except FileNotFoundError as err:
logger.error(err)
return 1

@@ -252,15 +244,14 @@ def _run_cli(original_args) -> int:
tool_result_files_map["defectdojo"].extend(argv.defectdojo_findings_json or [])

logger.info("command: %s %s", Path(sys.argv[0]).name, " ".join(original_args))
configure_logger(argv.verbose, argv.log_format, argv.project_name)

_, status = run(
argv.directory,
argv.dry_run,
argv.output,
argv.output_format,
argv.verbose,
argv.log_format,
argv.project_name,
tool_result_files_map,
argv.path_include,
argv.path_exclude,
2 changes: 1 addition & 1 deletion src/codemodder/codemods/imported_call_modifier.py
Original file line number Diff line number Diff line change
@@ -81,7 +81,7 @@ def leave_Call(self, original_node: cst.Call, updated_node: cst.Call):
Change(
lineNumber=line_number,
description=self.change_description,
findings=self.file_context.get_findings_for_location(
fixedFindings=self.file_context.get_findings_for_location(
line_number
),
)
6 changes: 4 additions & 2 deletions src/codemodder/codemods/libcst_transformer.py
Original file line number Diff line number Diff line change
@@ -9,7 +9,7 @@
from codemodder.codemods.base_transformer import BaseTransformerPipeline
from codemodder.codemods.base_visitor import BaseTransformer
from codemodder.codemods.utils import get_call_name
from codemodder.codetf import Change, ChangeSet, Finding
from codemodder.codetf import Change, ChangeSet, Finding, Strategy
from codemodder.context import CodemodExecutionContext
from codemodder.dependency import Dependency
from codemodder.diff import create_diff_from_tree
@@ -126,7 +126,7 @@ def report_change_for_line(
Change(
lineNumber=line_number,
description=description or self.change_description,
findings=findings
fixedFindings=findings
or self.file_context.get_findings_for_location(line_number),
)
)
@@ -291,6 +291,8 @@ def apply(
path=str(file_context.file_path.relative_to(context.directory)),
diff=diff,
changes=file_context.codemod_changes,
strategy=Strategy.deterministic,
provisional=False,
)

if not context.dry_run:
8 changes: 5 additions & 3 deletions src/codemodder/codemods/regex_transformer.py
Original file line number Diff line number Diff line change
@@ -2,7 +2,7 @@
from typing import Pattern

from codemodder.codemods.base_transformer import BaseTransformerPipeline
from codemodder.codetf import Change, ChangeSet
from codemodder.codetf import Change, ChangeSet, Strategy
from codemodder.context import CodemodExecutionContext
from codemodder.diff import create_diff
from codemodder.file_context import FileContext
@@ -40,7 +40,7 @@ def _apply(self, original_lines, file_context, results):
Change(
lineNumber=lineno + 1,
description=self.change_description,
findings=file_context.get_findings_for_location(lineno),
fixedFindings=file_context.get_findings_for_location(lineno),
)
)
return changes, updated_lines
@@ -73,6 +73,8 @@ def apply(
path=str(file_context.file_path.relative_to(context.directory)),
diff=diff,
changes=changes,
strategy=Strategy.deterministic,
provisional=False,
)


@@ -110,7 +112,7 @@ def _apply(self, original_lines, file_context, results):
Change(
lineNumber=lineno + 1,
description=self.change_description,
findings=file_context.get_findings_for_location(lineno),
fixedFindings=file_context.get_findings_for_location(lineno),
)
)

2 changes: 1 addition & 1 deletion src/codemodder/codemods/test/utils.py
Original file line number Diff line number Diff line change
@@ -224,5 +224,5 @@ def run_and_assert(

def assert_findings(self, changes: list[Change]):
assert all(
x.findings for x in changes
x.fixedFindings for x in changes
), f"Expected all changes to have findings: {changes}"
10 changes: 6 additions & 4 deletions src/codemodder/codemods/xml_transformer.py
Original file line number Diff line number Diff line change
@@ -8,7 +8,7 @@
from defusedxml.sax import make_parser

from codemodder.codemods.base_transformer import BaseTransformerPipeline
from codemodder.codetf import Change, ChangeSet
from codemodder.codetf import Change, ChangeSet, Strategy
from codemodder.context import CodemodExecutionContext
from codemodder.diff import create_diff
from codemodder.file_context import FileContext
@@ -96,7 +96,7 @@ def add_change(self, line):
Change(
lineNumber=line,
description=self.change_description or None,
findings=self.file_context.get_findings_for_location(line),
fixedFindings=self.file_context.get_findings_for_location(line),
)
)

@@ -209,9 +209,9 @@ def apply(
output_file.seek(0)
except Exception:
file_context.add_failure(
file_path, reason := "Failed to parse XML file"
file_context.file_path, reason := "Failed to parse XML file"
)
logger.exception("%s %s", reason, file_path)
logger.exception("%s %s", reason, file_context.file_path)
return None

if not changes:
@@ -236,4 +236,6 @@ def apply(
path=str(file_path.relative_to(context.directory)),
diff=diff,
changes=changes,
strategy=Strategy.deterministic,
provisional=False,
)
29 changes: 5 additions & 24 deletions src/codemodder/codeql.py
Original file line number Diff line number Diff line change
@@ -3,7 +3,6 @@

from typing_extensions import Self

from codemodder.codetf import Finding, Rule
from codemodder.result import LineInfo, ResultSet, SarifLocation, SarifResult
from codemodder.sarifs import AbstractSarifToolDetector

@@ -40,29 +39,10 @@ class CodeQLResult(SarifResult):
location_type = CodeQLLocation

@classmethod
def from_sarif(
cls, sarif_result, sarif_run, truncate_rule_id: bool = False
) -> Self:
return cls(
rule_id=(
rule_id := cls.extract_rule_id(
sarif_result, sarif_run, truncate_rule_id
)
),
locations=cls.extract_locations(sarif_result),
codeflows=cls.extract_code_flows(sarif_result),
related_locations=cls.extract_related_locations(sarif_result),
finding_id=rule_id,
finding=Finding(
id=rule_id,
rule=Rule(
id=rule_id,
name=rule_id,
# TODO: map to URL
# url=,
),
),
)
def rule_url_from_id(cls, result: dict, run: dict, rule_id: str) -> str:
del result, run, rule_id
# TODO: Implement this method to return the specific rule URL
return "https://codeql.github.com/codeql-query-help/"


class CodeQLResultSet(ResultSet):
@@ -79,4 +59,5 @@ def from_sarif(cls, sarif_file: str | Path, truncate_rule_id: bool = False) -> S
sarif_result, sarif_run, truncate_rule_id
)
result_set.add_result(codeql_result)
result_set.store_tool_data(sarif_run.get("tool", {}))
return result_set
Loading