From e0f4add01c4ef5ce5ad3a8df207d4ab442a8a72e Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 23 Jun 2025 09:05:45 -0300 Subject: [PATCH 1/5] Update all non-major dependencies (#1071) * Update all non-major dependencies * pin numpy --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: clavedeluna --- pyproject.toml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/pyproject.toml b/pyproject.toml index 356cb79b..b16bae6a 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -52,7 +52,7 @@ get-hashes = 'codemodder.scripts.get_hashes:main' [project.optional-dependencies] semgrep = [ - "semgrep>=1.125,<1.126", + "semgrep>=1.126,<1.127", ] test = [ "azure-ai-inference>=1.0.0b1,<2.0", @@ -67,7 +67,7 @@ test = [ "Jinja2~=3.1.2", "jsonschema~=4.24.0", "lxml>=5.3.0,<6.0.0", - "openai>=1.86,<1.87", + "openai>=1.90,<1.91", "mock==5.2.*", "pre-commit<5", "Pyjwt~=2.10.0", @@ -81,20 +81,20 @@ test = [ "security==1.3.1", "types-mock==5.2.*", "django>=4,<6", - "numpy ~= 2.2.1; python_version == '3.10'", + "numpy ==2.2.6; python_version == '3.10'", "numpy ~= 2.3.0; python_version > '3.10'", "flask_wtf~=1.2.0", "fickling~=0.1.0,>=0.1.3", "graphql-server~=3.0.0b7", "unidiff>=0.7.5", - "semgrep>=1.125,<1.126", + "semgrep>=1.126,<1.127", ] complexity = [ "radon==6.0.*", "xenon==0.9.*", ] openai = [ - "openai>=1.86,<1.87", + "openai>=1.90,<1.91", ] azure = [ "azure-ai-inference>=1.0.0b1,<2.0", From 8bb42f288dcaed635e2636a648fbf625cfbad223 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 27 Jun 2025 07:12:45 -0300 Subject: [PATCH 2/5] Update dependency lxml to v6 (#1074) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index b16bae6a..e6b6198d 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -66,7 +66,7 @@ test = [ "httpx~=0.27", "Jinja2~=3.1.2", "jsonschema~=4.24.0", - "lxml>=5.3.0,<6.0.0", + "lxml>=6.0.0,<6.1.0", "openai>=1.90,<1.91", "mock==5.2.*", "pre-commit<5", From 96889c96f2b88b9a03a21e0f285578bad742f4f5 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 27 Jun 2025 07:43:42 -0300 Subject: [PATCH 3/5] Update all non-major dependencies (#1073) * Update all non-major dependencies * tell renovate to stop updating numpy 3.10 --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: clavedeluna --- pyproject.toml | 8 ++++---- renovate.json | 5 +++++ 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/pyproject.toml b/pyproject.toml index e6b6198d..a996b51d 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -52,7 +52,7 @@ get-hashes = 'codemodder.scripts.get_hashes:main' [project.optional-dependencies] semgrep = [ - "semgrep>=1.126,<1.127", + "semgrep>=1.127,<1.128", ] test = [ "azure-ai-inference>=1.0.0b1,<2.0", @@ -67,7 +67,7 @@ test = [ "Jinja2~=3.1.2", "jsonschema~=4.24.0", "lxml>=6.0.0,<6.1.0", - "openai>=1.90,<1.91", + "openai>=1.92,<1.93", "mock==5.2.*", "pre-commit<5", "Pyjwt~=2.10.0", @@ -87,14 +87,14 @@ test = [ "fickling~=0.1.0,>=0.1.3", "graphql-server~=3.0.0b7", "unidiff>=0.7.5", - "semgrep>=1.126,<1.127", + "semgrep>=1.127,<1.128", ] complexity = [ "radon==6.0.*", "xenon==0.9.*", ] openai = [ - "openai>=1.90,<1.91", + "openai>=1.92,<1.93", ] azure = [ "azure-ai-inference>=1.0.0b1,<2.0", diff --git a/renovate.json b/renovate.json index 4bf472b4..016f456f 100644 --- a/renovate.json +++ b/renovate.json @@ -8,6 +8,11 @@ { "matchPackageNames": ["pydantic"], "enabled": false + }, + { + "matchPackageNames": ["numpy"], + "matchCurrentValue": "==2.2.6", + "enabled": false } ] } From ed991dc2f74645d60cb973c3e5a59f31b1c3bfa1 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 30 Jun 2025 07:42:33 -0300 Subject: [PATCH 4/5] Update dependency openai to >=1.93,<1.94 (#1075) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- pyproject.toml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pyproject.toml b/pyproject.toml index a996b51d..598b466c 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -67,7 +67,7 @@ test = [ "Jinja2~=3.1.2", "jsonschema~=4.24.0", "lxml>=6.0.0,<6.1.0", - "openai>=1.92,<1.93", + "openai>=1.93,<1.94", "mock==5.2.*", "pre-commit<5", "Pyjwt~=2.10.0", @@ -94,7 +94,7 @@ complexity = [ "xenon==0.9.*", ] openai = [ - "openai>=1.92,<1.93", + "openai>=1.93,<1.94", ] azure = [ "azure-ai-inference>=1.0.0b1,<2.0", From 3bbfe7490044bfd3492df1a49a9e988ca131538e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20C=2E=20Silva?= <12188364+andrecsilva@users.noreply.github.com> Date: Mon, 30 Jun 2025 14:47:01 -0300 Subject: [PATCH 5/5] Fix sast_only flag behavior to include other sast input flags (#1076) * Fixed behavior of sast_only flag * Modified test to include new flags --- integration_tests/test_program.py | 44 +++++++++++++++++++++++++++++-- src/codemodder/codemodder.py | 5 +++- 2 files changed, 46 insertions(+), 3 deletions(-) diff --git a/integration_tests/test_program.py b/integration_tests/test_program.py index af6383c2..865c3695 100644 --- a/integration_tests/test_program.py +++ b/integration_tests/test_program.py @@ -1,4 +1,8 @@ import subprocess +from pathlib import Path + +import pytest +from sarif_pydantic.sarif import Run, Sarif, Tool, ToolDriver from core_codemods.remove_assertion_in_pytest_raises import ( RemoveAssertionInPytestRaises, @@ -26,14 +30,50 @@ def test_codemods_include_exclude_conflict(self): ) assert completed_process.returncode == 3 - def test_load_sast_only_by_flag(self, tmp_path): + @pytest.mark.parametrize( + "cli_args", + [ + "--sonar-issues-json", + "--sonar-hotspots-json", + "--sonar-json", + ], + ) + def test_load_sast_only_by_sonar_flag(self, tmp_path, cli_args): tmp_file_path = tmp_path / "sonar.json" tmp_file_path.touch() completed_process = subprocess.run( [ "codemodder", "tests/samples/", - "--sonar-issues-json", + cli_args, + f"{tmp_file_path}", + "--dry-run", + ], + check=False, + capture_output=True, + text=True, + ) + print(completed_process.stdout) + print(completed_process.stderr) + assert completed_process.returncode == 0 + assert RemoveAssertionInPytestRaises.id not in completed_process.stdout + + def test_load_sast_only_by_sarif_flag(self, tmp_path: Path): + tmp_file_path = tmp_path / "sarif.json" + sarif_run = Run( + tool=Tool(driver=ToolDriver(name="test")), + results=[], + ) + sarif = Sarif(runs=[sarif_run], **{"$schema": ""}) + tmp_file_path.write_text( + sarif.model_dump_json(indent=2, exclude_none=True, by_alias=True) + ) + + completed_process = subprocess.run( + [ + "codemodder", + "tests/samples/", + "--sarif", f"{tmp_file_path}", "--dry-run", ], diff --git a/src/codemodder/codemodder.py b/src/codemodder/codemodder.py index 54ae063b..9ae4d37e 100644 --- a/src/codemodder/codemodder.py +++ b/src/codemodder/codemodder.py @@ -285,7 +285,10 @@ def _run_cli(original_args, remediation=False) -> int: max_workers=argv.max_workers, original_cli_args=original_args, codemod_registry=codemod_registry, - sast_only=argv.sonar_issues_json or argv.sarif, + sast_only=argv.sonar_issues_json + or argv.sarif + or argv.sonar_hotspots_json + or argv.sonar_json, log_matched_files=True, remediation=remediation, )