Add codemodder framework and replace 1 codemod

.github/workflows/checks.yml

@@ -15,6 +15,11 @@ jobs:
         with:
           submodules: 'true'
           token: ${{ secrets.TEMP_GITHUB_PAT }}
+      - uses: actions/setup-python@v4
+        with:
+          python-version: '3.10'
+      - name: Install Semgrep
+        run: python3 -m pip install semgrep
       - uses: actions/setup-node@v3
       - uses: actions/setup-java@v3
         with:

.github/workflows/release.yml

@@ -22,6 +22,11 @@ jobs:
         with:
           submodules: 'true'
           token: ${{ secrets.TEMP_GITHUB_PAT }}
+      - uses: actions/setup-python@v4
+        with:
+          python-version: '3.10'
+      - name: Install Semgrep
+        run: python3 -m pip install semgrep
       - uses: actions/setup-node@v3
       - uses: actions/setup-java@v3
         with:

gradle/libs.versions.toml

@@ -4,12 +4,15 @@ graalvm = "22.3.0"
 jackson = "2.13.1"
 javaparser-core = "3.25.0"
 javaparser-symbolsolver = "3.15.15"
+java-security-toolkit = "1.0.0"
+javax-inject = "1"
 commons-jexl = "3.2.1"
 logback = "1.4.5"
 maven = "3.8.7"
 openpixee-toolkit = "1.0.0"
 picocli = "4.7.0"
 slf4j = "2.0.6"
+guice = "5.1.0"
 
 [libraries]
 autovalue-annotations = { module = "com.google.auto.value:auto-value-annotations", version.ref = "auto-value" }
@@ -20,6 +23,7 @@ commons-collections4 = "org.apache.commons:commons-collections4:4.4"
 contrast-sarif = "com.contrastsecurity:java-sarif:2.0"
 graal-sdk = { module = "org.graalvm.sdk:graal-sdk", version.ref = "graalvm" }
 gson = "com.google.code.gson:gson:2.9.0"
+guice = { module = "com.google.inject:guice", version.ref = "guice" }
 immutables = "org.immutables:value:2.9.0"
 jackson-core = { module = "com.fasterxml.jackson.core:jackson-core", version.ref = "jackson" }
 jackson-yaml = { module = "com.fasterxml.jackson.dataformat:jackson-dataformat-yaml", version.ref = "jackson" }
@@ -28,6 +32,8 @@ javaparser-core = { module = "com.github.javaparser:javaparser-core", version.re
 javaparser-symbolsolver-core = { module = "com.github.javaparser:javaparser-symbol-solver-core", version.ref = "javaparser-core" }
 javaparser-symbolsolver-model = { module = "com.github.javaparser:javaparser-symbol-solver-model", version.ref = "javaparser-symbolsolver" }
 javaparser-symbolsolver-logic = { module = "com.github.javaparser:javaparser-symbol-solver-logic", version.ref = "javaparser-symbolsolver" }
+java-security-toolkit = { module = "io.openpixee:java-security-toolkit", version.ref = "java-security-toolkit" }
+javax-inject = { module="javax.inject:javax.inject", version.ref = "javax-inject"}
 jetbrains-annotations = "org.jetbrains:annotations:23.0.0"
 jfiglet = "com.github.lalyos:jfiglet:0.0.8"
 juniversalchardet = "com.github.albfernandez:juniversalchardet:2.4.0"

languages/codemodder-common/build.gradle.kts

@@ -0,0 +1,37 @@
+@Suppress("DSL_SCOPE_VIOLATION") // https://github.com/gradle/gradle/issues/22797
+plugins {
+    id("io.openpixee.codetl.base")
+    id("io.openpixee.codetl.java-library")
+    id("io.openpixee.codetl.maven-publish")
+    alias(libs.plugins.fileversioning)
+}
+
+java {
+    toolchain {
+        languageVersion.set(JavaLanguageVersion.of(11))
+    }
+}
+
+publishing {
+    publications {
+        register<MavenPublication>("maven") {
+            from(components["java"])
+            artifactId = "codemodder-common"
+        }
+    }
+}
+
+dependencies {
+    compileOnly(libs.jetbrains.annotations)
+    implementation(libs.guice)
+    implementation(libs.contrast.sarif)
+    implementation(libs.java.security.toolkit)
+    implementation(libs.slf4j.api)
+
+    testImplementation(testlibs.bundles.junit.jupiter)
+    testImplementation(testlibs.bundles.hamcrest)
+    testImplementation(testlibs.assertj)
+    testImplementation(testlibs.jgit)
+    testImplementation(testlibs.mockito)
+    testRuntimeOnly(testlibs.junit.jupiter.engine)
+}

languages/java/src/main/java/io/openpixee/java/ChangedFile.java → languages/codemodder-common/src/main/java/io/codemodder/ChangedFile.java

@@ -1,4 +1,4 @@
-package io.openpixee.java;
+package io.codemodder;
 
 import java.util.Collections;
 import java.util.List;

languages/java/src/main/java/io/openpixee/java/DefaultRuleSetting.java → languages/codemodder-common/src/main/java/io/codemodder/DefaultRuleSetting.java

@@ -1,4 +1,4 @@
-package io.openpixee.java;
+package io.codemodder;
 
 import java.util.Objects;
 

languages/java/src/main/java/io/openpixee/java/DependencyGAV.java → languages/codemodder-common/src/main/java/io/codemodder/DependencyGAV.java

@@ -1,4 +1,4 @@
-package io.openpixee.java;
+package io.codemodder;
 
 import java.util.Objects;
 

languages/java/src/main/java/io/openpixee/java/FileWeavingContext.java → languages/codemodder-common/src/main/java/io/codemodder/FileWeavingContext.java

@@ -1,6 +1,5 @@
-package io.openpixee.java;
+package io.codemodder;
 
-import com.github.javaparser.ast.Node;
 import java.io.File;
 import java.util.ArrayList;
 import java.util.List;
@@ -16,9 +15,6 @@ public interface FileWeavingContext {
 
   boolean madeWeaves();
 
-  /** Intended to be used when dealing with AST objects. */
-  boolean isLineIncluded(Node n);
-
   /** Intended to be used in non-JavaParser situations. */
   boolean isLineIncluded(int line);
 
@@ -47,14 +43,6 @@ public boolean madeWeaves() {
       return !weaves.isEmpty();
     }
 
-    @Override
-    public boolean isLineIncluded(final Node n) {
-      if (n.getRange().isEmpty()) {
-        return true;
-      }
-      return includesExcludes.matches(n.getRange().get().begin.line);
-    }
-
     @Override
     public boolean isLineIncluded(final int line) {
       return includesExcludes.matches(line);
@@ -65,4 +53,8 @@ static FileWeavingContext createDefault(
       final File file, final IncludesExcludes includesExcludes) {
     return new Default(includesExcludes.getIncludesExcludesForFile(file));
   }
+
+  static FileWeavingContext createDefault(final LineIncludesExcludes includesExcludesForFile) {
+    return new Default(includesExcludesForFile);
+  }
 }

languages/java/src/main/java/io/openpixee/java/IncludesExcludes.java → languages/codemodder-common/src/main/java/io/codemodder/IncludesExcludes.java

@@ -1,4 +1,4 @@
-package io.openpixee.java;
+package io.codemodder;
 
 import com.google.common.annotations.VisibleForTesting;
 import java.io.File;

languages/java/src/main/java/io/openpixee/java/LineIncludesExcludes.java → languages/codemodder-common/src/main/java/io/codemodder/LineIncludesExcludes.java

@@ -1,4 +1,4 @@
-package io.openpixee.java;
+package io.codemodder;
 
 import java.util.Collections;
 import java.util.Objects;

languages/java/src/main/java/io/openpixee/java/PathMatcher.java → languages/codemodder-common/src/main/java/io/codemodder/PathMatcher.java

@@ -1,4 +1,4 @@
-package io.openpixee.java;
+package io.codemodder;
 
 import java.io.File;
 import java.nio.file.FileSystem;
@@ -7,13 +7,13 @@
 import java.util.Objects;
 
 /** This type is used in include/exclude logic for matching paths. */
-final class PathMatcher {
+public final class PathMatcher {
 
   private final Integer line;
   private final String repositoryRootPath;
   private final java.nio.file.PathMatcher matcher;
 
-  PathMatcher(
+  public PathMatcher(
       final FileSystem fs,
       final File repositoryRoot,
       final String pathPattern,
@@ -25,7 +25,7 @@ final class PathMatcher {
   }
 
   /** Return if this path matcher matches the given file. */
-  boolean matches(final File file) {
+  public boolean matches(final File file) {
     String candidateFilePath = Path.of(file.getAbsolutePath()).normalize().toString();
     String relativeCandidateFilePath = candidateFilePath.substring(repositoryRootPath.length());
     if (!relativeCandidateFilePath.startsWith("/")) {
@@ -34,11 +34,11 @@ boolean matches(final File file) {
     return matcher.matches(Paths.get(relativeCandidateFilePath));
   }
 
-  Integer line() {
+  public Integer line() {
     return line;
   }
 
-  boolean targetsLine() {
+  public boolean targetsLine() {
     return line != null;
   }
 

languages/java/src/main/java/io/openpixee/java/RuleContext.java → languages/codemodder-common/src/main/java/io/codemodder/RuleContext.java

@@ -1,4 +1,4 @@
-package io.openpixee.java;
+package io.codemodder;
 
 import java.util.List;
 import java.util.Objects;

languages/java/src/main/java/io/openpixee/java/Weave.java → languages/codemodder-common/src/main/java/io/codemodder/Weave.java

@@ -1,4 +1,4 @@
-package io.openpixee.java;
+package io.codemodder;
 
 import java.util.List;
 import java.util.Objects;

languages/codemodder-default-codemods/build.gradle.kts

@@ -0,0 +1,34 @@
+@Suppress("DSL_SCOPE_VIOLATION") // https://github.com/gradle/gradle/issues/22797
+plugins {
+    id("io.openpixee.codetl.base")
+    id("io.openpixee.codetl.java-library")
+    id("io.openpixee.codetl.maven-publish")
+    alias(libs.plugins.fileversioning)
+}
+
+java {
+    toolchain {
+        languageVersion.set(JavaLanguageVersion.of(11))
+    }
+}
+
+publishing {
+    publications {
+        register<MavenPublication>("maven") {
+            from(components["java"])
+            artifactId = "codemodder-default-codemods"
+        }
+    }
+}
+
+dependencies {
+    implementation(project(":languages:codemodder-framework-java"))
+    implementation(project(":languages:codemodder-semgrep-provider"))
+
+    testImplementation(testlibs.bundles.junit.jupiter)
+    testImplementation(testlibs.bundles.hamcrest)
+    testImplementation(testlibs.assertj)
+    testImplementation(testlibs.mockito)
+
+    testRuntimeOnly(testlibs.junit.jupiter.engine)
+}

languages/codemodder-default-codemods/src/main/java/io/codemodder/codemods/DefaultCodemods.java

@@ -0,0 +1,16 @@
+package io.codemodder.codemods;
+
+import io.codemodder.Changer;
+import java.util.List;
+
+/**
+ * Give an ability for users to list all the codemods so they don't have to reference them
+ * individually.
+ */
+public final class DefaultCodemods {
+
+  /** Get a list of all the codemods in our default set. */
+  public static List<Class<? extends Changer>> asList() {
+    return List.of(SecureRandomCodemod.class);
+  }
+}

languages/codemodder-default-codemods/src/main/java/io/codemodder/codemods/Runner.java

@@ -0,0 +1,11 @@
+package io.codemodder.codemods;
+
+import static io.codemodder.CodemodInvoker.run;
+
+/** Invokes the codemod from a command line. */
+public final class Runner {
+
+  public static void main(final String[] args) {
+    run(args, SecureRandomCodemod.class);
+  }
+}

languages/codemodder-default-codemods/src/main/java/io/codemodder/codemods/SecureRandomCodemod.java

@@ -0,0 +1,36 @@
+package io.codemodder.codemods;
+
+import com.contrastsecurity.sarif.Region;
+import com.github.javaparser.ast.visitor.ModifierVisitor;
+import io.codemodder.ChangeConstructorTypeVisitor;
+import io.codemodder.Codemod;
+import io.codemodder.CodemodInvocationContext;
+import io.codemodder.FileWeavingContext;
+import io.codemodder.ReviewGuidance;
+import io.codemodder.RuleSarif;
+import io.codemodder.providers.sarif.semgrep.SemgrepJavaParserChanger;
+import io.codemodder.providers.sarif.semgrep.SemgrepScan;
+import java.util.List;
+import javax.inject.Inject;
+
+/** Turns {@link java.util.Random} into {@link java.security.SecureRandom}. */
+@Codemod(
+    id = "pixee:java/secure-random",
+    author = "[email protected]",
+    reviewGuidance = ReviewGuidance.MERGE_WITHOUT_REVIEW)
+public final class SecureRandomCodemod extends SemgrepJavaParserChanger {
+
+  @Inject
+  public SecureRandomCodemod(
+      @SemgrepScan(pathToYaml = "/secure-random.yaml", ruleId = "secure-random")
+          final RuleSarif sarif) {
+    super(sarif);
+  }
+
+  @Override
+  public ModifierVisitor<FileWeavingContext> createVisitor(
+      final CodemodInvocationContext context, final List<Region> regions) {
+    return new ChangeConstructorTypeVisitor(
+        regions, "java.security.SecureRandom", context.codemodId());
+  }
+}

languages/codemodder-default-codemods/src/main/resources/secure-random.yaml

@@ -0,0 +1,7 @@
+rules:
+  - id: secure-random
+    pattern: new Random()
+    message: Insecure PRNG
+    languages:
+      - java
+    severity: WARNING

languages/codemodder-framework-java/build.gradle.kts

@@ -0,0 +1,46 @@
+@Suppress("DSL_SCOPE_VIOLATION") // https://github.com/gradle/gradle/issues/22797
+plugins {
+    id("io.openpixee.codetl.base")
+    id("io.openpixee.codetl.java-library")
+    id("io.openpixee.codetl.maven-publish")
+    alias(libs.plugins.fileversioning)
+}
+
+java {
+    toolchain {
+        languageVersion.set(JavaLanguageVersion.of(11))
+    }
+}
+
+publishing {
+    publications {
+        register<MavenPublication>("maven") {
+            from(components["java"])
+            artifactId = "codemodder-framework-java"
+        }
+    }
+}
+
+dependencies {
+    compileOnly(libs.jetbrains.annotations)
+
+    api("io.github.pixee:codetf-java:0.0.2") // TODO bring codetf-java into the monorepo
+
+    api(libs.guice)
+    api(libs.contrast.sarif)
+    api(libs.javaparser.core)
+    api(libs.javaparser.symbolsolver.core)
+    api(libs.javaparser.symbolsolver.logic)
+    api(libs.javaparser.symbolsolver.model)
+    implementation(libs.logback.classic)
+    implementation(libs.maven.model)
+    api(libs.slf4j.api)
+    api(project(":languages:codemodder-common"))
+
+    testImplementation(testlibs.bundles.junit.jupiter)
+    testImplementation(testlibs.bundles.hamcrest)
+    testImplementation(testlibs.assertj)
+    testImplementation(testlibs.mockito)
+
+    testRuntimeOnly(testlibs.junit.jupiter.engine)
+}