Add codemod ID #35

drdavella · 2024-07-22T18:15:31Z

I've left some wiggle room in the description of the "origin" component, but we may want to draw a harder line.

codetf.md

gilday · 2024-07-22T18:26:56Z

codetf.md

+
+Each component of the ID has a particular meaning:
+
+* `<origin>`: Origin describes the source of the analysis or transformation. For example, "find and fix" codemods provided by Pixee are labelled with the origin "pixee". Codemods that remediate issues found by a static analysis tool might be labelled with the origin corresponding to that tool name (e.g. "semgrep" or "codeql"). Implementers of custom codemods may use a unique identifier that is specific to their organization or tool.


Origin describes the source of the analysis or transformation

I feel like it should always be the source of the analysis and never the transformation.

Let's consider the custom codemod use case. If a user develops a custom Sonar codemod and wants to use it with our platform, the origin better be "sonar", or our platform will not consider it to be a Sonar codemod that gets access to Sonar results.

If you agree, then can we rename this to scanner()? I have come across places in our platform where we actually translate "origin" to "scanner", and I think the latter makes more sense.

I don't like scanner because there's no reason codemodder couldn't take input from non-scanner sources of code information, like observability tools, IAST, etc.

detector?

I like detector. This fits with the way we talk about it in codemodder architecture.

I love it when we use the same words everywhere 😊

codetf.md

gilday · 2024-07-22T18:33:36Z

codetf.md

+
+Each component of the ID has a particular meaning:
+
+* `<origin>`: Origin describes the source of the analysis or transformation. For example, "find and fix" codemods provided by Pixee are labelled with the origin "pixee". Codemods that remediate issues found by a static analysis tool might be labelled with the origin corresponding to that tool name (e.g. "semgrep" or "codeql"). Implementers of custom codemods may use a unique identifier that is specific to their organization or tool.


Codemods that remediate issues found by a static analysis tool

Our docs use the term fix only codemods, but I don't think that has stuck.

drdavella added 2 commits July 22, 2024 13:57

Clean up documentation a bit

de8253d

Describe codemod IDs

4d12fd5

drdavella requested review from nahsra and gilday July 22, 2024 18:15

gilday requested changes Jul 22, 2024

View reviewed changes

Address code review feedback

4223638

drdavella requested a review from gilday July 22, 2024 19:49

gilday approved these changes Jul 22, 2024

View reviewed changes

drdavella merged commit 98fe0ce into main Jul 22, 2024
2 checks passed

drdavella deleted the codemod-id branch July 22, 2024 19:56

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add codemod ID #35

Add codemod ID #35

drdavella commented Jul 22, 2024

gilday Jul 22, 2024

nahsra Jul 22, 2024

gilday Jul 22, 2024

drdavella Jul 22, 2024

gilday Jul 22, 2024

gilday Jul 22, 2024


		Each component of the ID has a particular meaning:

		* `<origin>`: Origin describes the source of the analysis or transformation. For example, "find and fix" codemods provided by Pixee are labelled with the origin "pixee". Codemods that remediate issues found by a static analysis tool might be labelled with the origin corresponding to that tool name (e.g. "semgrep" or "codeql"). Implementers of custom codemods may use a unique identifier that is specific to their organization or tool.

Add codemod ID #35

Add codemod ID #35

Conversation

drdavella commented Jul 22, 2024

gilday Jul 22, 2024

Choose a reason for hiding this comment

nahsra Jul 22, 2024

Choose a reason for hiding this comment

gilday Jul 22, 2024

Choose a reason for hiding this comment

drdavella Jul 22, 2024

Choose a reason for hiding this comment

gilday Jul 22, 2024

Choose a reason for hiding this comment

gilday Jul 22, 2024

Choose a reason for hiding this comment