A tool that finds the minimum number of code fixes needed to eliminate vulnerabilities from SARIF output

Navigation

Verified details

These details have been verified by PyPI
Owner
Maintainers
Avatar for amine-boudraa-tr from gravatar.com amine-boudraa-tr

Unverified details

These details have not been verified by PyPI
Meta
Report project as malware

Project description

Codeflow Solver

Overview

A tool that finds the optimal minimum number of code fixes needed to eliminate all vulnerabilities from SARIF scan results. Uses the set cover problem optimization to determine the most efficient fix strategy - guaranteeing the absolute minimum number of code changes required to address all security issues.

๐Ÿ“– For detailed algorithm explanation, mathematical formulation, and implementation details, see src/codeflow_solver/docs/MATHEMATICAL_DETAILS.md

Installation

pip install codeflow-solver

From Source

git clone https://github.com/thomsonreuters/codeflow-solver.git
cd codeflow-solver
uv sync
uv pip install -e .

Usage

CLI Options

# Basic usage
codeflow-solver vulnerabilities.sarif

# Choose solver
codeflow-solver vulnerabilities.sarif --solver cp-sat

# Filtering options
codeflow-solver vulnerabilities.sarif --severity-filter high medium
codeflow-solver vulnerabilities.sarif --rule-filter java/XSS java/PT

# Export options
codeflow-solver vulnerabilities.sarif --export              # Detailed solution with vulnerability details
codeflow-solver vulnerabilities.sarif --minimal-export     # Optimal path with fix locations only

# Quiet mode
codeflow-solver vulnerabilities.sarif --quiet --minimal-export

Using as Package

from codeflow_solver import SarifSetCoverSolver

# Basic usage
optimizer = SarifSetCoverSolver("vulnerabilities.sarif")
optimizer.solve_mathematical_optimization()

# With filtering and export
optimizer = SarifSetCoverSolver(
    "vulnerabilities.sarif",
    severity_filter=["high", "medium"],
    rule_filter=["java/XSS"],
    export_detailed=True
)
optimizer.solve_mathematical_optimization()

CLI After Cloning

cd codeflow-solver
uv run python -m codeflow_solver.cli.main vulnerabilities.sarif

# Available options:
# --severity-filter {high,medium,low,info}  Filter by severity
# --rule-filter RULE_ID [RULE_ID ...]      Filter by rule IDs
# --export                                  Export detailed solution
# --minimal-export                          Export minimal solution
# --quiet                                   Suppress console output

Package Structure

src/
โ””โ”€โ”€ codeflow_solver/
    โ”œโ”€โ”€ __init__.py
    โ”œโ”€โ”€ cli/
    โ”‚   โ”œโ”€โ”€ __init__.py
    โ”‚   โ””โ”€โ”€ main.py             # CLI entry point
    โ”œโ”€โ”€ utils/
    โ”‚   โ”œโ”€โ”€ __init__.py
    โ”‚   โ”œโ”€โ”€ sarif_parser.py     # SARIF parsing
    โ”‚   โ”œโ”€โ”€ severity_mapper.py  # Severity mapping
    โ”‚   โ””โ”€โ”€ data_structures.py  # Data classes
    โ”œโ”€โ”€ solver/
    โ”‚   โ”œโ”€โ”€ __init__.py
    โ”‚   โ”œโ”€โ”€ set_cover_solver.py # Main solver implementation
    โ”‚   โ””โ”€โ”€ optimizer.py        # Optimization algorithms
    โ”œโ”€โ”€ set_cover/
    โ”‚   โ”œโ”€โ”€ __init__.py
    โ”‚   โ””โ”€โ”€ initializer.py      # Set cover initialization
    โ””โ”€โ”€ docs/                   # Documentation
tests/                          # Test files

Tests

# Run tests
uv run pytest

# Format and lint
uv run ruff format .
uv run ruff check .
uv run mypy .

License

MIT License

Contributing

  1. Fork the repository
  2. Create a feature branch
  3. Make your changes
  4. Add tests for new functionality
  5. Submit a pull request

Project details

Verified details

These details have been verified by PyPI
Owner
Maintainers
Avatar for amine-boudraa-tr from gravatar.com amine-boudraa-tr

Unverified details

These details have not been verified by PyPI
Meta

Release history Release notifications | RSS feed

This version

1.0.2

1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

codeflow_solver-1.0.2.tar.gz (129.4 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

codeflow_solver-1.0.2-py3-none-any.whl (27.6 kB view details)

Uploaded Python 3

File details

Details for the file codeflow_solver-1.0.2.tar.gz.

File metadata

  • Download URL: codeflow_solver-1.0.2.tar.gz
  • Upload date:
  • Size: 129.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.11.14

File hashes

Hashes for codeflow_solver-1.0.2.tar.gz
Algorithm Hash digest
SHA256 e7b9716f76aec9ccdb98697a8ed357145e0a9843f755d35bdd25b7adbd2dc3e3
MD5 14828bd5c8cebcfb9d42bd8724d2be0f
BLAKE2b-256 2e053efce71d5a4328f112b79d6a16d41aaf7157b3bec46c582e90c74e720072

See more details on using hashes here.

File details

Details for the file codeflow_solver-1.0.2-py3-none-any.whl.

File metadata

File hashes

Hashes for codeflow_solver-1.0.2-py3-none-any.whl
Algorithm Hash digest
SHA256 aa25dcf8b10aeb38547a07b62ac62a984f24814d60261863430529d57df541aa
MD5 fbfe065b54155b06c72d91b608a9ac60
BLAKE2b-256 155f684e0500a109cb65e8288c56daff0d6e373a12c0725784f6afef95d2e61a

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page