From 1f289cebd15f6a73d6dc2f9dcc80d21d8fa3b861 Mon Sep 17 00:00:00 2001 From: Johnathan Gilday Date: Fri, 8 Mar 2024 09:59:56 -0500 Subject: [PATCH] =?UTF-8?q?=E2=9C=A8=20Add=20Code=20Scanning=20Tools=20Int?= =?UTF-8?q?egration=20Page?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Documents how to integrate Pixeebot with Sonar. It doesn't feel right to only have one tool on this page, so I mentioned that CodeQL is "coming soon". Practically, we have CodeQL integration by ways of GitHub Advanced Security right now, and documenting this is the subject of another task we will get to next week. --- docs/code-scanning-tool-fixes.md | 19 ++++++++ docs/codemods/overview.md | 2 +- docs/faqs.md | 7 ++- docs/release-notes.md | 77 ++++++++++++++++---------------- docs/using-pixeebot.md | 15 ++++--- 5 files changed, 71 insertions(+), 49 deletions(-) create mode 100644 docs/code-scanning-tool-fixes.md diff --git a/docs/code-scanning-tool-fixes.md b/docs/code-scanning-tool-fixes.md new file mode 100644 index 0000000..ebf0a0d --- /dev/null +++ b/docs/code-scanning-tool-fixes.md @@ -0,0 +1,19 @@ +--- +sidebar_position: 4 +--- + +# Code Scanning Tool Fixes + +Pixeebot automatically fixes issues detected by code scanning tools when synced with the results of those scans. This page explains how to integrate code scanning tools with Pixeebot, so that Pixeebot may fix the issues those tools find. + +## Sonar + +Pixeebot fixes issues detected by Sonar when repositories have both the Pixeebot and Sonar GitHub Apps installed. + +For public repositories using SonarCloud, Pixeebot retrieves results from sonarcloud.io automatically with no further configuration required from the user. + +For private repositories using SonarCloud, use the [pixee/upload-tool-results-action](https://github.com/pixee/upload-tool-results-action) GitHub Action to synchronize SonarCloud findings with Pixeebot. + +## CodeQL + +Coming soon! diff --git a/docs/codemods/overview.md b/docs/codemods/overview.md index 4d3c649..c8326c8 100644 --- a/docs/codemods/overview.md +++ b/docs/codemods/overview.md @@ -1,5 +1,5 @@ --- -sidebar_position: 4 +sidebar_position: 5 --- # Core Codemods diff --git a/docs/faqs.md b/docs/faqs.md index be5894e..f4df150 100644 --- a/docs/faqs.md +++ b/docs/faqs.md @@ -1,10 +1,11 @@ --- -sidebar_position: 7 +sidebar_position: 8 --- # FAQs ### What are Pixee's AI features? + We utilize Large Language Models (LLMs) to provide context-aware code fixes and to add code-specific comments, helping developers understand why a change is being recommended. ### What is Pixee's AI policy? @@ -13,14 +14,16 @@ At Pixee, we take your data privacy and security seriously. To ensure your trust By default, we enable the use of Large Language Models (LLMs) for an enhanced user experience. However, if you prefer not to use them, you can easily [disable](configuring.md) this feature at your convenience. We believe in providing you with the flexibility to tailor your experience according to your preferences and needs. - ### How does Pixee handle my data? + Pixee is a platform focused on helping developers deliver higher quality code and places the utmost importance on our own security, including secure software development practices, IT practices, corporate controls and partner assessments. In case anyone asks, yes -- all data is encrypted in transit and at rest, and guaranteed to be destroyed. As an aside, many of us have been in security our whole careers, and we're quite passionate about it! We document all of this and more in our [Security and Trust Center](https://trust.pixee.ai/). ### How will my information (i.e. code, projects, etc.) be used? + Each party agrees to hold data and confidential information of the other party in confidence and not to disclose, retain, or distribute such information to third parties or to use such information for any purpose whatsoever. Please take a look at our full [Privacy Policy](https://www.pixee.ai/privacy) for more detail. ### Where can I learn more and discuss Pixeebot? + Users can join the Pixee community [on Slack](https://join.slack.com/t/openpixee/shared_invite/zt-1pnk7jqdd-kfwilrfG7Ov4M8rorfOnUA). This channel can be used to engage with peers who are also interested in Pixee. Feel free to email us at help@pixee.ai with any questions or comments. diff --git a/docs/release-notes.md b/docs/release-notes.md index 5882c27..895cba3 100644 --- a/docs/release-notes.md +++ b/docs/release-notes.md @@ -1,34 +1,36 @@ --- -sidebar_position: 8 +sidebar_position: 9 --- # Release Notes We're working hard to bring you new features, enhancements, and reliability to the Pixee Platform. We'd ❤️ to hear from you. Drop us a note at [hi@pixee.ai](mailto:hi@pixee.ai)! -## March 1, 2024 +## March 1, 2024 ### Pixeebot App + Platform {#2024-03-01---pixeebot-app--platform} #### 🚀 New Features & Enhancements {#2024-03-01---new-features--enhancements} -* Implemented changes to optimize codemod performance +- Implemented changes to optimize codemod performance #### 🐛 Bug Fixes {#2024-03-01---bug-fixes} -* Fixed an issue that caused Pixeebot to open multiple pull requests for a single issue +- Fixed an issue that caused Pixeebot to open multiple pull requests for a single issue ### Codemodder {#2024-03-01---codemodder} #### 🐍 Python {#2024-03-01---codemodder-python} -* New codemod: `str-concat-in-sequence-literals` fixes cases of implicit string concatenation inside lists, sets, or tuples. See codemod documentation [here](https://docs.pixee.ai/codemods/python/pixee_python_str-concat-in-sequence-literals) -* New codemod: `fix-async-task-instantiation` replaces manual instantiation of a `Task` with a `create_task` call per the asyncio [documentation](https://docs.python.org/3/library/asyncio-task.html#asyncio.Task). See codemod documentation [here](https://docs.pixee.ai/codemods/python/pixee_python_fix-async-task-instantiation) + +- New codemod: `str-concat-in-sequence-literals` fixes cases of implicit string concatenation inside lists, sets, or tuples. See codemod documentation [here](https://docs.pixee.ai/codemods/python/pixee_python_str-concat-in-sequence-literals) +- New codemod: `fix-async-task-instantiation` replaces manual instantiation of a `Task` with a `create_task` call per the asyncio [documentation](https://docs.python.org/3/library/asyncio-task.html#asyncio.Task). See codemod documentation [here](https://docs.pixee.ai/codemods/python/pixee_python_fix-async-task-instantiation) #### ☕️ Java {#2024-03-01---codemodder-java} -* Fixed a hang issue that caused stalls in code analysis +- Fixed a hang issue that caused stalls in code analysis + +## February 22, 2024 -## February 22, 2024 > 🔏 > **Now Supporting Signed Commits:** > @@ -40,35 +42,35 @@ We're working hard to bring you new features, enhancements, and reliability to t #### 🚀 New Features & Enhancements {#2024-02-22---new-features--enhancements} -* Implemented a change to the installation flow so that more repositories skip the waitlist -* Added a search and filter functionality to the installations page of the user platform, allowing users to search for specific Pixeebot installations and filter results +- Implemented a change to the installation flow so that more repositories skip the waitlist +- Added a search and filter functionality to the installations page of the user platform, allowing users to search for specific Pixeebot installations and filter results #### 🐛 Bug Fixes {#2024-02-22---bug-fixes} -* Fixed a bug affecting Java repositories that caused contextual comments included in Pixeebot fixes to contain incorrect line numbers +- Fixed a bug affecting Java repositories that caused contextual comments included in Pixeebot fixes to contain incorrect line numbers ### Codemodder {#2024-02-22---codemodder} #### 🐍 Python {#2024-02-22---codemodder-python} -* Updated `requests-verify` codemod to support the [httpx](https://www.python-httpx.org/) library. See codemod documentation [here](https://docs.pixee.ai/codemods/python/pixee_python_requests-verify) -* Updated `fix-file-resource-leak` codemod for better handling of indent blocks containing multiple open statements. See codemod documentation [here](https://docs.pixee.ai/codemods/python/pixee_python_fix-file-resource-leak) -#### ☕️ Java {#2024-02-22---codemodder-java} - -* New codemod: `overrides-match-synchronization` adds missing synchronized keyword to methods that override a synchronized method in the parent class, ensuring [proper synchronization](https://wiki.sei.cmu.edu/confluence/display/java/TSM00-J.+Do+not+override+thread-safe+methods+with+methods+that+are+not+thread-safe). This improves code maintainability, and reduces the risk of issues like race conditions and data corruption. (for Sonar) See codemod documentation [here](https://docs.pixee.ai/codemods/java/sonar_java_overrides-match-synchronization-s3551) -* Updated `define-constant-for-duplicate-literal` codemod to inject new literals at the end of a file, rather than the beginning. This change improves the style of code generated by this codemod. See codemod documentation [here](https://docs.pixee.ai/codemods/java/sonar_java_define-constant-for-duplicate-literal-s1192) +- Updated `requests-verify` codemod to support the [httpx](https://www.python-httpx.org/) library. See codemod documentation [here](https://docs.pixee.ai/codemods/python/pixee_python_requests-verify) +- Updated `fix-file-resource-leak` codemod for better handling of indent blocks containing multiple open statements. See codemod documentation [here](https://docs.pixee.ai/codemods/python/pixee_python_fix-file-resource-leak) +#### ☕️ Java {#2024-02-22---codemodder-java} +- New codemod: `overrides-match-synchronization` adds missing synchronized keyword to methods that override a synchronized method in the parent class, ensuring [proper synchronization](https://wiki.sei.cmu.edu/confluence/display/java/TSM00-J.+Do+not+override+thread-safe+methods+with+methods+that+are+not+thread-safe). This improves code maintainability, and reduces the risk of issues like race conditions and data corruption. (for Sonar) See codemod documentation [here](https://docs.pixee.ai/codemods/java/sonar_java_overrides-match-synchronization-s3551) +- Updated `define-constant-for-duplicate-literal` codemod to inject new literals at the end of a file, rather than the beginning. This change improves the style of code generated by this codemod. See codemod documentation [here](https://docs.pixee.ai/codemods/java/sonar_java_define-constant-for-duplicate-literal-s1192) -## January 26, 2024 +## January 26, 2024 > 🌟 > **Introducing the Activity Dashboard:** > -> This dashboard exists as a GitHub Issue, and is your source of truth for Pixeebot’s functionality within your repository. Use the Activity dashboard to: -> * Easily manage the open pull requests Pixeebot has created for you -> * Check for available fixes in the continuous improvement queue, and summon Pixeebot to create pull requests for them -> * Review the work that Pixeebot has already completed in your repository +> This dashboard exists as a GitHub Issue, and is your source of truth for Pixeebot’s functionality within your repository. Use the Activity dashboard to: +> +> - Easily manage the open pull requests Pixeebot has created for you +> - Check for available fixes in the continuous improvement queue, and summon Pixeebot to create pull requests for them +> - Review the work that Pixeebot has already completed in your repository > > The dashboard is automatically enabled upon installation, provided that GitHub Issues are also enabled for your repository. See Activity dashboard documentation [here](https://docs.pixee.ai/using-pixeebot/#pixeebot-activity). @@ -76,32 +78,29 @@ We're working hard to bring you new features, enhancements, and reliability to t #### 🚀 New Features & Enhancements {#2024-01-26---new-features--enhancements} -* Released performance improvement for navigating between pages on the user dashboard. +- Released performance improvement for navigating between pages on the user dashboard. #### 🐛 Bug Fixes {#2024-01-26---bug-fixes} -* Resolved a bug that occurred when users requested a continuous improvement changes using `@pixeebot next`, Pixeebot would analyze the user’s repository twice and potentially send two PRs. - +- Resolved a bug that occurred when users requested a continuous improvement changes using `@pixeebot next`, Pixeebot would analyze the user’s repository twice and potentially send two PRs. ### Codemodder {#2024-01-26---codemodder} #### 🐍 Python {#2024-01-26---codemodder-python} -* `security` package updates and release -* New codemod: `combine-startswith-endswith` Simplifies boolean expressions used with the `startswith` and `endswith` methods of `str` objects. A lot of code uses boolean expressions such as `x.startswith('foo')` or `x.startswith('bar')` , which is unnecessary since these objects can accept a tuple of strings to match. Where possible, this codemod replaces such boolean expressions with `x.startswith(('foo', 'bar))` for cleaner, more concise code. See codemod documentation [here](https://docs.pixee.ai/codemods/python/pixee_python_combine-startswith-endswith) -* New codemod: `fix-deprecated-logging-warn` Updates usage of the `warn` method from `logging` (which has been [deprecated](https://docs.python.org/3/library/logging.html#logging.Logger.warning) since Python 3.3) in favor of `warning`. See codemod documentation [here](https://docs.pixee.ai/codemods/python/pixee_python_fix-deprecated-logging-warn) -* New codemod: `flask-enable-csrf-protection` Introduces protections against cross-site forgery (CSRF) attacks by embedding an additional token into HTTP requests to identify requests from unauthorized locations. See codemod documentation [here](https://docs.pixee.ai/codemods/python/pixee_python_flask-enable-csrf-protection) -* New codemod: `remove-debug-breakpoint` removes any calls to `breakpoint()` or `pdb.set_trace()` which are generally only used for interactive debugging and should not be deployed in production. See codemod documentation [here](https://docs.pixee.ai/codemods/python/pixee_python_remove-debug-breakpoint). -* New codemod: `replace-flask-send-fil`e Introduces protections against path traversal attacks when using the `Flask` `send_file` function. This codemod uses Flasks’s `flask.send_from_directory` function for input path validation. See codemod documentation [here](https://docs.pixee.ai/codemods/python/pixee_python_replace-flask-send-file) -* New codemod: `use-set-literal` Converts Python set constructions using literal list arguments into more efficient and readable set literals. It simplifies expressions like `set([1, 2, 3])` to `{1, 2, 3}`, enhancing both performance and code clarity. See codemod documentation [here](https://docs.pixee.ai/codemods/python/pixee_python_use-set-literal#pixeepythonuse-set-literal) - - #### ☕️ Java {#2024-01-26---codemodder-java} - * Added short-circuiting to improve performance of composed codemods - * New codemod: `sonar:java/remove-unused-private-method` removes unused `private` methods. These can increase both the mental load and maintenance burden of maintainers, as you have to keep compiling the unused code when making sweeping changes to the APIs used within the method. (for Sonar) See codemod documentation [here](https://docs.pixee.ai/codemods/java/sonar_java_remove-unused-private-method-s1144) - * New codemod: `sonar:java/declare-variable-on-separate-line` splits variable assignments onto their own lines. [Many](https://wiki.sei.cmu.edu/confluence/display/java/DCL52-J.+Do+not+declare+more+than+one+variable+per+declaration) [sources](https://rules.sonarsource.com/java/RSPEC-1659/) [believe](https://dart.dev/tools/linter-rules/avoid_multiple_declarations_per_line) it is easier to review code where the variables are separate statements on their own individual line. (for Sonar) See codemod documentation [here](https://docs.pixee.ai/codemods/java/sonar_java_declare-variable-on-separate-line-s1659) - +- `security` package updates and release +- New codemod: `combine-startswith-endswith` Simplifies boolean expressions used with the `startswith` and `endswith` methods of `str` objects. A lot of code uses boolean expressions such as `x.startswith('foo')` or `x.startswith('bar')` , which is unnecessary since these objects can accept a tuple of strings to match. Where possible, this codemod replaces such boolean expressions with `x.startswith(('foo', 'bar))` for cleaner, more concise code. See codemod documentation [here](https://docs.pixee.ai/codemods/python/pixee_python_combine-startswith-endswith) +- New codemod: `fix-deprecated-logging-warn` Updates usage of the `warn` method from `logging` (which has been [deprecated](https://docs.python.org/3/library/logging.html#logging.Logger.warning) since Python 3.3) in favor of `warning`. See codemod documentation [here](https://docs.pixee.ai/codemods/python/pixee_python_fix-deprecated-logging-warn) +- New codemod: `flask-enable-csrf-protection` Introduces protections against cross-site forgery (CSRF) attacks by embedding an additional token into HTTP requests to identify requests from unauthorized locations. See codemod documentation [here](https://docs.pixee.ai/codemods/python/pixee_python_flask-enable-csrf-protection) +- New codemod: `remove-debug-breakpoint` removes any calls to `breakpoint()` or `pdb.set_trace()` which are generally only used for interactive debugging and should not be deployed in production. See codemod documentation [here](https://docs.pixee.ai/codemods/python/pixee_python_remove-debug-breakpoint). +- New codemod: `replace-flask-send-fil`e Introduces protections against path traversal attacks when using the `Flask` `send_file` function. This codemod uses Flasks’s `flask.send_from_directory` function for input path validation. See codemod documentation [here](https://docs.pixee.ai/codemods/python/pixee_python_replace-flask-send-file) +- New codemod: `use-set-literal` Converts Python set constructions using literal list arguments into more efficient and readable set literals. It simplifies expressions like `set([1, 2, 3])` to `{1, 2, 3}`, enhancing both performance and code clarity. See codemod documentation [here](https://docs.pixee.ai/codemods/python/pixee_python_use-set-literal#pixeepythonuse-set-literal) +#### ☕️ Java {#2024-01-26---codemodder-java} +- Added short-circuiting to improve performance of composed codemods +- New codemod: `sonar:java/remove-unused-private-method` removes unused `private` methods. These can increase both the mental load and maintenance burden of maintainers, as you have to keep compiling the unused code when making sweeping changes to the APIs used within the method. (for Sonar) See codemod documentation [here](https://docs.pixee.ai/codemods/java/sonar_java_remove-unused-private-method-s1144) +- New codemod: `sonar:java/declare-variable-on-separate-line` splits variable assignments onto their own lines. [Many](https://wiki.sei.cmu.edu/confluence/display/java/DCL52-J.+Do+not+declare+more+than+one+variable+per+declaration) [sources](https://rules.sonarsource.com/java/RSPEC-1659/) [believe](https://dart.dev/tools/linter-rules/avoid_multiple_declarations_per_line) it is easier to review code where the variables are separate statements on their own individual line. (for Sonar) See codemod documentation [here](https://docs.pixee.ai/codemods/java/sonar_java_declare-variable-on-separate-line-s1659) ## December 29, 2023 @@ -220,7 +219,7 @@ General support for Python is live! Some updates that made Python support possib - Java is Generally Available! Your Java repos will no longer be waitlisted #### 🐛 Bug Fixes {#2023-09-29---bug-fixes} - + - GitHub Comment Errors: We've resolved the issue where 422 errors were encountered while leaving comments on GitHub. You can now interact seamlessly without errors ## September 22, 2023 diff --git a/docs/using-pixeebot.md b/docs/using-pixeebot.md index 220abea..9d110a4 100644 --- a/docs/using-pixeebot.md +++ b/docs/using-pixeebot.md @@ -1,5 +1,5 @@ --- -sidebar_position: 4 +sidebar_position: 6 --- # User guide @@ -26,16 +26,16 @@ Within a couple of minutes, Pixeebot will open a new pull request with additiona ![Summon from issue](/img/summon3.png) +## Pull request reminders -## Pull request reminders +If a Pixeebot pull request remains open, two automatic reminders will occur over time in the form of comments on the pull request. -If a Pixeebot pull request remains open, two automatic reminders will occur over time in the form of comments on the pull request. +If the pull request is still not merged or closed after two weeks, Pixeebot will close it automatically with a final comment. -If the pull request is still not merged or closed after two weeks, Pixeebot will close it automatically with a final comment. - -If a closed pull request indicates additional recommendations are available, Pixeebot can still be summoned after the pull request has been reopened. +If a closed pull request indicates additional recommendations are available, Pixeebot can still be summoned after the pull request has been reopened. ## Pixeebot status + When a pull request is opened, Pixeebot will initiate its run, and you can monitor progress in the status checks section of your pull request. If Pixeebot does not have any recommendations, it will mark the check as Successful. If recommendations are found, a separate pull request will be generated, and the check will be marked as Neutral. Review the check details to access the new pull request link and additional information regarding the recommendations. If you merge the new pull request, the original check will register this and be updated to Successful. @@ -45,6 +45,7 @@ If Pixeebot does not have any recommendations, it will mark the check as Success ![checks in progress](/img/checks_in_progress.png) ## Pixeebot activity -The Activity dashboard exists as a GitHub Issue and offers a holistic perspective on Pixeebot's functionality within your repository. Through this interface, you can conveniently monitor your open pull requests, other available recommendations, and more. The dashboard is automatically enabled upon installation, provided that GitHub Issues are also enabled for your repository. + +The Activity dashboard exists as a GitHub Issue and offers a holistic perspective on Pixeebot's functionality within your repository. Through this interface, you can conveniently monitor your open pull requests, other available recommendations, and more. The dashboard is automatically enabled upon installation, provided that GitHub Issues are also enabled for your repository. The issue can remain open, and the data will automatically refresh with each Pixeebot analysis that occurs. If the issue is closed, the feature will be disabled and the data will become stale. Reopening it will reactivate the dashboard, and resume auto-updates when Pixeebot runs.