model

package
v0.0.17 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 10, 2026 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// DatadogDriverConfigFilename is the name of the Datadog driver configuration file
	DatadogDriverConfigFilename = ".datadog-driver.json"

	// DatadogDriverEnabledEnvVar is the environment variable name to enable Datadog driver
	DatadogDriverEnabledEnvVar = "DATADOG_DRIVER_ENABLED"
)
View Source 
const (
	// Provider names
	ProviderOpenAI    = "openai"
	ProviderAnthropic = "anthropic"
	ProviderGoogle    = "google"

	// OpenAI model names
	OpenAIGPT5MiniName   = "openai-gpt5-mini"
	OpenAIGPT52Name      = "openai-gpt5.2"
	OpenAIGPT52CodexName = "openai-gpt5.2-codex"

	// Anthropic model names
	Claude45SonnetName      = "claude-sonnet-4-5"
	Claude45SonnetInputName = "claude-4.5-sonnet"
	Claude45HaikuName       = "claude-haiku-4-5"
	Claude45HaikuInputName  = "claude-4.5-haiku"

	// Google model names
	Gemini25ProName       = "gemini-2.5-pro"
	Gemini25FlashName     = "gemini-2.5-flash"
	Gemini2FlashLiteName  = "gemini-2.0-flash-lite"
	Gemini3FlashName      = "gemini-3-flash-preview"
	Gemini3FlashInputName = "gemini-3-flash"

	// Mistral model names
	Devstral2Name = "devstral-2"

	// Qwen model names
	Qwen25Starcoder7bName = "qwen2.5-coder-7b"
)
View Source 
const (
	SqlInjectionShortName     = "sqli"
	CommandInjectionShortName = "cmdi"
	XssShortName              = "xss"
	XpathInjectionShortName   = "xpathi"
)
View Source 
const (
	CweSqlInjection     = 89
	CweCommandInjection = 78
	CweXss              = 79
	CweXpathInjection   = 94
)
View Source 
const EngineVersion = "1.0.1"

EngineVersion is the current version of the engine.

View Source 
const Unknown = "unknown"

Unknown is a constant for unknown values

Variables

View Source 
var (
	ModelUnknown = Model{ID: 0, Name: Unknown, Provider: Unknown}
	// OpenAI models
	OpenAIGPT5Mini   = Model{ID: 12, Name: OpenAIGPT5MiniName, Provider: ProviderOpenAI}
	OpenAIGPT52      = Model{ID: 13, Name: OpenAIGPT52Name, Provider: ProviderOpenAI}
	OpenAIGPT52Codex = Model{ID: 13, Name: OpenAIGPT52CodexName, Provider: ProviderOpenAI}

	// Anthropic models
	Claude45Sonnet = Model{ID: 34, Name: Claude45SonnetName, CLIName: Claude45SonnetInputName, Provider: ProviderAnthropic}
	Claude45Haiku  = Model{ID: 35, Name: Claude45HaikuName, CLIName: Claude45HaikuInputName, Provider: ProviderAnthropic}
	// Google models
	Gemini25Pro      = Model{ID: 51, Name: Gemini25ProName, Provider: ProviderGoogle}
	Gemini25Flash    = Model{ID: 52, Name: Gemini25FlashName, Provider: ProviderGoogle}
	Gemini2FlashLite = Model{ID: 53, Name: Gemini2FlashLiteName, Provider: ProviderGoogle}
	Gemini3Flash     = Model{ID: 54, Name: Gemini3FlashName, CLIName: Gemini3FlashInputName, Provider: ProviderGoogle}
	// Mistral
	Devstral2 = Model{ID: 71, Name: Devstral2Name, Provider: "mistral"}
	// Qwen
	Qwen25Starcoder7b = Model{ID: 91, Name: Qwen25Starcoder7bName, Provider: "qwen"}
)
View Source 
var ErrCannotGetContext = errors.New("cannot get context")
View Source 
var ErrGettingTags = errors.New("get tags failed")
View Source 
var ErrInvalidLanguage = errors.New("invalid language")
View Source 
var ErrLLMCall = errors.New("LLM call failed")
View Source 
var ErrSystemTemplateNotFound = errors.New("system template not found")
View Source 
var ErrTemplateExecution = errors.New("template failed to build")
View Source 
var ErrUnsupportedModel = errors.New("unsupported model")
View Source 
var ErrUserTemplateNotFound = errors.New("user template not found")
View Source 
var SCMCommit = Unknown

SCMCommit is the git commit hash, set at build time via ldflags. Example: go build -ldflags "-X github.com/DataDog/datadog-saist/internal/model.SCMCommit=abc123"

View Source 
var Version = "dev"

Version is the release version, set at build time via ldflags. Example: go build -ldflags "-X github.com/DataDog/datadog-saist/internal/model.Version=v1.0.0"

Functions

func GenerateFingerprint 

func GenerateFingerprint(repoID, ruleName, filePath, lineContent string) string

GenerateFingerprint creates a hash based on repo ID, rule name, filepath, directory length, line content, and line length

func GetAllModelStrings 

func GetAllModelStrings() []string

func GetLineContent 

func GetLineContent(fileText string, lineNumber uint) string

GetLineContent extracts the content of a specific line from file text

func HasFalsePositive 

func HasFalsePositive(memory []VulnerabilityMemory, ruleId, file string, line uint) bool

HasFalsePositive checks that the memory argument contains an element that matches the arguments and has a MemoryType FP for False Positive

Types

type AiContextFile 

type AiContextFile struct {
	Language Language `json:"language"`
	Tags     []Tag    `json:"tags"`
}

type AiContextProject 

type AiContextProject struct {
	// for each language, list the files for this language
	Languages map[Language]map[string]struct{} `json:"languages"`

	// the file context for each file
	FileContext map[string]AiContextFile `json:"file_context"`
	// list of tags definition for each tag
	Tags map[string][]Tag `json:"tags"`
}

func NewAiContextProject 

func NewAiContextProject() AiContextProject

func (*AiContextProject) GetFilesForTagsAndType 

func (e *AiContextProject) GetFilesForTagsAndType(tagName string, tagType TagType) []Tag

func (*AiContextProject) GetTagsForFile 

func (e *AiContextProject) GetTagsForFile(filePath string) []Tag

func (*AiContextProject) HumanPrint 

func (e *AiContextProject) HumanPrint()

func (*AiContextProject) MergeFileContext 

func (e *AiContextProject) MergeFileContext(path string, aiContext AiContextFile)

type AnalysisOptions 

type AnalysisOptions struct {
	Directory         string
	DetectionModel    Model
	ValidationModel   Model
	Debug             bool
	OpenAIBaseURL     string
	RequestTimeoutSec int
	FileConcurrency   int
	WritePrompts      bool
	IsAIGateway       bool
	AIGuardEnabled    bool
	Rules             []api.AiPrompt
	OrgID             int64
	RepositoryID      string
	SkipIndexing      bool
	DatadogDriver     *DatadogDriverConfig
}

AnalysisOptions contains all configuration options for the analysis (internal use only)

func (*AnalysisOptions) Display 

func (opts *AnalysisOptions) Display()

Display prints the AnalysisOptions information to stdout

type DatadogDriverConfig 

type DatadogDriverConfig struct {
	Files map[string][]string `json:"files"`
}

DatadogDriverConfig stores configuration for the Datadog driver

type DetectionContext 

type DetectionContext struct {
	ProjectContext      AiContextProject
	Language            Language
	RepositoryDirectory string
	Path                string
	Code                string
	RelatedFiles        []DetectionContextRelatedFile
	WritePrompts        bool
	Rule                api.AiPrompt

	// StrippedCode is the lowercased code with comments/docstrings stripped.
	// Pre-compute this once per file and reuse across multiple rule checks
	// to avoid redundant regex operations. If empty, it will be computed on demand.
	StrippedCode string
}

type DetectionContextRelatedFile 

type DetectionContextRelatedFile struct {
	Path    string
	Content string
}

type DetectionPromptSystem 

type DetectionPromptSystem struct {
	Language   Language
	Frameworks []string
}

type DetectionPromptUser 

type DetectionPromptUser struct {
	Language   Language
	Frameworks []string
	Libraries  []string
	Path       string
	Code       string
}

type File 

type File struct {
	Path string
	Hash string
}

type FileContent added in v0.0.17 

type FileContent struct {
	Text     string
	Numbered string
}

FileContent holds file text shared across all ScanData for the same file, avoiding duplicate string allocations when multiple rules apply to one file.

type FileResult 

type FileResult struct {
	Path           string
	Violations     []Violation
	InputTokens    int32
	OutputTokens   int32
	LLMCalls       int32
	RulesSucceeded []string
	RulesFailed    []string
}

type FunctionCall 

type FunctionCall struct {
	Name     string
	Language Language
	Path     string
	Line     uint
}

type FunctionDefinition 

type FunctionDefinition struct {
	Name      string
	Language  Language
	Path      string
	StartLine uint
	EndLine   uint
}

type LLMResult 

type LLMResult struct {
	Violations []LLMResultViolation `json:"violations"`
}

type LLMResultViolation 

type LLMResultViolation struct {
	StartLine   uint   `json:"startLine"`
	StartColumn uint   `json:"startColumn"`
	EndLine     uint   `json:"endLine"`
	EndColumn   uint   `json:"endColumn"`
	Reason      string `json:"reason"`
}

type Language 

type Language int
const (
	LanguageUnknown Language = iota
	Java
	Go
	Python
	CSharp
	JavaScript
	TypeScript
)

func GetAllLanguages 

func GetAllLanguages() []Language

func GetLanguage 

func GetLanguage(filePath string) Language

func GetLanguageForPath 

func GetLanguageForPath(filePath string) Language

GetLanguageForPath is an alias for GetLanguage for compatibility

func (Language) String 

func (l Language) String() string

type MemoryType 

type MemoryType string
const (
	MemoryTypeTP MemoryType = "TP"
	MemoryTypeFP MemoryType = "FP"
)

type Model 

type Model struct {
	ID          int
	Name        string
	CLIName     string // user-facing CLI name; falls back to Name if empty
	Provider    string
	RawAPIModel string // When set, this is used directly for API calls (for custom AI Gateway models)
}

func GetAllModels 

func GetAllModels() []Model

func GetModel 

func GetModel(modelStr string) (Model, error)

func GetModelByID 

func GetModelByID(id int) (Model, bool)

GetModelByID gets a model by its numeric ID and returns true if found, otherwise false.

func GetModelOrPassthrough 

func GetModelOrPassthrough(modelStr string, allowPassthrough bool) (Model, error)

GetModelOrPassthrough attempts to get a predefined model, but if allowPassthrough is true and the model is not found, it will accept any arbitrary string as a custom model. This is useful for AI Gateway scenarios where the model string can be arbitrary.

func (Model) GetCLIName added in v0.0.16 

func (m Model) GetCLIName() string

func (Model) IsAnthropic 

func (m Model) IsAnthropic() bool

func (Model) IsCustom 

func (m Model) IsCustom() bool

func (Model) IsGoogle 

func (m Model) IsGoogle() bool

func (Model) IsOpenAI 

func (m Model) IsOpenAI() bool

func (Model) RequiresMaxCompletionTokens 

func (m Model) RequiresMaxCompletionTokens() bool

RequiresMaxCompletionTokens returns true if this model requires MaxCompletionTokens instead of MaxTokens

func (Model) String 

func (m Model) String() string

func (Model) ToAPIModel 

func (m Model) ToAPIModel() string

func (Model) ToAPIModelWithFormat 

func (m Model) ToAPIModelWithFormat(isAIGateway bool) string

type PromptMemory 

type PromptMemory struct {
	Language       Language
	TruePositives  []PromptMemoryItem
	FalsePositives []PromptMemoryItem
}

type PromptMemoryItem 

type PromptMemoryItem struct {
	MemoryType MemoryType
	Language   Language
	Code       string
	Reason     string
}

type ScanData 

type ScanData struct {
	Model Model

	UserPrompt   string
	SystemPrompt string

	EngineVersion    string
	RelativeFilePath string
	FileHash         string

	// FileContent is shared across all ScanData built for the same file.
	FileContent *FileContent

	// Rule
	Rule *api.AiPrompt
}

ScanData contains all the information needed to execute a scan.

type Tag 

type Tag struct {
	Name     string
	Path     string
	Type     TagType
	Language Language
}

func RankTagsPerLocality 

func RankTagsPerLocality(tags []Tag, path string) []Tag

type TagType 

type TagType int
const (
	TagUnknown TagType = iota
	TagReference
	TagDefinition
	TagPackage
)

type Violation 

type Violation struct {
	Rule        string
	Cwe         *string
	Path        string
	FileHash    string
	StartLine   uint
	StartColumn uint
	EndLine     uint
	EndColumn   uint
	Message     string
	Fingerprint string
}

func (Violation) String 

func (violation Violation) String() string

type Vulnerability 

type Vulnerability int
const (
	VulnerabilityUnknown Vulnerability = iota
	SqlInjection
	CommandInjection
	Xss            = 3
	XpathInjection = 4
)

func GetAllVulnerabilities 

func GetAllVulnerabilities() []Vulnerability

func GetVulnerabilityFromShortName 

func GetVulnerabilityFromShortName(shortName string) Vulnerability

func (Vulnerability) GetCwe 

func (v Vulnerability) GetCwe() (int, error)

func (Vulnerability) ShortName 

func (v Vulnerability) ShortName() string

func (Vulnerability) String 

func (v Vulnerability) String() string

type VulnerabilityMemory 

type VulnerabilityMemory struct {
	RuleID     string
	File       string
	Line       uint
	MemoryType MemoryType
	Reason     string
}

func FilterVulnerabilityMemory 

func FilterVulnerabilityMemory(memory []VulnerabilityMemory, rule *api.AiPrompt, language Language) []VulnerabilityMemory

FilterVulnerabilityMemory filter the elements based on the ruleId

func RankVulnerabilityMemory 

func RankVulnerabilityMemory(memory []VulnerabilityMemory, path string) []VulnerabilityMemory

RankVulnerabilityMemory returns the items the closer to the path passed in parameters. It evaluates the path passed as argument with the File attribute of each element of the memory.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.