brad/LLM_Engineering_OLD
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0f74c215df01efff386f7e6965b27879d69e01b6
LLM_Engineering_OLD/week4/community-contributions/salah/securecode-ai
History

README.md

SecureCode AI

AI-Powered Code Security & Performance Analyzer

Built for Week 4 of the LLM Engineering course - A novel solution that addresses real-world needs not covered by other community contributions.

Why SecureCode AI?

Unlike other Week 4 projects that focus on docstrings or code conversion, SecureCode AI provides:

Security vulnerability detection (OWASP Top 10) Performance bottleneck analysis (Big-O, complexity) Automated fix generation with explanations Unit test generation (happy path + edge cases) Educational focus - teaches WHY code is vulnerable/slow

Perfect for developers learning secure coding practices and performance optimization!

Features

🔒 Security Analysis

Detects real vulnerabilities following OWASP guidelines:

  • SQL Injection, XSS, Command Injection
  • Path Traversal, Insecure Deserialization
  • Hardcoded Credentials, Cryptographic Failures
  • Authentication/Authorization Issues

Performance Analysis

Identifies performance issues:

  • Time/Space Complexity (Big-O analysis)
  • Inefficient Algorithms (nested loops, N+1 queries)
  • Memory Leaks, Caching Opportunities
  • Blocking I/O Operations

🔧 Auto-Fix Generation

Automatically generates:

  • Secure code alternatives
  • Optimized implementations
  • Line-by-line explanations
  • Best practice recommendations

🧪 Unit Test Generation

Creates comprehensive test suites:

  • pytest/unittest compatible
  • Happy path, edge cases, error handling
  • Parameterized tests
  • Test fixtures and mocks

🌍 Multi-Language Support

Python, JavaScript, Java, C++, Go, Rust with auto-detection

🤖 Model Agnostic

Works with any OpenRouter model - free tier available!

Quick Start

See QUICKSTART.md for detailed setup instructions.

TL;DR - 2 Steps to Run (using uvx)

# 1. Configure (get free API key from openrouter.ai)
cd week4/securecode-ai
cp .env.example .env
# Edit .env and add: OPENROUTER_API_KEY=your-key-here

# 2. Run (uvx handles everything else!)
./run.sh

# Or run manually:
# uvx --with gradio --with openai --with python-dotenv python main.py

That's it! No installation needed - uvx handles all dependencies automatically.

The Gradio interface opens automatically at http://localhost:7860

First Time? The default model is FREE - no credit card needed!

Usage

Security Analysis

  1. Go to the "🔒 Security Analysis" tab
  2. Paste your code
  3. Select language (or use Auto-detect)
  4. Click "🔍 Analyze Security"
  5. Review the identified vulnerabilities

Performance Analysis

  1. Go to the " Performance Analysis" tab
  2. Paste your code
  3. Select language (or use Auto-detect)
  4. Click "🚀 Analyze Performance"
  5. Review performance issues and optimization suggestions

Generate Fix

  1. Go to the "🔧 Generate Fix" tab
  2. Paste your original code
  3. Paste the analysis report (from Security or Performance tab)
  4. Select language (or use Auto-detect)
  5. Click " Generate Fix"
  6. Review the fixed code and explanations

Generate Tests

  1. Go to the "🧪 Generate Tests" tab
  2. Paste your code (functions or classes)
  3. Select language (or use Auto-detect)
  4. Click "🧪 Generate Tests"
  5. Get complete pytest test file with:
    • Happy path tests
    • Edge cases
    • Error handling tests
    • Test fixtures if needed

Example Code

Try the example code in examples/:

  • vulnerable_code.py - Code with security issues
  • slow_code.py - Code with performance issues
  • sample_functions.py - Clean functions for test generation

Configuration

Changing Models

Edit .env to use different models:

# Free tier models (recommended for testing)
SECURECODE_MODEL=meta-llama/llama-3.1-8b-instruct:free
SECURECODE_MODEL=google/gemini-2.0-flash-exp:free

# Paid models (better quality)
SECURECODE_MODEL=openai/gpt-4o-mini
SECURECODE_MODEL=anthropic/claude-3.5-sonnet
SECURECODE_MODEL=qwen/qwen-2.5-coder-32b-instruct

Browse all available models at: https://openrouter.ai/models

Project Structure

Clean, modular Python architecture following best practices:

securecode-ai/
├── src/securecode/              # Main package
│   ├── analyzers/               # Analysis engines
│   │   ├── base_analyzer.py         # Base class with OpenRouter client
│   │   ├── security_analyzer.py     # OWASP security analysis
│   │   ├── performance_analyzer.py  # Performance profiling
│   │   ├── fix_generator.py         # Auto-fix generation
│   │   └── test_generator.py        # Unit test creation
│   ├── prompts/                 # Specialized AI prompts
│   │   ├── security_prompts.py      # Security expert persona
│   │   ├── performance_prompts.py   # Performance engineer persona
│   │   ├── fix_prompts.py           # Code fixing prompts
│   │   └── test_prompts.py          # Test generation prompts
│   ├── utils/
│   │   └── language_detector.py     # Auto-detect code language
│   ├── config.py                # Environment config
│   └── app.py                   # Gradio UI (4 tabs)
├── examples/                    # Test code samples
│   ├── vulnerable_code.py           # SQL injection, etc.
│   ├── slow_code.py                 # O(n²) algorithms
│   └── sample_functions.py          # Clean code for testing
├── main.py                      # Application entry point
├── pyproject.toml              # Modern Python packaging
├── .env.example                # Configuration template
├── setup.sh                    # Automated setup script
├── QUICKSTART.md              # Detailed setup guide
└── README.md                   # This file

Design Principles:

  • Separation of Concerns: Each analyzer is independent
  • DRY: Base class handles OpenRouter communication
  • Extensible: Easy to add new analyzers
  • Clean Code: Type hints, docstrings, descriptive names

Development

Install development dependencies

pip install -e ".[dev]"

Code formatting

black src/
ruff check src/

Running tests

pytest

How It Works

Architecture

User Code → Language Detection → Specialized Prompt → OpenRouter API → AI Model
                                                                           ↓
User Interface ← Streaming Response ← Analysis/Fix/Tests ← Model Response

Technical Implementation

  1. Multi-Analyzer Pattern: Separate classes for security, performance, fixes, and tests
  2. Specialized Prompts: Each analyzer uses persona-based prompts (security expert, performance engineer, etc.)
  3. Streaming Responses: Real-time output using Gradio's streaming capabilities
  4. Model Agnostic: Works with any OpenAI-compatible API through OpenRouter
  5. Clean Code: Type hints, docstrings, modular design

Example: Security Analysis Flow

# User pastes code
code = "query = f'SELECT * FROM users WHERE id = {user_id}'"

# Security analyzer builds prompt
prompt = SecurityPrompt(code, language="Python")

# Calls AI model via OpenRouter
response = openai.chat.completions.create(
    model="meta-llama/llama-3.1-8b-instruct:free",
    messages=[
        {"role": "system", "content": SECURITY_EXPERT_PROMPT},
        {"role": "user", "content": code}
    ],
    stream=True
)

# Streams results to UI
for chunk in response:
    yield chunk  # Real-time display

Cost Considerations

  • Free Tier Models: Use models with :free suffix (rate-limited but no cost)
  • Paid Models: More accurate but incur API costs (~$0.001-0.01 per analysis)
  • Recommended: Start with meta-llama/llama-3.1-8b-instruct:free for testing

Limitations

  • Analysis quality depends on the AI model used
  • Not a replacement for professional security audits
  • May produce false positives or miss subtle issues
  • Always review AI suggestions before applying to production

Support

For issues or questions, open an issue in the repository.

License

MIT License - See LICENSE file for details

Week 4 Learning Objectives Met

This project demonstrates mastery of all Week 4 skills:

Multi-Model Integration - Works with OpenAI, Anthropic, Google, Meta models Prompt Engineering - Specialized prompts for different analysis types Code Analysis & Generation - Security, performance, fixes, tests Gradio UI Development - Multi-tab interface with streaming Real-World Application - Addresses genuine developer needs Clean Architecture - Modular, extensible, well-documented

What Makes This Novel?

Compared to other Week 4 community contributions:

Feature Other Projects SecureCode AI
Docstring Generation (Many)
Code Conversion (Many)
Security Analysis None Unique
Performance Profiling None Unique
Educational Focus Limited Unique
Unit Test Generation (Some) Enhanced
Auto-Fix with Explanation None Unique

Result: A production-ready tool that teaches secure coding while solving real problems!

Acknowledgments

  • LLM Engineering Course by Edward Donner
  • OpenRouter for multi-model API access
  • Gradio for the excellent UI framework
  • OWASP for security guidelines
  • Community for inspiration from Week 4 contributions

Contributing

Ideas for enhancements:

  • Add more security rules (SANS Top 25, CWE)
  • Implement batch file processing
  • CI/CD integration (GitHub Actions)
  • VSCode extension
  • API endpoint for programmatic access
  • Support for more languages

License

MIT License - See LICENSE file for details

Built with ❤️ for developers who care about security and performance

Reference in New Issue View Git Blame Copy Permalink