Implementation:OWASP Www project top 10 for large language model applications Publisher Publish

Overview

Concrete tool for the publication pipeline of finalized vulnerability entries including automated PR description generation, standardized PR templates, and GitHub Actions integration, provided by the scripts and templates in the repository. This is an External Tool Doc wrapping the rigging library with openai/gpt-4o-mini, the GitHub PR template, and the contributing guidelines.

Description

Publisher_Publish implements the publication pipeline for the OWASP Top 10 for LLM Applications. It consists of three components: the contributing guidelines (CONTRIBUTING.md) that direct contributors to the project site and style guide; the Pull Request template (.github/PULL_REQUEST_TEMPLATE.md) with structured checklist sections for Key Changes, Added, Changed, and Removed items; and the automated PR description generator (.hooks/generate_pr_description.py) that uses the rigging library with openai/gpt-4o-mini to analyze git diffs and produce concise markdown summaries. The generator computes the merge base between branches, retrieves the diff, truncates it if it exceeds a configurable maximum (default 1000 lines), and invokes the LLM with a structured prompt to produce the description. It includes security validations for git command execution, argument type checking, and path traversal prevention.

Usage

Use this tool when submitting finalized vulnerability entries or any other changes via Pull Request. The PR template is automatically applied by GitHub. The description generator can be run manually or integrated into pre-push hooks or CI pipelines to auto-populate PR descriptions.

Code Reference

Source Location

• Contributing Guidelines: CONTRIBUTING.md (Lines 1 through 25)
• PR Template: .github/PULL_REQUEST_TEMPLATE.md (Lines 1 through 30)
• PR Description Generator: .hooks/generate_pr_description.py (Lines 1 through 119)

Signature

Publisher.publish(
    entries: list[str],
    changelog: str,
    pr_template: str
) -> PublicationResult

Key functions in generate_pr_description.py:

@rg.prompt
def generate_pr_description(diff: str) -> Annotated[str, rg.Ctx("markdown")]:
    """
    Analyze the provided git diff and create a PR description in markdown format.
    """

async def _run_git_command(args: list[str]) -> str:
    """
    Safely run a git command with validated input.
    """

async def get_diff(base_ref: str, source_ref: str, *, exclude: list[str] | None = None) -> str:
    """
    Get the git diff between two branches.
    """

def main(
    base_ref: str = "origin/main",
    source_ref: str = "HEAD",
    generator_id: str = "openai/gpt-4o-mini",
    max_diff_lines: int = 1000,
    exclude: list[str] | None = None,
) -> None:
    """
    Use rigging to generate a PR description from a git diff.
    """

Import

# Dependencies declared in script header (PEP 723 inline metadata)
# requires-python = ">=3.10"
# dependencies = ["rigging", "typer"]

import rigging as rg
import typer

I/O Contract

Inputs

Outputs

Usage Examples

Example 1: Running the PR Description Generator

# Generate a PR description from the diff against origin/main
python .hooks/generate_pr_description.py

# With custom parameters
python .hooks/generate_pr_description.py \
    --base-ref origin/main \
    --source-ref HEAD \
    --generator-id "openai/gpt-4o-mini" \
    --max-diff-lines 1000 \
    --exclude ".hooks" --exclude "documentation"

Example 2: PR Template Structure

# [Title of Your PR]

**Key Changes:**

- [ ] List major changes and core updates
- [ ] Keep each line under 80 characters
- [ ] Focus on the "what" and "why"

**Added:**

- [ ] New features/functionality
- [ ] New files/configurations
- [ ] New dependencies

**Changed:**

- [ ] Updates to existing code
- [ ] Configuration changes
- [ ] Dependency updates

**Removed:**

- [ ] Deleted files/code
- [ ] Removed dependencies
- [ ] Cleaned up configurations

Example 3: Programmatic Publication Pipeline

import asyncio
import rigging as rg

# Step 1: Compute the diff
diff = asyncio.run(get_diff("origin/main", "HEAD"))

# Step 2: Truncate if necessary
TRUNCATION_WARNING = (
    "\n---\n**Note**: Due to the large size of this diff, "
    "some content has been truncated."
)
diff_lines = diff.split("\n")
if len(diff_lines) > 1000:
    diff = "\n".join(diff_lines[:1000]) + TRUNCATION_WARNING

# Step 3: Generate PR description using rigging with gpt-4o-mini
description = asyncio.run(
    generate_pr_description.bind("openai/gpt-4o-mini")(diff)
)

# Step 4: Create the Pull Request
print(description)

Example 4: Full Publication Workflow

# Step 1: Ensure style conformance
mdl --style .hooks/linters/mdstyle.rb 2_0_vulns/LLM01_PromptInjection.md

# Step 2: Stage and commit changes
git add 2_0_vulns/LLM01_PromptInjection.md
git commit -m "Finalize LLM01 Prompt Injection entry"

# Step 3: Generate PR description
PR_DESC=$(python .hooks/generate_pr_description.py)

# Step 4: Create Pull Request with generated description
gh pr create \
    --title "Publish LLM01 Prompt Injection" \
    --body "$PR_DESC"

Related Pages

• Principle:OWASP_Www_project_top_10_for_large_language_model_applications_Entry_Publication
• Environment:OWASP_Www_project_top_10_for_large_language_model_applications_Pre_Commit_Hooks_Environment
• Environment:OWASP_Www_project_top_10_for_large_language_model_applications_PR_Description_Generator_Runtime
• Heuristic:OWASP_Www_project_top_10_for_large_language_model_applications_SHA_Pinning_For_GitHub_Actions