Comment on page
Find sensitive API endpoints
org.openrewrite.java.security.search.FindSensitiveApiEndpoints
Find data models exposed by REST APIs that contain sensitive information like PII and secrets.
- groupId: org.openrewrite.recipe
- artifactId: rewrite-java-security
- version: 2.1.0
Type | Name | Description |
---|---|---|
List | fieldNames | Field names to search for. |
Boolean | transitive | Optional. Find model objects that contain other model objects that contain sensitive data. |
The API endpoints that expose sensitive data.
Column Name | Description |
---|---|
Source path | The path to the source file containing the API endpoint definition. |
Method name | The name of the method that defines the API endpoint. |
Method | The HTTP method of the API endpoint. |
Path | The path of the API endpoint. |
Sensitive field | The piece of sensitive data that is included. |
Sensitive data path | The sensitive data exposed by the API endpoint. |
This recipe has required configuration parameters. Recipes with required configuration parameters cannot be activated directly. To activate this recipe you must create a new recipe which fills in the required parameters. In your
rewrite.yml
create a new recipe with a unique name. For example: com.yourorg.FindSensitiveApiEndpointsExample
. Here's how you can define and customize such a recipe within your rewrite.yml:rewrite.yml
---
type: specs.openrewrite.org/v1beta/recipe
name: com.yourorg.FindSensitiveApiEndpointsExample
displayName: Find sensitive API endpoints example
recipeList:
- org.openrewrite.java.security.search.FindSensitiveApiEndpoints:
fieldNames: password,dateOfBirth,dob,ssn
transitive: null
Now that
com.yourorg.FindSensitiveApiEndpointsExample
has been defined activate it and take a dependency on org.openrewrite.recipe:rewrite-java-security:2.1.0 in your build file:Gradle
Maven
Moderne CLI
- 1.Add the following to your
build.gradle
file:
build.gradle
plugins {
id("org.openrewrite.rewrite") version("6.5.6")
}
rewrite {
activeRecipe("com.yourorg.FindSensitiveApiEndpointsExample")
}
repositories {
mavenCentral()
}
dependencies {
rewrite("org.openrewrite.recipe:rewrite-java-security:2.1.0")
}
- 2.Run
gradle rewriteRun
to run the recipe.
- 1.Add the following to your
pom.xml
file:
pom.xml
<project>
<build>
<plugins>
<plugin>
<groupId>org.openrewrite.maven</groupId>
<artifactId>rewrite-maven-plugin</artifactId>
<version>5.13.0</version>
<configuration>
<activeRecipes>
<recipe>com.yourorg.FindSensitiveApiEndpointsExample</recipe>
</activeRecipes>
</configuration>
<dependencies>
<dependency>
<groupId>org.openrewrite.recipe</groupId>
<artifactId>rewrite-java-security</artifactId>
<version>2.1.0</version>
</dependency>
</dependencies>
</plugin>
</plugins>
</build>
</project>
- 2.Run
mvn rewrite:run
to run the recipe.
You will need to have configured the Moderne CLI on your machine before you can run the following command.
shell
mod run . --recipe FindSensitiveApiEndpoints
The community edition of the Moderne platform enables you to easily run recipes across thousands of open-source repositories.
Please contact Moderne for more information about safely running the recipes on your own codebase in a private SaaS.