Skip to main content

Recipes by Tag

This doc contains all recipe tags and the recipes that are tagged with them.

Total tags: 463

5to6

7 recipes

activation

2 recipes

ai

1 recipe

annotation

3 recipes

annotations

1 recipe

apache

16 recipes

application

3 recipes

application-client

3 recipes

arquillian

1 recipe

assertj

10 recipes

authentication

2 recipes

authorization

2 recipes

AWS

54 recipes

Azure

49 recipes

batch

7 recipes

batchXML

1 recipe

bean validation

1 recipe

beans

2 recipes

best practices

1 recipe

  • Jackson best practices - Apply best practices for using Jackson library, including upgrade to Jackson 2.x and removing redundant annotations.

bindings

1 recipe

boot

46 recipes

  • Comment deprecated methods in Spring 3.4 - Spring Boot 3.4 deprecates methods that are not commonly used or need manual interaction.
  • Downgrade Jakarta Servlet API to 5.0 when using Jetty - Jetty does not yet support Servlet 6.0. This recipe will detect the presence of the spring-boot-starter-jetty as a first-order dependency and will add the maven property jakarta-servlet.version setting it's value to 5.0.0. This will downgrade the jakarta-servlet artifact if the pom's parent extends from the spring-boot-parent.
  • Find patterns that require updating for Spring Boot 2.5 - Looks for a series of patterns that have not yet had auto-remediation recipes developed for.
  • Find projects affected by changes to the default error view message attribute - As of Spring Boot 2.5 the message attribute in the default error view was removed rather than blanked when it is not shown. spring-webmvc or spring-webflux projects that parse the error response JSON may need to deal with the missing item (release notes). You can still use the server.error.include-message property if you want messages to be included.
  • Migrate SAP cloud foundry logging support to Spring Boot 3.x - Migrate SAP cloud foundry logging support from cf-java-logging-support-servlet to cf-java-logging-support-servlet-jakarta, to use Jakarta with Spring Boot 3.
  • Migrate Spring Boot 2.x projects to JUnit 5 from JUnit 4 - This recipe will migrate a Spring Boot application's tests from JUnit 4 to JUnit 5. This spring-specific migration includes conversion of Spring Test runners to Spring Test extensions and awareness of the composable Spring Test annotations.
  • Migrate Spring Boot Management Endpoint Security properties to 3.4 - Migrate the settings for Management Endpoint Security from true|false to read-only|none.
  • Migrate Spring Boot properties to 2.0 - Migrate properties found in application.properties and application.yml.
  • Migrate Spring Boot properties to 2.1 - Migrate properties found in application.properties and application.yml.
  • Migrate Spring Boot properties to 2.2 - Migrate properties found in application.properties and application.yml.
  • Migrate Spring Boot properties to 2.3 - Migrate properties found in application.properties and application.yml.
  • Migrate Spring Boot properties to 2.4 - Migrate properties found in application.properties and application.yml.
  • Migrate Spring Boot properties to 2.5 - Migrate properties found in application.properties and application.yml.
  • Migrate Spring Boot properties to 2.6 - Migrate properties found in application.properties and application.yml.
  • Migrate Spring Boot properties to 2.7 - Migrate properties found in application.properties and application.yml.
  • Migrate Spring Boot properties to 3.0 - Migrate properties found in application.properties and application.yml.
  • Migrate Spring Boot properties to 3.1 - Migrate properties found in application.properties and application.yml.
  • Migrate Spring Boot properties to 3.2 - Migrate properties found in application.properties and application.yml.
  • Migrate Spring Boot properties to 3.3 - Migrate properties found in application.properties and application.yml.
  • Migrate Spring Boot properties to 3.4 - Migrate properties found in application.properties and application.yml.
  • Migrate Spring Boot properties to 3.5 - Migrate properties found in application.properties and application.yml.
  • Migrate Spring to Spring Boot - Migrate non Spring Boot applications to the latest compatible Spring Boot release. This recipe will modify an application's build files introducing Maven dependency management for Spring Boot, or adding the Gradle Spring Boot build plugin.
  • Migrate dropWizard dependencies to Spring Boot 3.x - Migrate dropWizard dependencies to the new artifactId, since these are changed with Spring Boot 3.
  • Migrate from Spring Boot 1.x to 2.0 - Migrate Spring Boot 1.x applications to the latest Spring Boot 2.0 release. This recipe will modify an application's build files, make changes to deprecated/preferred APIs, and migrate configuration settings that have changes between versions. This recipe will also chain additional framework migrations (Spring Framework, Spring Data, etc) that are required as part of the migration to Spring Boot 2.0.
  • Migrate thymeleaf dependencies to Spring Boot 3.x - Migrate thymeleaf dependencies to the new artifactId, since these are changed with Spring Boot 3.
  • Migrate to Spring Boot 2.1 - Migrate applications to the latest Spring Boot 2.1 release. This recipe will modify an application's build files, make changes to deprecated/preferred APIs, and migrate configuration settings that have changes between versions. This recipe will also chain additional framework migrations (Spring Framework, Spring Data, etc) that are required as part of the migration to Spring Boot 2.1.
  • Migrate to Spring Boot 2.2 - Migrate applications to the latest Spring Boot 2.2 release. This recipe will modify an application's build files, make changes to deprecated/preferred APIs, and migrate configuration settings that have changes between versions. This recipe will also chain additional framework migrations (Spring Framework, Spring Data, etc) that are required as part of the migration to Spring Boot 2.2.
  • Migrate to Spring Boot 2.3 - Migrate applications to the latest Spring Boot 2.3 release. This recipe will modify an application's build files, make changes to deprecated/preferred APIs, and migrate configuration settings that have changes between versions. This recipe will also chain additional framework migrations (Spring Framework, Spring Data, etc) that are required as part of the migration to Spring Boot 2.3.
  • Migrate to Spring Boot 2.4 - Migrate applications to the latest Spring Boot 2.4 release. This recipe will modify an application's build files, make changes to deprecated/preferred APIs, and migrate configuration settings that have changes between versions. This recipe will also chain additional framework migrations (Spring Framework, Spring Data, etc) that are required as part of the migration to Spring Boot 2.4.
  • Migrate to Spring Boot 2.6 - Migrate applications to the latest Spring Boot 2.6 release. This recipe will modify an application's build files, make changes to deprecated/preferred APIs, and migrate configuration settings that have changes between versions. This recipe will also chain additional framework migrations (Spring Framework, Spring Data, etc) that are required as part of the migration to Spring Boot 2.6.
  • Migrate to Spring Boot 3.0 - Migrate applications to the latest Spring Boot 3.0 release. This recipe will modify an application's build files, make changes to deprecated/preferred APIs, and migrate configuration settings that have changes between versions. This recipe will also chain additional framework migrations (Spring Framework, Spring Data, etc) that are required as part of the migration to Spring Boot 2.7.
  • Migrate to Spring Boot 3.1 - Migrate applications to the latest Spring Boot 3.1 release. This recipe will modify an application's build files, make changes to deprecated/preferred APIs, and migrate configuration settings that have changes between versions. This recipe will also chain additional framework migrations (Spring Framework, Spring Data, etc) that are required as part of the migration to Spring Boot 3.0.
  • Migrate to Spring Boot 3.2 - Migrate applications to the latest Spring Boot 3.2 release. This recipe will modify an application's build files, make changes to deprecated/preferred APIs, and migrate configuration settings that have changes between versions. This recipe will also chain additional framework migrations (Spring Framework, Spring Data, etc) that are required as part of the migration to Spring Boot 3.1.
  • Migrate to Spring Boot 3.3 - Migrate applications to the latest Spring Boot 3.3 release. This recipe will modify an application's build files, make changes to deprecated/preferred APIs, and migrate configuration settings that have changes between versions. This recipe will also chain additional framework migrations (Spring Framework, Spring Data, etc) that are required as part of the migration to Spring Boot 3.2.
  • Migrate to Spring Boot 3.4 - Migrate applications to the latest Spring Boot 3.4 release. This recipe will modify an application's build files, make changes to deprecated/preferred APIs, and migrate configuration settings that have changes between versions. This recipe will also chain additional framework migrations (Spring Framework, Spring Data, etc) that are required as part of the migration to Spring Boot 3.4.
  • Migrate to Spring Boot 3.4 - Migrate applications to the latest Spring Boot 3.4 release. This recipe will modify an application's build files, make changes to deprecated/preferred APIs.
  • Migrate to Spring Boot 3.5 - Migrate applications to the latest Spring Boot 3.5 release. This recipe will modify an application's build files, make changes to deprecated/preferred APIs, and migrate configuration settings that have changes between versions. This recipe will also chain additional framework migrations (Spring Framework, Spring Data, etc) that are required as part of the migration to Spring Boot 3.5.
  • Remove the deprecated properties additional-keys-to-sanitize from the configprops and env end points - Spring Boot 3.0 removed the key-based sanitization mechanism used in Spring Boot 2.x in favor of a unified approach. See https://github.com/openrewrite/rewrite-spring/issues/228
  • Rename server.max-http-header-size to server.max-http-request-header-size - Previously, the server.max-http-header-size was treated inconsistently across the four supported embedded web servers. When using Jetty, Netty, or Undertow it would configure the max HTTP request header size. When using Tomcat it would configure the max HTTP request and response header sizes. The renamed property is used to configure the http request header size in Spring Boot 3.0. To limit the max header size of an HTTP response on Tomcat or Jetty (the only two servers that support such a setting), use a WebServerFactoryCustomizer.
  • Spring Boot 2.x best practices - Applies best practices to Spring Boot 2 applications.
  • Spring Boot 3.3 best practices - Applies best practices to Spring Boot 3 applications.
  • Spring Boot 3.3 best practices (only) - Applies best practices to Spring Boot 3 applications, without chaining in upgrades to Spring Boot.
  • Spring Boot 3.5 best practices - Applies best practices to Spring Boot 3.5+ applications.
  • Upgrade Gradle 8 to 8.4+ for Spring Boot 3.4 - Spring Boot 3.4 requires Gradle 8.4+.
  • Upgrade Gradle to 7.6.4+ for Spring Boot 3.4 - Spring Boot 3.4 requires Gradle 7.6.4.
  • Use bean name applicationTaskExecutor instead of taskExecutor - Spring Boot 3.5 removed the bean name taskExecutor. Where this bean name is used, the recipe replaces the bean name to applicationTaskExecutor. This also includes instances where the developer provided their own bean named taskExecutor. This also includes scenarios where JSR-250's @Resource annotation is used.

bouncycastle

2 recipes

cacheManager

1 recipe

cdi

2 recipes

CKV2_AZURE_8

1 recipe

CKV_AWS_10

1 recipe

CKV_AWS_11

1 recipe

CKV_AWS_115

1 recipe

CKV_AWS_118

1 recipe

CKV_AWS_12

1 recipe

CKV_AWS_120

1 recipe

CKV_AWS_126

1 recipe

CKV_AWS_129

1 recipe

CKV_AWS_13

1 recipe

CKV_AWS_130

1 recipe

CKV_AWS_135

1 recipe

CKV_AWS_136

1 recipe

CKV_AWS_14

1 recipe

CKV_AWS_147

1 recipe

  • Encrypt CodeBuild projects - Build artifacts, such as a cache, logs, exported raw test report data files, and build results, are encrypted by default using CMKs for Amazon S3 that are managed by the AWS Key Management Service.

CKV_AWS_15

1 recipe

CKV_AWS_157

1 recipe

CKV_AWS_16

1 recipe

  • Encrypt RDS clusters - Native RDS encryption helps protect your cloud applications and fulfils compliance requirements for data-at-rest encryption.

CKV_AWS_161

1 recipe

CKV_AWS_17

1 recipe

CKV_AWS_18

1 recipe

CKV_AWS_19

1 recipe

CKV_AWS_21

1 recipe

CKV_AWS_28

1 recipe

  • Enable point-in-time recovery for DynamoDB - DynamoDB Point-In-Time Recovery (PITR) is an automatic backup service for DynamoDB table data that helps protect your DynamoDB tables from accidental write or delete operations.

CKV_AWS_29

1 recipe

CKV_AWS_3

1 recipe

  • Encrypt EBS volumes - Encrypting EBS volumes ensures that replicated copies of your images are secure even if they are accidentally exposed. AWS EBS encryption uses AWS KMS customer master keys (CMK) when creating encrypted volumes and snapshots. Storing EBS volumes in their encrypted state reduces the risk of data exposure or data loss.

CKV_AWS_30

1 recipe

  • Encrypt ElastiCache Redis in transit - ElastiCache for Redis offers optional encryption in transit. In-transit encryption provides an additional layer of data protection when transferring data over standard HTTPS protocol.

CKV_AWS_33

1 recipe

  • Scan images pushed to ECR - ECR Image Scanning assesses and identifies operating system vulnerabilities. Using automated image scans you can ensure container image vulnerabilities are found before getting pushed to production.

CKV_AWS_34

1 recipe

CKV_AWS_36

1 recipe

CKV_AWS_37

1 recipe

CKV_AWS_39

1 recipe

CKV_AWS_4

1 recipe

  • Encrypt EBS snapshots - EBS snapshots should be encrypted, as they often include sensitive information, customer PII or CPNI.

CKV_AWS_42

1 recipe

CKV_AWS_43

1 recipe

CKV_AWS_44

1 recipe

CKV_AWS_47

1 recipe

  • Encrypt DAX storage at rest - DAX encryption at rest automatically integrates with AWS KMS for managing the single service default key used to encrypt clusters.

CKV_AWS_5

1 recipe

CKV_AWS_50

1 recipe

CKV_AWS_51

1 recipe

  • Make ECR tags immutable - Amazon ECR supports immutable tags, preventing image tags from being overwritten. In the past, ECR tags could have been overwritten, this could be overcome by requiring users to uniquely identify an image using a naming convention.

CKV_AWS_6

1 recipe

CKV_AWS_64

1 recipe

CKV_AWS_7

1 recipe

CKV_AWS_74

1 recipe

  • Encrypt DocumentDB storage - The encryption feature available for Amazon DocumentDB clusters provides an additional layer of data protection by helping secure your data against unauthorized access to the underlying storage.

CKV_AWS_79

1 recipe

CKV_AWS_8

1 recipe

  • Encrypt EBS volume launch configurations - EBS volumes allow you to create encrypted launch configurations when creating EC2 instances and auto scaling. When the entire EBS volume is encrypted, data stored at rest on the volume, disk I/O, snapshots created from the volume, and data in-transit between EBS and EC2 are all encrypted.

CKV_AWS_83

1 recipe

CKV_AWS_9

1 recipe

CKV_AWS_96

1 recipe

  • Encrypt Aurora clusters - Native Aurora encryption helps protect your cloud applications and fulfils compliance requirements for data-at-rest encryption.

CKV_AWS_97

1 recipe

CKV_AZURE_102

1 recipe

CKV_AZURE_109

1 recipe

CKV_AZURE_110

1 recipe

CKV_AZURE_112

1 recipe

CKV_AZURE_114

1 recipe

CKV_AZURE_116

1 recipe

  • Ensure AKS policies add-on - Azure Policy Add-on for Kubernetes service (AKS) extends Gatekeeper v3, an admission controller webhook for Open Policy Agent (OPA), to apply at-scale enforcements and safeguards on your clusters in a centralized, consistent manner.

CKV_AZURE_12

1 recipe

CKV_AZURE_120

1 recipe

CKV_AZURE_127

1 recipe

CKV_AZURE_128

1 recipe

CKV_AZURE_130

1 recipe

CKV_AZURE_14

1 recipe

CKV_AZURE_15

1 recipe

CKV_AZURE_17

1 recipe

CKV_AZURE_18

1 recipe

CKV_AZURE_19

1 recipe

CKV_AZURE_2

1 recipe

CKV_AZURE_20

1 recipe

CKV_AZURE_21

1 recipe

CKV_AZURE_22

1 recipe

CKV_AZURE_24

1 recipe

CKV_AZURE_25

1 recipe

CKV_AZURE_26

1 recipe

CKV_AZURE_27

1 recipe

CKV_AZURE_28

1 recipe

CKV_AZURE_29

1 recipe

CKV_AZURE_3

1 recipe

CKV_AZURE_35

1 recipe

CKV_AZURE_36

1 recipe

  • Enable Azure Storage Account Trusted Microsoft Services access - Certain Microsoft services that interact with storage accounts operate from networks that cannot be granted access through network rules. Using this configuration, you can allow the set of trusted Microsoft services to bypass those network rules.

CKV_AZURE_37

1 recipe

CKV_AZURE_38

1 recipe

CKV_AZURE_40

1 recipe

CKV_AZURE_41

1 recipe

CKV_AZURE_42

1 recipe

CKV_AZURE_44

1 recipe

  • Ensure storage account uses latest TLS version - Communication between an Azure Storage account and a client application is encrypted using Transport Layer Security (TLS). Microsoft recommends using the latest version of TLS for all your Microsoft Azure App Service web applications.

CKV_AZURE_53

1 recipe

CKV_AZURE_54

1 recipe

CKV_AZURE_63

1 recipe

CKV_AZURE_65

1 recipe

CKV_AZURE_66

1 recipe

CKV_AZURE_68

1 recipe

CKV_AZURE_71

1 recipe

CKV_AZURE_78

1 recipe

CKV_AZURE_8

1 recipe

  • Disable Kubernetes dashboard - Disabling the dashboard eliminates it as an attack vector. The dashboard add-on is disabled by default for all new clusters created on Kubernetes 1.18 or greater.

CKV_AZURE_88

1 recipe

CKV_AZURE_90

1 recipe

CKV_AZURE_94

1 recipe

CKV_GCP_24

1 recipe

CKV_GCP_25

1 recipe

CKV_GCP_26

1 recipe

  • Enable VPC Flow Logs for subnetworks - Ensure GCP VPC flow logs for subnets are enabled. Flow Logs capture information on IP traffic moving through network interfaces. This information can be used to monitor anomalous traffic and provide security insights.

CKV_GCP_29

1 recipe

CKV_GCP_32

1 recipe

CKV_GCP_36

1 recipe

CKV_GCP_39

1 recipe

CKV_GCP_61

1 recipe

CKV_GCP_66

1 recipe

CKV_GCP_67

1 recipe

CKV_GCP_68

1 recipe

CKV_GCP_69

1 recipe

CKV_GCP_71

1 recipe

CKV_GCP_9

1 recipe

cloud

15 recipes

cloudfoundry

1 recipe

cobertura

1 recipe

codemods

103 recipes

collections

2 recipes

commons

11 recipes

commons-logging

2 recipes

compiler

2 recipes

connector

2 recipes

connectors

1 recipe

core

1 recipe

cucumber

5 recipes

CVE-2016-1000027

1 recipe

  • Secure Spring service exporters - The default Java deserialization mechanism is available via ObjectInputStream class. This mechanism is known to be vulnerable. If an attacker can make an application deserialize malicious data, it may result in arbitrary code execution. Spring’s RemoteInvocationSerializingExporter uses the default Java deserialization mechanism to parse data. As a result, all classes that extend it are vulnerable to deserialization attacks. The Spring Framework contains at least HttpInvokerServiceExporter and SimpleHttpInvokerServiceExporter that extend RemoteInvocationSerializingExporter. These exporters parse data from the HTTP body using the unsafe Java deserialization mechanism. See the full blog post by Artem Smotrakov on CVE-2016-1000027 from which the above description is excerpted.

CVE-2021-42574

1 recipe

  • Find text-direction changes - Finds unicode control characters which can change the direction text is displayed in. These control characters can alter how source code is presented to a human reader without affecting its interpretation by tools like compilers. So a malicious patch could pass code review while introducing vulnerabilities. Note that text direction-changing unicode control characters aren't inherently malicious. These characters can appear for legitimate reasons in code written in or dealing with right-to-left languages. See: https://trojansource.codes/ for more information.

CVE-2021-44228

1 recipe

CWE-1021

1 recipe

  • Prevent clickjacking - The frame-ancestors directive can be used in a Content-Security-Policy HTTP response header to indicate whether or not a browser should be allowed to render a page in a <frame> or <iframe>. Sites can use this to avoid Clickjacking attacks by ensuring that their content is not embedded into other sites.

CWE-22

2 recipes

  • Partial path traversal vulnerability - Replaces dir.getCanonicalPath().startsWith(parent.getCanonicalPath(), which is vulnerable to partial path traversal attacks, with the more secure dir.getCanonicalFile().toPath().startsWith(parent.getCanonicalFile().toPath()). To demonstrate this vulnerability, consider "/usr/outnot".startsWith("/usr/out"). The check is bypassed although /outnot is not under the /out directory. It's important to understand that the terminating slash may be removed when using various String representations of the File object. For example, on Linux, println(new File("/var")) will print /var, but println(new File("/var", "/") will print /var/; however, println(new File("/var", "/").getCanonicalPath()) will print /var.
  • Zip slip - Zip slip is an arbitrary file overwrite critical vulnerability, which typically results in remote command execution. A fuller description of this vulnerability is available in the Snyk documentation on it.

CWE-269

1 recipe

  • Improper privilege management - Marking code as privileged enables a piece of trusted code to temporarily enable access to more resources than are available directly to the code that called it.

CWE-326

1 recipe

CWE-338

1 recipe

CWE-352

1 recipe

  • Enable CSRF attack prevention - Cross-Site Request Forgery (CSRF) is a type of attack that occurs when a malicious web site, email, blog, instant message, or program causes a user's web browser to perform an unwanted action on a trusted site when the user is authenticated. See the full OWASP cheatsheet.

CWE-377

2 recipes

  • Use Files#createTempDirectory - Use Files#createTempDirectory when the sequence File#createTempFile(..)->File#delete()->File#mkdir() is used for creating a temp directory.
  • Use secure temporary file creation - java.io.File.createTempFile() has exploitable default file permissions. This recipe migrates to the more secure java.nio.file.Files.createTempFile().

CWE-379

1 recipe

  • Use Files#createTempDirectory - Use Files#createTempDirectory when the sequence File#createTempFile(..)->File#delete()->File#mkdir() is used for creating a temp directory.

CWE-396

1 recipe

CWE-502

3 recipes

CWE-611

1 recipe

CWE-614

1 recipe

  • Insecure cookies - Check for use of insecure cookies. Cookies should be marked as secure. This ensures that the cookie is sent only over HTTPS to prevent cross-site scripting attacks.

CWE-829

1 recipe

CWE-94

2 recipes

CycloneDX

1 recipe

  • Software bill of materials - Produces a software bill of materials (SBOM) for a project. An SBOM is a complete list of all dependencies used in a project, including transitive dependencies. The produced SBOM is in the CycloneDX XML format. Supports Gradle and Maven. Places a file named sbom.xml adjacent to the Gradle or Maven build file.

dbrider

1 recipe

default-servlet-handler

1 recipe

demo

2 recipes

dependabot

3 recipes

dependencies

4 recipes

deployment-plan

2 recipes

deprecated

16 recipes

deprecation

4 recipes

  • Remove Security AccessController - The Security Manager API is unsupported in Java 24. This recipe will remove the usage of java.security.AccessController.
  • Remove Security Policy - The Security Manager API is unsupported in Java 24. This recipe will remove the use of java.security.Policy.
  • Remove Security SecurityManager - The Security Manager API is unsupported in Java 24. This recipe will remove the usage of java.security.SecurityManager.
  • Replace System.getSecurityManager() with null - The Security Manager API is unsupported in Java 24. This recipe will replace System.getSecurityManager() with null to make its behavior more obvious and try to simplify execution paths afterwards.

descriptors

2 recipes

DevCenter:security

1 recipe

  • Post quantum cryptography - Locate cryptographic configuration which may need to be updated for a brave new post-quantum-supremacy world.

dropwizard

1 recipe

easymock

1 recipe

ejb

3 recipes

ejb-3.2

3 recipes

ejb-jar

2 recipes

epoll

1 recipe

ESLint

190 recipes

eslint-plugin-jest

17 recipes

eslint-plugin-storybook

9 recipes

eslint-plugin-svelte

18 recipes

eslint-plugin-vue

57 recipes

examples

5 recipes

faces

29 recipes

faces-config

1 recipe

flyway

5 recipes

GCP

15 recipes

github

7 recipes

glassfish

3 recipes

  • Add explicit JAX-WS dependencies - This recipe will add explicit dependencies for Jakarta EE 8 when a Java 8 application is using JAX-WS. Any existing dependencies will be upgraded to the latest version of Jakarta EE 8. The artifacts are moved to Jakarta EE 8 but the application can continue to use the javax.xml.bind namespace.
  • Add explicit JAXB API dependencies and runtime - This recipe will add explicit dependencies for Jakarta EE 8 when a Java 8 application is using JAXB. Any existing dependencies will be upgraded to the latest version of Jakarta EE 8. The artifacts are moved to Jakarta EE 8 version 2.x which allows for the continued use of the javax.xml.bind namespace. Running a full javax to Jakarta migration using org.openrewrite.java.migrate.jakarta.JavaxMigrationToJakarta will update to versions greater than 3.x which necessitates the package change as well.
  • Use latest JAXB API and runtime for Jakarta EE 8 - Update build files to use the latest JAXB runtime from Jakarta EE 8 to maintain compatibility with Java version 11 or greater. The recipe will add a JAXB run-time, in Gradle compileOnly+testImplementation and Maven provided scope, to any project that has a transitive dependency on the JAXB API. The resulting dependencies still use the javax namespace, despite the move to the Jakarta artifact.

gradle

4 recipes

guava

46 recipes

hamcrest

6 recipes

handler

1 recipe

hibernate

3 recipes

httpclient

4 recipes

inject

3 recipes

intellij

1 recipe

jackson

3 recipes

jacoco

1 recipe

  • Upgrade JaCoCo - This recipe will upgrade JaCoCo to the latest patch version, which traditionally advertises full backwards compatibility for older Java versions.

jakarta

99 recipes

jakartaee

4 recipes

java

8 recipes

java-util-logging

2 recipes

java10

1 recipe

  • Use local variable type inference - Apply local variable type inference (var) for primitives and objects. These recipes can cause unused imports, be advised to run `org.openrewrite.java.RemoveUnusedImports afterwards.

java11

28 recipes

  • Add explicit Common Annotations dependencies - Add the necessary annotation-api dependency from Jakarta EE 8 to maintain compatibility with Java version 11 or greater.
  • Add explicit Inject dependencies - Add the necessary inject-api dependency from Jakarta EE 8 to maintain compatibility with Java version 11 or greater.
  • Add explicit JAX-WS dependencies - This recipe will add explicit dependencies for Jakarta EE 8 when a Java 8 application is using JAX-WS. Any existing dependencies will be upgraded to the latest version of Jakarta EE 8. The artifacts are moved to Jakarta EE 8 but the application can continue to use the javax.xml.bind namespace.
  • Add explicit JAXB API dependencies - This recipe will add explicit API dependencies for Jakarta EE 8 when a Java 8 application is using JAXB. Any existing dependencies will be upgraded to the latest version of Jakarta EE 8. The artifacts are moved to Jakarta EE 8 version 2.x which allows for the continued use of the javax.xml.bind namespace. Running a full javax to Jakarta migration using org.openrewrite.java.migrate.jakarta.JavaxMigrationToJakarta will update to versions greater than 3.x which necessitates the package change as well.
  • Add explicit JAXB API dependencies and remove runtimes - This recipe will add explicit API dependencies without runtime dependencies for Jakarta EE 8 when a Java 8 application is using JAXB. Any existing API dependencies will be upgraded to the latest version of Jakarta EE 8. The artifacts are moved to Jakarta EE 8 version 2.x which allows for the continued use of the javax.xml.bind namespace. All JAXB runtime implementation dependencies are removed.
  • Add explicit JAXB API dependencies and runtime - This recipe will add explicit dependencies for Jakarta EE 8 when a Java 8 application is using JAXB. Any existing dependencies will be upgraded to the latest version of Jakarta EE 8. The artifacts are moved to Jakarta EE 8 version 2.x which allows for the continued use of the javax.xml.bind namespace. Running a full javax to Jakarta migration using org.openrewrite.java.migrate.jakarta.JavaxMigrationToJakarta will update to versions greater than 3.x which necessitates the package change as well.
  • Do not package java.xml.bind and java.activation modules in WebSphere Liberty applications - The java.xml.bind and java.activation modules were removed in Java11. Websphere Liberty provides its own implementation of the modules, which can be used by specifying the jaxb-2.2 feature in the server.xml file. This recipe updates the javax.xml.bind and javax.activation dependencies to use the provided scope to avoid class loading issues.
  • Do not package java.xml.ws module in WebSphere Liberty applications - The java.xml.ws module was removed in Java11. Websphere Liberty provides its own implementation of the module, which can be used by specifying the jaxws-2.2 feature in the server.xml file. This recipe updates the javax.xml.ws dependency to use the provided scope to avoid class loading issues.
  • Migrate Lombok to a Java 11 compatible version - Update Lombok dependency to a version that is compatible with Java 11 and migrate experimental Lombok types that have been promoted.
  • Migrate from IBM Runtimes to Oracle Runtimes - This recipe will apply changes commonly needed when upgrading Java versions. The solutions provided in this list are solutions necessary for migrating from IBM Runtimes to Oracle Runtimes.
  • Migrate to IBM Semeru Runtimes - This recipe will apply changes commonly needed when upgrading Java versions. The solutions provided in this list are solutions only available in IBM Semeru Runtimes.
  • Migrate to Java 11 - This recipe will apply changes commonly needed when upgrading to Java 11. Specifically, for those applications that are built on Java 8, this recipe will update and add dependencies on J2EE libraries that are no longer directly bundled with the JDK. This recipe will also replace deprecated API with equivalents when there is a clear migration strategy. Build files will also be updated to use Java 11 as the target/source and plugins will be also be upgraded to versions that are compatible with Java 11.
  • Prefer java.util.Objects#requireNonNullElse - Prefer java.util.Objects#requireNonNullElse instead of using com.google.common.base.MoreObjects#firstNonNull.
  • Prefer the Java 11 standard library instead of Guava - Guava filled in important gaps in the Java standard library and still does. But at least some of Guava's API surface area is covered by the Java standard library now, and some projects may be able to remove Guava altogether if they migrate to standard library for these functions.
  • Remove Cobertura Maven plugin - This recipe will remove Cobertura, as it is not compatible with Java 11.
  • Remove Thread.destroy() and Thread.stop(Throwable) - The java.lang.Thread.destroy() method was never implemented, and the java.lang.Thread.stop(java.lang.Throwable) method has been unusable since Java SE 8. This recipe removes any usage of these methods from your application.
  • Replace Paths.get with Path.of - The java.nio.file.Paths.get method was introduced in Java SE 7. The java.nio.file.Path.of method was introduced in Java SE 11. This recipe replaces all usages of Paths.get with Path.of for consistency.
  • Replace javax.security.auth.Policy with java.security.Policy - The javax.security.auth.Policy class is not available from Java SE 11 onwards.
  • Upgrade build to Java 11 - Updates build files to use Java 11 as the target/source.
  • Upgrade plugins to Java 11 compatible versions - Updates plugins to version compatible with Java 11.
  • Use com.ibm.jsse2 instead of com.sun.net.ssl.internal.ssl - Do not use the com.sun.net.ssl.internal.ssl.Provider class.
  • Use com.ibm.net.ssl.www2.protocol.https.Handler instead of com.sun.net.ssl.internal.www.protocol.https.Handler - Do not use the com.sun.net.ssl.internal.www.protocol.https.Handler class.
  • Use com.ibm.net.ssl.www2.protocol instead of com.sun.net.ssl.internal.www.protocol - Do not use the com.sun.net.ssl.internal.www.protocol package.
  • Use com.sun.security.auth.module.Krb5LoginModule instead of com.ibm.security.auth.module.Krb5LoginModule - Do not use the com.ibm.security.auth.module.Krb5LoginModule class.
  • Use com.sun.xml.bind.* instead of com.sun.xml.internal.bind.* - Do not use APIs from com.sun.xml.internal.bind.* packages.
  • Use javax.net.ssl instead of com.sun.net.ssl - Do not use APIs from com.sun.net.ssl packages.
  • Use latest JAXB API and runtime for Jakarta EE 8 - Update build files to use the latest JAXB runtime from Jakarta EE 8 to maintain compatibility with Java version 11 or greater. The recipe will add a JAXB run-time, in Gradle compileOnly+testImplementation and Maven provided scope, to any project that has a transitive dependency on the JAXB API. The resulting dependencies still use the javax namespace, despite the move to the Jakarta artifact.
  • Use the latest JAX-WS API and runtime for Jakarta EE 8 - Update build files to use the latest JAX-WS runtime from Jakarta EE 8 to maintain compatibility with Java version 11 or greater. The recipe will add a JAX-WS run-time, in Gradle compileOnly+testImplementation and Maven provided scope, to any project that has a transitive dependency on the JAX-WS API. The resulting dependencies still use the javax namespace, despite the move to the Jakarta artifact.

java17

23 recipes

java21

11 recipes

  • Adopt SequencedCollection - Replace older code patterns with SequencedCollection methods, as per https://openjdk.org/jeps/431.
  • [Adopt javax.security.auth.Subject.current() and javax.security.auth.Subject.callAs() methods](/recipes/java/migrate/removedsubjectmethods.md) - _Replaces the javax.security.auth.Subject.getSubject()andjavax.security.auth.Subject.doAs()methods withjavax.security.auth.Subject.current()andjavax.security.auth.Subject.callAs()`._
  • Adopt switch pattern matching (JEP 441) - ->- JEP 441 describes how some switch statements can be improved with pattern matching. This recipe applies some of those improvements where applicable.
  • Avoid using the deprecated empty finalize() method in java.desktop - The java.desktop module had a few implementations of finalize() that did nothing and have been removed. This recipe will remove these methods.
  • Find Virtual Thread opportunities - Find opportunities to convert existing code to use Virtual Threads.
  • Find non-virtual ExecutorService creation - Find all places where static java.util.concurrent.Executors method creates a non-virtual java.util.concurrent.ExecutorService. This recipe can be used to search fro ExecutorService that can be replaced by Virtual Thread executor.
  • Migrate to Java 21 - This recipe will apply changes commonly needed when migrating to Java 21. This recipe will also replace deprecated API with equivalents when there is a clear migration strategy. Build files will also be updated to use Java 21 as the target/source and plugins will be also be upgraded to versions that are compatible with Java 21.
  • Prefer Math#clamp - Prefer java.lang.Math#clamp instead of using com.google.common.primitives.*#constrainToRange.
  • Prefer the Java 21 standard library instead of Guava - Guava filled in important gaps in the Java standard library and still does. But at least some of Guava's API surface area is covered by the Java standard library now, and some projects may be able to remove Guava altogether if they migrate to standard library for these functions.
  • Upgrade build to Java 21 - Updates build files to use Java 21 as the target/source.
  • Upgrade plugins to Java 21 compatible versions - Updates plugins and dependencies to version compatible with Java 21.

java25

5 recipes

  • Migrate to Java 25 - This recipe will apply changes commonly needed when migrating to Java 25. This recipe will also replace deprecated API with equivalents when there is a clear migration strategy. Build files will also be updated to use Java 25 as the target/source and plugins will be also be upgraded to versions that are compatible with Java 25.
  • Remove Security AccessController - The Security Manager API is unsupported in Java 24. This recipe will remove the usage of java.security.AccessController.
  • Remove Security Policy - The Security Manager API is unsupported in Java 24. This recipe will remove the use of java.security.Policy.
  • Remove Security SecurityManager - The Security Manager API is unsupported in Java 24. This recipe will remove the usage of java.security.SecurityManager.
  • Replace System.getSecurityManager() with null - The Security Manager API is unsupported in Java 24. This recipe will replace System.getSecurityManager() with null to make its behavior more obvious and try to simplify execution paths afterwards.

java6

1 recipe

  • Migrate to Java 6 - This recipe will apply changes commonly needed when upgrading to Java 6. This recipe will also replace deprecated API with equivalents when there is a clear migration strategy.

java7

1 recipe

  • Migrate to Java 7 - This recipe will apply changes commonly needed when upgrading to Java 7. This recipe will also replace deprecated API with equivalents when there is a clear migration strategy.

java8

1 recipe

  • Migrate to Java 8 - This recipe will apply changes commonly needed when upgrading to Java 8. This recipe will also replace deprecated API with equivalents when there is a clear migration strategy.

javaee

2 recipes

  • Use latest JAXB API and runtime for Jakarta EE 8 - Update build files to use the latest JAXB runtime from Jakarta EE 8 to maintain compatibility with Java version 11 or greater. The recipe will add a JAXB run-time, in Gradle compileOnly+testImplementation and Maven provided scope, to any project that has a transitive dependency on the JAXB API. The resulting dependencies still use the javax namespace, despite the move to the Jakarta artifact.
  • Use the latest JAX-WS API and runtime for Jakarta EE 8 - Update build files to use the latest JAX-WS runtime from Jakarta EE 8 to maintain compatibility with Java version 11 or greater. The recipe will add a JAX-WS run-time, in Gradle compileOnly+testImplementation and Maven provided scope, to any project that has a transitive dependency on the JAX-WS API. The resulting dependencies still use the javax namespace, despite the move to the Jakarta artifact.

javaee6

1 recipe

  • Migrate to JavaEE6 - These recipes help with the Migration to Java EE 6, flagging and updating deprecated methods.

javaee7

2 recipes

javaee8

1 recipe

  • Migrate to JavaEE8 - These recipes help with the Migration to Java EE 8, flagging and updating deprecated methods.

javax

36 recipes

jaxb

11 recipes

  • Add explicit JAX-WS dependencies - This recipe will add explicit dependencies for Jakarta EE 8 when a Java 8 application is using JAX-WS. Any existing dependencies will be upgraded to the latest version of Jakarta EE 8. The artifacts are moved to Jakarta EE 8 but the application can continue to use the javax.xml.bind namespace.
  • Add explicit JAXB API dependencies - This recipe will add explicit API dependencies for Jakarta EE 8 when a Java 8 application is using JAXB. Any existing dependencies will be upgraded to the latest version of Jakarta EE 8. The artifacts are moved to Jakarta EE 8 version 2.x which allows for the continued use of the javax.xml.bind namespace. Running a full javax to Jakarta migration using org.openrewrite.java.migrate.jakarta.JavaxMigrationToJakarta will update to versions greater than 3.x which necessitates the package change as well.
  • Add explicit JAXB API dependencies and remove runtimes - This recipe will add explicit API dependencies without runtime dependencies for Jakarta EE 8 when a Java 8 application is using JAXB. Any existing API dependencies will be upgraded to the latest version of Jakarta EE 8. The artifacts are moved to Jakarta EE 8 version 2.x which allows for the continued use of the javax.xml.bind namespace. All JAXB runtime implementation dependencies are removed.
  • Add explicit JAXB API dependencies and runtime - This recipe will add explicit dependencies for Jakarta EE 8 when a Java 8 application is using JAXB. Any existing dependencies will be upgraded to the latest version of Jakarta EE 8. The artifacts are moved to Jakarta EE 8 version 2.x which allows for the continued use of the javax.xml.bind namespace. Running a full javax to Jakarta migration using org.openrewrite.java.migrate.jakarta.JavaxMigrationToJakarta will update to versions greater than 3.x which necessitates the package change as well.
  • Migrate XJC Bindings to Jakata XML - Java EE has been rebranded to Jakarta EE, migrates the namespace and version in XJC bindings.
  • Migrate deprecated javax.xml.bind packages to jakarta.xml.bind - Java EE has been rebranded to Jakarta EE, necessitating a package relocation.
  • Migrate deprecated javax.xml.bind packages to jakarta.xml.bind - Java EE has been rebranded to Jakarta EE, necessitating a package relocation.
  • Migrate to Jakarta EE 9 - Jakarta EE 9 is the first version of Jakarta EE that uses the new jakarta namespace.
  • Migrate to Java 11 - This recipe will apply changes commonly needed when upgrading to Java 11. Specifically, for those applications that are built on Java 8, this recipe will update and add dependencies on J2EE libraries that are no longer directly bundled with the JDK. This recipe will also replace deprecated API with equivalents when there is a clear migration strategy. Build files will also be updated to use Java 11 as the target/source and plugins will be also be upgraded to versions that are compatible with Java 11.
  • Migrate xmlns entries in *.xjb files. - Java EE has been rebranded to Jakarta EE, necessitating an XML namespace relocation.
  • Use latest JAXB API and runtime for Jakarta EE 8 - Update build files to use the latest JAXB runtime from Jakarta EE 8 to maintain compatibility with Java version 11 or greater. The recipe will add a JAXB run-time, in Gradle compileOnly+testImplementation and Maven provided scope, to any project that has a transitive dependency on the JAXB API. The resulting dependencies still use the javax namespace, despite the move to the Jakarta artifact.

jaxws

5 recipes

  • Migrate deprecated javax.xml.ws packages to jakarta.xml.ws - Java EE has been rebranded to Jakarta EE, necessitating a package relocation.
  • Migrate deprecated javax.xml.ws packages to jakarta.xml.ws - Java EE has been rebranded to Jakarta EE, necessitating a package relocation.
  • Migrate to Jakarta EE 9 - Jakarta EE 9 is the first version of Jakarta EE that uses the new jakarta namespace.
  • Migrate to Java 11 - This recipe will apply changes commonly needed when upgrading to Java 11. Specifically, for those applications that are built on Java 8, this recipe will update and add dependencies on J2EE libraries that are no longer directly bundled with the JDK. This recipe will also replace deprecated API with equivalents when there is a clear migration strategy. Build files will also be updated to use Java 11 as the target/source and plugins will be also be upgraded to versions that are compatible with Java 11.
  • Use the latest JAX-WS API and runtime for Jakarta EE 8 - Update build files to use the latest JAX-WS runtime from Jakarta EE 8 to maintain compatibility with Java version 11 or greater. The recipe will add a JAX-WS run-time, in Gradle compileOnly+testImplementation and Maven provided scope, to any project that has a transitive dependency on the JAX-WS API. The resulting dependencies still use the javax namespace, despite the move to the Jakarta artifact.

jdbc

2 recipes

JDK-8212050

1 recipe

Jest

17 recipes

jetbrains

1 recipe

jetty

1 recipe

  • Downgrade Jakarta Servlet API to 5.0 when using Jetty - Jetty does not yet support Servlet 6.0. This recipe will detect the presence of the spring-boot-starter-jetty as a first-order dependency and will add the maven property jakarta-servlet.version setting it's value to 5.0.0. This will downgrade the jakarta-servlet artifact if the pom's parent extends from the spring-boot-parent.

jmockit

1 recipe

jms

3 recipes

jobXML

1 recipe

joda-time

1 recipe

  • Prefer the Java standard library instead of Joda-Time - Before Java 8, Java lacked a robust date and time library, leading to the widespread use of Joda-Time to fill this gap. With the release of Java 8, the java.time package was introduced, incorporating most of Joda-Time's concepts. Features deemed too specialized or bulky for java.time were included in the ThreeTen-Extra library. This recipe migrates Joda-Time types to java.time and threeten-extra types.

jsf

29 recipes

jsp

1 recipe

jsptaglibrary

1 recipe

jsr250

1 recipe

JtaTransactionManager

1 recipe

junit

15 recipes

jupiter

1 recipe

  • Migrate Spring Boot 2.x projects to JUnit 5 from JUnit 4 - This recipe will migrate a Spring Boot application's tests from JUnit 4 to JUnit 5. This spring-specific migration includes conversion of Spring Test runners to Spring Test extensions and awareness of the composable Spring Test annotations.

kafka

2 recipes

kubernetes

24 recipes

  • Ensure CPU limits are set - A system without managed quotas could eventually collapse due to inadequate resources for the tasks it bares.
  • Ensure CPU request is set - If a container is created in a namespace that has a default CPU limit, and the container does not specify its own CPU limit, then the container is assigned the default CPU limit.
  • Ensure image pull policy is Always - Ensures the latest version of a tag is deployed each time.
  • Ensure lifecycle rule on StorageBucket - When defining a rule, you can specify any set of conditions for any action. The following configuration defines a rule to delete all objects older than 7 days in a bucket.
  • Ensure liveness probe is configured - The kubelet uses liveness probes to know when to schedule restarts for containers. Restarting a container in a deadlock state can help to make the application more available, despite bugs.
  • Ensure memory limits are set - With no limit set, kubectl allocates more and more memory to the container until it runs out.
  • Ensure memory request is set - A container is guaranteed to have as much memory as it requests, but is not allowed to use more memory than the limit set. This configuration may save resources and prevent an attack on an exploited container.
  • Ensure readiness probe is configured - Using the Readiness Probe ensures teams define what actions need to be taken to prevent failure and ensure recovery in case of unexpected errors.
  • Kubernetes best practices - Applies best practices to Kubernetes manifests.
  • Limit root capabilities in a container - Limiting the admission of containers with capabilities ensures that only a small number of containers have extended capabilities outside the default range.
  • Migrate to Kubernetes API v1.16 - This recipe will apply changes commonly needed when migrating to Kubernetes API v1.16.
  • Migrate to Kubernetes API v1.22 - This recipe will apply changes commonly needed when migrating to Kubernetes API v1.22.
  • Migrate to Kubernetes API v1.25 - This recipe will apply changes commonly needed when migrating to Kubernetes API v1.25.
  • Migrate to Kubernetes API v1.26 - This recipe will apply changes commonly needed when migrating to Kubernetes API v1.26.
  • Migrate to Kubernetes API v1.27 - This recipe will apply changes commonly needed when migrating to Kubernetes API v1.27.
  • Migrate to Kubernetes API v1.29 - This recipe will apply changes commonly needed when migrating to Kubernetes API v1.29.
  • Migrate to Kubernetes API v1.32 - This recipe will apply changes commonly needed when migrating to Kubernetes API v1.32.
  • No host IPC sharing - Preventing sharing of host PID/IPC namespace, networking, and ports ensures proper isolation between Docker containers and the underlying host.
  • No host network sharing - When using the host network mode for a container, that container’s network stack is not isolated from the Docker host, so the container shares the host’s networking namespace and does not get its own IP-address allocation.
  • No host process ID sharing - Sharing the host process ID namespace breaks the isolation between container images and can make processes visible to other containers in the pod. This includes all information in the /proc directory, which can sometimes include passwords or keys, passed as environment variables.
  • No privilege escalation - Does not allow a process to gain more privileges than its parent process.
  • No privileged containers - Privileged containers are containers that have all of the root capabilities of a host machine, allowing access to resources that are not accessible in ordinary containers.
  • No root containers - Containers that run as root frequently have more permissions than their workload requires which, in case of compromise, could help an attacker further their exploits.
  • Read-only root filesystem - Using an immutable root filesystem and a verified boot mechanism prevents against attackers from "owning" the machine through permanent local changes.

lang

1 recipe

LoadTimeWeaver

1 recipe

local

1 recipe

lodash

4 recipes

log4j

10 recipes

log4shell

1 recipe

logback

1 recipe

  • Migrate Log4j 2.x to Logback - Migrates usage of Apache Log4j 2.x to using logback as an SLF4J implementation directly. Note, this currently does not modify log4j.properties files.

logging

19 recipes

lombok

6 recipes

material-ui

78 recipes

math

1 recipe

  • Migrates to Apache Commons Math 3.x - Migrate applications to the latest Apache Commons Math 3.x release. This recipe modifies application's build files, make changes to deprecated/preferred APIs, and migrates configuration settings that have changes between versions.

micrometer

3 recipes

migration

2 recipes

mockito

7 recipes

mui

78 recipes

mvc

1 recipe

myfaces

5 recipes

mysql

1 recipe

namespaces

1 recipe

netty

5 recipes

networking

1 recipe

nextjs

12 recipes

  • Add React imports - Transforms files that do not import React to include the import in order for the new React JSX transform to work.
  • Migrate ImageResponse imports - This codemod moves transforms imports from next/server to next/og for usage of Dynamic OG Image Generation.
  • Migrate to the New Image Component - Dangerously migrates from next/legacy/image to the new next/image by adding inline styles and removing unused props.
  • Next.js Codemods for API Updates - Next.js provides Codemod transformations to help upgrade your Next.js codebase when an API is updated or deprecated.
  • Remove <a> Tags From Link Components - Remove <a> tags inside Link Components or add a legacyBehavior prop to Links that cannot be auto-fixed.
  • Rename Next Image Imports - Safely renames next/image imports in existing Next.js 10 11 or 12 applications to next/legacy/image in Next.js 13. Also renames next/future/image to next/image.
  • Rename Next Image Imports - Safely renames next/image imports in existing Next.js 10 11 or 12 applications to next/legacy/image in Next.js 13. Also renames next/future/image to next/image.
  • Transform AMP HOC into page config - Transforms the withAmp HOC into Next.js 9 page configuration.
  • Transform Anonymous Components into Named Components - Transforms anonymous components into named components to make sure they work with Fast Refresh. The component will have a camel-cased name based on the name of the file, and it also works with arrow functions.
  • Use Built-in Font - This codemod uninstalls the @next/font package and transforms @next/font imports into the built-in next/font.
  • Use viewport export - This codemod migrates certain viewport metadata to viewport export.
  • Use withRouter - Transforms the deprecated automatically injected url property on top-level pages to using withRouter and the router property it injects. Read more here.

nio

1 recipe

non-eejakarta

1 recipe

okhttp

1 recipe

omnifaces

6 recipes

openapi

10 recipes

oracle

1 recipe

orm

2 recipes

oss

1 recipe

  • Add ASLv2 license header - Adds the Apache Software License Version 2.0 to Java source files which are missing a license header.

permissions

1 recipe

persistence

1 recipe

persistence-configuration

2 recipes

petclinic

2 recipes

plain text

1 recipe

  • Change text - Completely replaces the contents of the text file with other text. Use together with a FindSourceFiles precondition to limit which files are changed.

poi

1 recipe

  • Migrates to Apache POI 3.17 - Migrates to the last Apache POI 3.x release. This recipe modifies build files and makes changes to deprecated/preferred APIs that have changed between versions.

postgresql

1 recipe

primefaces

4 recipes

pubsub

2 recipes

ra

3 recipes

rdbms-jar

2 recipes

reactor

2 recipes

refactoring

1 recipe

  • Use local variable type inference - Apply local variable type inference (var) for primitives and objects. These recipes can cause unused imports, be advised to run `org.openrewrite.java.RemoveUnusedImports afterwards.

resource-deployment-plan

2 recipes

RSPEC-1125

1 recipe

RSPEC-1192

1 recipe

  • Replace duplicate String literals - Replaces String literals with a length of 5 or greater repeated a minimum of 3 times. Qualified String literals include final Strings, method invocations, and new class invocations. Adds a new private static final String or uses an existing equivalent class field. A new variable name will be generated based on the literal value if an existing field does not exist. The generated name will append a numeric value to the variable name if a name already exists in the compilation unit.

RSPEC-1889

1 recipe

  • Replace duplicate String literals - Replaces String literals with a length of 5 or greater repeated a minimum of 3 times. Qualified String literals include final Strings, method invocations, and new class invocations. Adds a new private static final String or uses an existing equivalent class field. A new variable name will be generated based on the literal value if an existing field does not exist. The generated name will append a numeric value to the variable name if a name already exists in the compilation unit.

RSPEC-2112

3 recipes

  • URL Equals - Uses of equals() cause java.net.URL to make blocking internet connections. Instead, use java.net.URI.
  • URL Equals and Hash Code - Uses of equals() and hashCode() cause java.net.URL to make blocking internet connections. Instead, use java.net.URI.
  • URL Hash Code - Uses of hashCode() cause java.net.URL to make blocking internet connections. Instead, use java.net.URI.

RSPEC-6068

1 recipe

RSPEC-S100

1 recipe

  • Standardize method name casing - Fixes method names that do not follow standard naming conventions. For example, String getFoo_bar() would be adjusted to String getFooBar() and int DoSomething() would be adjusted to int doSomething().

RSPEC-S1068

1 recipe

  • Remove unused private fields - If a private field is declared but not used in the program, it can be considered dead code and should therefore be removed.

RSPEC-S107

2 recipes

RSPEC-S108

1 recipe

RSPEC-S1110

1 recipe

RSPEC-S1111

2 recipes

  • Remove Object.finalize() invocations - Remove calls to Object.finalize(). This method is called during garbage collection and calling it manually is misleading.
  • Remove finalize() method - Finalizers are deprecated. Use of finalize() can lead to performance issues, deadlocks, hangs, and other undesirable behavior.

RSPEC-S1114

1 recipe

RSPEC-S1116

1 recipe

  • Remove extra semicolons - Removes not needed semicolons. Semicolons are considered not needed: * Optional semicolons at the end of try-with-resources, * after the last enum value if no field or method is defined, * no statement between two semicolon.

RSPEC-S1117

1 recipe

  • Hidden field - Refactor local variables or parameters which shadow a field defined in the same class.

RSPEC-S1118

1 recipe

  • Hide utility class constructor - Ensures utility classes (classes containing only static methods or fields in their API) do not have a public constructor.

RSPEC-S1124

1 recipe

  • Modifier order - Modifiers should be declared in the correct order as recommended by the JLS.

RSPEC-S1126

1 recipe

  • Simplify boolean return - Simplifies Boolean expressions by removing redundancies. For example, a && true simplifies to a.

RSPEC-S1128

1 recipe

  • Remove unused imports - Remove imports for types that are not referenced. As a precaution against incorrect changes no imports will be removed from any source where unknown types are referenced. The most common cause of unknown types is the use of annotation processors not supported by OpenRewrite, such as lombok.

RSPEC-S113

1 recipe

RSPEC-S1130

1 recipe

  • Unnecessary throws - Remove unnecessary throws declarations. This recipe will only remove unused, checked exceptions if: - The declaring class or the method declaration is final. - The method declaration is static or private. - The method overrides a method declaration in a super class and the super class does not throw the exception. - The method is public or protected and the exception is not documented via a JavaDoc as a @throws tag.

RSPEC-S1132

1 recipe

  • Equals avoids null - Checks that any combination of String literals is on the left side of an equals() comparison. Also checks for String literals assigned to some field (such as someString.equals(anotherString = "text")).

RSPEC-S1144

1 recipe

RSPEC-S1153

1 recipe

  • Unnecessary String#valueOf(..) - Replace unnecessary String#valueOf(..) method invocations with the argument directly. This occurs when the argument to String#valueOf(arg) is a string literal, such as String.valueOf("example"). Or, when the String#valueOf(..) invocation is used in a concatenation, such as "example" + String.valueOf("example").

RSPEC-S1155

2 recipes

RSPEC-S1157

1 recipe

RSPEC-S1158

1 recipe

RSPEC-S116

1 recipe

  • Reformat private field names to camelCase - Reformat private field names to camelCase to comply with Java naming convention. The recipe will not rename fields with default, protected or public access modifiers. The recipe will not rename private constants. The first character is set to lower case and existing capital letters are preserved. Special characters that are allowed in java field names $ and _ are removed. If a special character is removed the next valid alphanumeric will be capitalized. The recipe will not rename a field if the result already exists in the class, conflicts with a java reserved keyword, or the result is blank.

RSPEC-S1161

1 recipe

  • Add missing @Override to overriding and implementing methods - Adds @Override to methods overriding superclass methods or implementing interface methods. Annotating methods improves readability by showing the author's intent to override. Additionally, when annotated, the compiler will emit an error when a signature of the overridden method does not match the superclass method.

RSPEC-S117

1 recipe

  • Reformat local variable names to camelCase - Reformat local variable and method parameter names to camelCase to comply with Java naming convention. The recipe will not rename variables declared in for loop controls or catches with a single character. The first character is set to lower case and existing capital letters are preserved. Special characters that are allowed in java field names $ and _ are removed (unless the name starts with one). If a special character is removed the next valid alphanumeric will be capitalized. Currently, does not support renaming members of classes. The recipe will not rename a variable if the result already exists in the class, conflicts with a java reserved keyword, or the result is blank.

RSPEC-S1171

1 recipe

RSPEC-S1186

2 recipes

RSPEC-S1197

1 recipe

RSPEC-S120

1 recipe

  • Rename packages to lowercase - By convention all Java package names should contain only lowercase letters, numbers, and dashes. This recipe converts any uppercase letters in package names to be lowercase.

RSPEC-S121

2 recipes

RSPEC-S1215

1 recipe

RSPEC-S1217

2 recipes

RSPEC-S1221

1 recipe

  • Rename methods named hashcode, equal, or tostring - Methods should not be named hashcode, equal, or tostring. Any of these are confusing as they appear to be intended as overridden methods from the Object base class, despite being case-insensitive.

RSPEC-S1244

2 recipes

RSPEC-S1264

1 recipe

  • Prefer while over for loops - When only the condition expression is defined in a for loop, and the initialization and increment expressions are missing, a while loop should be used instead to increase readability.

RSPEC-S128

1 recipe

  • Fall through - Checks for fall-through in switch statements, adding break statements in locations where a case contains Java code but does not have a break, return, throw, or continue statement.

RSPEC-S1301

1 recipe

RSPEC-S1314

1 recipe

RSPEC-S1317

1 recipe

RSPEC-S1319

1 recipe

  • Use Collection interfaces - Use Deque, List, Map, ConcurrentMap, Queue, and Set instead of implemented collections. Replaces the return type of public method declarations and the variable type public variable declarations.

RSPEC-S1448

2 recipes

  • Refaster template TestNGToAssertJRules.AssertEqualWithMessage - Recipe created for the following Refaster template: java @SuppressWarnings(value = "java:S1448") static final class AssertEqualWithMessage { @BeforeTemplate void before(boolean actual, String message, boolean expected) { assertEquals(actual, expected, message); } @BeforeTemplate void before(boolean actual, String message, Boolean expected) { assertEquals(actual, expected, message); } @BeforeTemplate void before(Boolean actual, String message, boolean expected) { assertEquals(actual, expected, message); } @BeforeTemplate void before(Boolean actual, String message, Boolean expected) { assertEquals(actual, expected, message); } @BeforeTemplate void before(byte actual, String message, byte expected) { assertEquals(actual, expected, message); } @BeforeTemplate void before(byte actual, String message, Byte expected) { assertEquals(actual, expected, message); } @BeforeTemplate void before(Byte actual, String message, byte expected) { assertEquals(actual, expected, message); } @BeforeTemplate void before(Byte actual, String message, Byte expected) { assertEquals(actual, expected, message); } @BeforeTemplate void before(char actual, String message, char expected) { assertEquals(actual, expected, message); } @BeforeTemplate void before(char actual, String message, Character expected) { assertEquals(actual, expected, message); } @BeforeTemplate void before(Character actual, String message, char expected) { assertEquals(actual, expected, message); } @BeforeTemplate void before(Character actual, String message, Character expected) { assertEquals(actual, expected, message); } @BeforeTemplate void before(short actual, String message, short expected) { assertEquals(actual, expected, message); } @BeforeTemplate void before(short actual, String message, Short expected) { assertEquals(actual, expected, message); } @BeforeTemplate void before(Short actual, String message, short expected) { assertEquals(actual, expected, message); } @BeforeTemplate void before(Short actual, String message, Short expected) { assertEquals(actual, expected, message); } @BeforeTemplate void before(int actual, String message, int expected) { assertEquals(actual, expected, message); } @BeforeTemplate void before(int actual, String message, Integer expected) { assertEquals(actual, expected, message); } @BeforeTemplate void before(Integer actual, String message, int expected) { assertEquals(actual, expected, message); } @BeforeTemplate void before(Integer actual, String message, Integer expected) { assertEquals(actual, expected, message); } @BeforeTemplate void before(long actual, String message, long expected) { assertEquals(actual, expected, message); } @BeforeTemplate void before(long actual, String message, Long expected) { assertEquals(actual, expected, message); } @BeforeTemplate void before(Long actual, String message, long expected) { assertEquals(actual, expected, message); } @BeforeTemplate void before(Long actual, String message, Long expected) { assertEquals(actual, expected, message); } @BeforeTemplate void before(float actual, String message, float expected) { assertEquals(actual, expected, message); } @BeforeTemplate void before(float actual, String message, Float expected) { assertEquals(actual, expected, message); } @BeforeTemplate void before(Float actual, String message, float expected) { assertEquals(actual, expected, message); } @BeforeTemplate void before(Float actual, String message, Float expected) { assertEquals(actual, expected, message); } @BeforeTemplate void before(double actual, String message, double expected) { assertEquals(actual, expected, message); } @BeforeTemplate void before(double actual, String message, Double expected) { assertEquals(actual, expected, message); } @BeforeTemplate void before(Double actual, String message, double expected) { assertEquals(actual, expected, message); } @BeforeTemplate void before(Double actual, String message, Double expected) { assertEquals(actual, expected, message); } @BeforeTemplate void before(Object actual, String message, Object expected) { assertEquals(actual, expected, message); } @BeforeTemplate void before(String actual, String message, String expected) { assertEquals(actual, expected, message); } @BeforeTemplate void before(Map<?, ?> actual, String message, Map<?, ?> expected) { assertEquals(actual, expected, message); } @AfterTemplate @UseImportPolicy(value = STATIC_IMPORT_ALWAYS) void after(Object actual, String message, Object expected) { assertThat(actual).withFailMessage(message).isEqualTo(expected); } } .
  • Refaster template TestNGToAssertJRules.AssertEqual - Recipe created for the following Refaster template: java @SuppressWarnings(value = "java:S1448") static final class AssertEqual { @BeforeTemplate void before(boolean actual, boolean expected) { assertEquals(actual, expected); } @BeforeTemplate void before(boolean actual, Boolean expected) { assertEquals(actual, expected); } @BeforeTemplate void before(Boolean actual, boolean expected) { assertEquals(actual, expected); } @BeforeTemplate void before(Boolean actual, Boolean expected) { assertEquals(actual, expected); } @BeforeTemplate void before(byte actual, byte expected) { assertEquals(actual, expected); } @BeforeTemplate void before(byte actual, Byte expected) { assertEquals(actual, expected); } @BeforeTemplate void before(Byte actual, byte expected) { assertEquals(actual, expected); } @BeforeTemplate void before(Byte actual, Byte expected) { assertEquals(actual, expected); } @BeforeTemplate void before(char actual, char expected) { assertEquals(actual, expected); } @BeforeTemplate void before(char actual, Character expected) { assertEquals(actual, expected); } @BeforeTemplate void before(Character actual, char expected) { assertEquals(actual, expected); } @BeforeTemplate void before(Character actual, Character expected) { assertEquals(actual, expected); } @BeforeTemplate void before(short actual, short expected) { assertEquals(actual, expected); } @BeforeTemplate void before(short actual, Short expected) { assertEquals(actual, expected); } @BeforeTemplate void before(Short actual, short expected) { assertEquals(actual, expected); } @BeforeTemplate void before(Short actual, Short expected) { assertEquals(actual, expected); } @BeforeTemplate void before(int actual, int expected) { assertEquals(actual, expected); } @BeforeTemplate void before(int actual, Integer expected) { assertEquals(actual, expected); } @BeforeTemplate void before(Integer actual, int expected) { assertEquals(actual, expected); } @BeforeTemplate void before(Integer actual, Integer expected) { assertEquals(actual, expected); } @BeforeTemplate void before(long actual, long expected) { assertEquals(actual, expected); } @BeforeTemplate void before(long actual, Long expected) { assertEquals(actual, expected); } @BeforeTemplate void before(Long actual, long expected) { assertEquals(actual, expected); } @BeforeTemplate void before(Long actual, Long expected) { assertEquals(actual, expected); } @BeforeTemplate void before(float actual, float expected) { assertEquals(actual, expected); } @BeforeTemplate void before(float actual, Float expected) { assertEquals(actual, expected); } @BeforeTemplate void before(Float actual, float expected) { assertEquals(actual, expected); } @BeforeTemplate void before(Float actual, Float expected) { assertEquals(actual, expected); } @BeforeTemplate void before(double actual, double expected) { assertEquals(actual, expected); } @BeforeTemplate void before(double actual, Double expected) { assertEquals(actual, expected); } @BeforeTemplate void before(Double actual, double expected) { assertEquals(actual, expected); } @BeforeTemplate void before(Double actual, Double expected) { assertEquals(actual, expected); } @BeforeTemplate void before(Object actual, Object expected) { assertEquals(actual, expected); } @BeforeTemplate void before(String actual, String expected) { assertEquals(actual, expected); } @BeforeTemplate void before(Map<?, ?> actual, Map<?, ?> expected) { assertEquals(actual, expected); } @AfterTemplate @UseImportPolicy(value = STATIC_IMPORT_ALWAYS) void after(Object actual, Object expected) { assertThat(actual).isEqualTo(expected); } } .

RSPEC-S1481

1 recipe

RSPEC-S1488

1 recipe

  • Inline variable - Inline variables when they are immediately used to return or throw. Supports both variable declarations and assignments to local variables.

RSPEC-S1596

1 recipe

RSPEC-S1604

1 recipe

  • Use lambda expressions instead of anonymous classes - Instead of anonymous class declarations, use a lambda where possible. Using lambdas to replace anonymous classes can lead to more expressive and maintainable code, improve code readability, reduce code duplication, and achieve better performance in some cases.

RSPEC-S1611

1 recipe

RSPEC-S1612

1 recipe

  • Use method references in lambda - Replaces the single statement lambdas o -> o instanceOf X, o -> (A) o, o -> System.out.println(o), o -> o != null, o -> o == null with the equivalent method reference.

RSPEC-S1659

1 recipe

  • No multiple variable declarations - Places each variable declaration in its own statement and on its own line. Using one variable declaration per line encourages commenting and can increase readability.

RSPEC-S1697

1 recipe

RSPEC-S1698

1 recipe

RSPEC-S1858

1 recipe

RSPEC-S1905

1 recipe

  • Remove redundant casts - Removes unnecessary type casts. Does not currently check casts in lambdas, class constructors, and method invocations.

RSPEC-S1940

7 recipes

RSPEC-S1994

1 recipe

RSPEC-S2057

1 recipe

  • Add serialVersionUID to a Serializable class when missing - A serialVersionUID field is strongly recommended in all Serializable classes. If this is not defined on a Serializable class, the compiler will generate this value. If a change is later made to the class, the generated value will change and attempts to deserialize the class will fail.

RSPEC-S2060

1 recipe

RSPEC-S2094

1 recipe

  • Find empty classes - Find empty classes without annotations that do not implement an interface or extend a class.

RSPEC-S2111

3 recipes

RSPEC-S2116

2 recipes

RSPEC-S2129

3 recipes

RSPEC-S2147

1 recipe

  • Combine semantically equal catch blocks - Combine catches in a try that contain semantically equivalent blocks. No change will be made when a caught exception exists if combining catches may change application behavior or type attribution is missing.

RSPEC-S2162

1 recipe

  • Covariant equals - Checks that classes and records which define a covariant equals() method also override method equals(Object). Covariant equals() means a method that is similar to equals(Object), but with a covariant parameter type (any subtype of Object).

RSPEC-S2204

1 recipe

RSPEC-S2211

1 recipe

  • Use explicit types on lambda arguments - Adds explicit types on lambda arguments, which are otherwise optional. This can make the code clearer and easier to read. This does not add explicit types on arguments when the lambda has one or two parameters and does not have a block body, as things are considered more readable in those cases. For example, stream.map((a, b) -> a.length); will not have explicit types added.

RSPEC-S2221

1 recipe

RSPEC-S2245

1 recipe

  • Secure random - Use cryptographically secure Pseudo Random Number Generation in the "main" source set. Replaces instantiation of java.util.Random with java.security.SecureRandom.

RSPEC-S2293

1 recipe

  • Use the diamond operator - The diamond operator (&lt;&gt;) should be used. Java 7 introduced the diamond operator (<>) to reduce the verbosity of generics code. For instance, instead of having to declare a List's type in both its declaration and its constructor, you can now simplify the constructor declaration with &lt;&gt;, and the compiler will infer the type.

RSPEC-S2333

1 recipe

RSPEC-S2446

1 recipe

  • Replaces Object.notify() with Object.notifyAll() - Object.notifyAll() and Object.notify() both wake up sleeping threads, but Object.notify() only rouses one while Object.notifyAll() rouses all of them. Since Object.notify() might not wake up the right thread, Object.notifyAll() should be used instead. See this for more information.

RSPEC-S2589

1 recipe

RSPEC-S2629

2 recipes

  • Parameterize SLF4J's logging statements - Use SLF4J's parameterized logging, which can significantly boost performance for messages that otherwise would be assembled with String concatenation. Particularly impactful when the log level is not enabled, as no work is done to assemble the message.
  • Parameterize logging statements - Transform logging statements using concatenation for messages and variables into a parameterized format. For example, logger.info(&quot;hi &quot; + userName) becomes logger.info(&quot;hi {}&quot;, userName). This can significantly boost performance for messages that otherwise would be assembled with String concatenation. Particularly impactful when the log level is not enabled, as no work is done to assemble the message.

RSPEC-S2637

2 recipes

RSPEC-S2681

2 recipes

  • Control flow statement indentation - Program flow control statements like if, while, and for can omit curly braces when they apply to only a single statement. This recipe ensures that any statements which follow that statement are correctly indented to show they are not part of the flow control statement.
  • Wrapping and braces - Format line wraps and braces in Java code.

RSPEC-S2692

2 recipes

  • indexOf() replaceable by contains() - Checking if a value is included in a String or List using indexOf(value)&gt;-1 or indexOf(value)&gt;=0 can be replaced with contains(value).
  • indexOf should not compare greater than zero - Replaces String#indexOf(String) &gt; 0 and List#indexOf(Object) &gt; 0 with &gt;=1. Checking indexOf against &gt;0 ignores the first element, whereas &gt;-1 is inclusive of the first element. For clarity, &gt;=1 is used, because &gt;0 and &gt;=1 are semantically equal. Using &gt;0 may appear to be a mistake with the intent of including all elements. If the intent is to check whether a value in included in a String or List, the String#contains(String) or List#contains(Object) methods may be better options altogether.

RSPEC-S2699

1 recipe

  • Include an assertion in tests - For tests not having any assertions, wrap the statements with JUnit Jupiter's Assertions#assertDoesNotThrow(..).

RSPEC-S2737

1 recipe

RSPEC-S2761

1 recipe

RSPEC-S2786

1 recipe

RSPEC-S2912

1 recipe

  • Use indexOf(String, int) - Replaces indexOf(String) in binary operations if the compared value is an int and not less than 1.

RSPEC-S2959

1 recipe

  • Remove extra semicolons - Removes not needed semicolons. Semicolons are considered not needed: * Optional semicolons at the end of try-with-resources, * after the last enum value if no field or method is defined, * no statement between two semicolon.

RSPEC-S2974

1 recipe

RSPEC-S3008

1 recipe

  • Reformat private field names to camelCase - Reformat private field names to camelCase to comply with Java naming convention. The recipe will not rename fields with default, protected or public access modifiers. The recipe will not rename private constants. The first character is set to lower case and existing capital letters are preserved. Special characters that are allowed in java field names $ and _ are removed. If a special character is removed the next valid alphanumeric will be capitalized. The recipe will not rename a field if the result already exists in the class, conflicts with a java reserved keyword, or the result is blank.

RSPEC-S3020

1 recipe

RSPEC-S3052

1 recipe

  • Explicit initialization - Checks if any class or object member is explicitly initialized to default for its type value: - null for object references - zero for numeric types and char - and false for boolean Removes explicit initializations where they aren't necessary.

RSPEC-S3358

1 recipe

  • Ternary operators should not be nested - Nested ternary operators can be hard to read quickly. Prefer simpler constructs for improved readability. If supported, this recipe will try to replace nested ternaries with switch expressions.

RSPEC-S3415

1 recipe

  • Assertion arguments should be passed in the correct order - Assertions such as org.junit.Assert.assertEquals expect the first argument to be the expected value and the second argument to be the actual value; for org.testng.Assert, it’s the other way around. This recipe detects J.Literal, J.NewArray, and java.util.Iterable arguments swapping them if necessary so that the error messages won't be confusing.

RSPEC-S3416

1 recipe

RSPEC-S3423

1 recipe

RSPEC-S3457

2 recipes

  • Fix String#format and String#formatted expressions - Fix String#format and String#formatted expressions by replacing \n newline characters with %n and removing any unused arguments. Note this recipe is scoped to only transform format expressions which do not specify the argument index.
  • Parameterize logging statements - Transform logging statements using concatenation for messages and variables into a parameterized format. For example, logger.info(&quot;hi &quot; + userName) becomes logger.info(&quot;hi {}&quot;, userName). This can significantly boost performance for messages that otherwise would be assembled with String concatenation. Particularly impactful when the log level is not enabled, as no work is done to assemble the message.

RSPEC-S3599

1 recipe

RSPEC-S3626

1 recipe

  • Jump statements should not be redundant - Jump statements such as return and continue let you change the default flow of program execution, but jump statements that direct the control flow to the original direction are just a waste of keystrokes.

RSPEC-S3655

1 recipe

RSPEC-S3658

1 recipe

RSPEC-S3878

1 recipe

  • Simplify Arrays.asList(..) with varargs - Simplifies Arrays.asList() method calls that use explicit array creation to use varargs instead. For example, Arrays.asList(new String[]{&quot;a&quot;, &quot;b&quot;, &quot;c&quot;}) becomes Arrays.asList(&quot;a&quot;, &quot;b&quot;, &quot;c&quot;).

RSPEC-S3972

1 recipe

RSPEC-S3973

1 recipe

RSPEC-S3981

1 recipe

RSPEC-S3986

1 recipe

RSPEC-S4034

3 recipes

RSPEC-S4087

1 recipe

RSPEC-S4266

6 recipes

  • Refaster template StreamRules.StreamCount - Recipe created for the following Refaster template: java static final class StreamCount&lt;T&gt; { @BeforeTemplate @SuppressWarnings(value = &quot;java:S4266&quot;) long before(Stream&lt;T&gt; stream) { return stream.collect(counting()); } @AfterTemplate long after(Stream&lt;T&gt; stream) { return stream.count(); } } .
  • Refaster template StreamRules.StreamMapCollect - Recipe created for the following Refaster template: java static final class StreamMapCollect&lt;T, U, R&gt; { @BeforeTemplate @SuppressWarnings(value = &quot;java:S4266&quot;) R before(Stream&lt;T&gt; stream, Function&lt;? super T, ? extends U&gt; mapper, Collector&lt;? super U, ?, R&gt; collector) { return stream.collect(mapping(mapper, collector)); } @AfterTemplate R after(Stream&lt;T&gt; stream, Function&lt;? super T, ? extends U&gt; mapper, Collector&lt;? super U, ?, R&gt; collector) { return stream.map(mapper).collect(collector); } } .
  • Refaster template StreamRules.StreamMax - Recipe created for the following Refaster template: java static final class StreamMax&lt;T&gt; { @BeforeTemplate @SuppressWarnings(value = &quot;java:S4266&quot;) Optional&lt;T&gt; before(Stream&lt;T&gt; stream, Comparator&lt;? super T&gt; comparator) { return Refaster.anyOf(stream.min(comparator.reversed()), Streams.findLast(stream.sorted(comparator)), stream.collect(maxBy(comparator))); } @AfterTemplate Optional&lt;T&gt; after(Stream&lt;T&gt; stream, Comparator&lt;? super T&gt; comparator) { return stream.max(comparator); } } .
  • Refaster template StreamRules.StreamMin - Recipe created for the following Refaster template: java static final class StreamMin&lt;T&gt; { @BeforeTemplate @SuppressWarnings(value = &quot;java:S4266&quot;) Optional&lt;T&gt; before(Stream&lt;T&gt; stream, Comparator&lt;? super T&gt; comparator) { return Refaster.anyOf(stream.max(comparator.reversed()), stream.sorted(comparator).findFirst(), stream.collect(minBy(comparator))); } @AfterTemplate Optional&lt;T&gt; after(Stream&lt;T&gt; stream, Comparator&lt;? super T&gt; comparator) { return stream.min(comparator); } } .
  • Refaster template StreamRules.StreamReduceWithIdentity - Recipe created for the following Refaster template: java static final class StreamReduceWithIdentity&lt;T&gt; { @BeforeTemplate @SuppressWarnings(value = &quot;java:S4266&quot;) T before(Stream&lt;T&gt; stream, T identity, BinaryOperator&lt;T&gt; accumulator) { return stream.collect(reducing(identity, accumulator)); } @AfterTemplate T after(Stream&lt;T&gt; stream, T identity, BinaryOperator&lt;T&gt; accumulator) { return stream.reduce(identity, accumulator); } } .
  • Refaster template StreamRules.StreamReduce - Recipe created for the following Refaster template: java static final class StreamReduce&lt;T&gt; { @BeforeTemplate @SuppressWarnings(value = &quot;java:S4266&quot;) Optional&lt;T&gt; before(Stream&lt;T&gt; stream, BinaryOperator&lt;T&gt; accumulator) { return stream.collect(reducing(accumulator)); } @AfterTemplate Optional&lt;T&gt; after(Stream&lt;T&gt; stream, BinaryOperator&lt;T&gt; accumulator) { return stream.reduce(accumulator); } } .

RSPEC-S4347

1 recipe

RSPEC-S4488

1 recipe

RSPEC-S4524

1 recipe

  • Default comes last - Ensure the default case comes last after all the cases in a switch statement.

RSPEC-S4551

1 recipe

RSPEC-S4635

5 recipes

RSPEC-S4682

1 recipe

RSPEC-S4738

9 recipes

RSPEC-S4968

8 recipes

RSPEC-S4973

1 recipe

  • Use String.equals() on String literals - String.equals() should be used when checking value equality on String literals. Using == or != compares object references, not the actual value of the Strings. This only modifies code where at least one side of the binary operation (== or !=) is a String literal, such as &quot;someString&quot; == someVariable;. This is to prevent inadvertently changing code where referential equality is the user's intent.

RSPEC-S5361

1 recipe

RSPEC-S5411

1 recipe

  • Avoid boxed boolean expressions - Under certain conditions the java.lang.Boolean type is used as an expression, and it may throw a NullPointerException if the value is null.

RSPEC-S5443

1 recipe

RSPEC-S5445

1 recipe

  • Use Files#createTempDirectory - Use Files#createTempDirectory when the sequence File#createTempFile(..)->File#delete()->File#mkdir() is used for creating a temp directory.

RSPEC-S5786

1 recipe

  • Remove public visibility of JUnit 5 tests - Remove public and optionally protected modifiers from methods with @Test, @ParameterizedTest, @RepeatedTest, @TestFactory, @BeforeEach, @AfterEach, @BeforeAll, or @AfterAll. They no longer have to be public visibility to be usable by JUnit 5.

RSPEC-S5790

1 recipe

RSPEC-S5838

1 recipe

RSPEC-S5993

1 recipe

RSPEC-S6202

1 recipe

RSPEC-S6204

1 recipe

RSPEC-S6519

1 recipe

  • Structural equality tests should use == or != - In Kotlin, == means structural equality and != structural inequality and both map to the left-side term’s equals() function. It is, therefore, redundant to call equals() as a function. Also, == and != are more general than equals() and !equals() because it allows either of both operands to be null. Developers using equals() instead of == or != is often the result of adapting styles from other languages like Java, where == means reference equality and != means reference inequality. The == and != operators are a more concise and elegant way to test structural equality than calling a function.

RSPEC-S6558

1 recipe

  • it shouldn't be used as a lambda parameter name - it is a special identifier that allows you to refer to the current parameter being passed to a lambda expression without explicitly naming the parameter. Lambda expressions are a concise way of writing anonymous functions. Many lambda expressions have only one parameter, when this is true the compiler can determine the parameter type by context. Thus when using it with single parameter lambda expressions, you do not need to declare the type.

RSPEC-S7158

2 recipes

RSPEC-S818

1 recipe

RSPEC-S888

1 recipe

sap

1 recipe

scala

1 recipe

schemas

34 recipes

sdk

4 recipes

1 recipe

secrets

1 recipe

  • Replace OSSRH secrets with Sonatype secrets - Replace deprecated OSSRH_S01 secrets with new Sonatype secrets in GitHub Actions workflows. This is an example use of the ReplaceSecrets and ReplaceSecretKeys recipes combined used to update the Maven publishing secrets in OpenRewrite's GitHub organization.

security

52 recipes

servlet

1 recipe

sleuth

1 recipe

slf4j

11 recipes

  • Enhances logging of exceptions by including the full stack trace in addition to the exception message - It is a common mistake to call Exception.getMessage() when passing an exception into a log method. Not all exception types have useful messages, and even if the message is useful this omits the stack trace. Including a complete stack trace of the error along with the exception message in the log allows developers to better understand the context of the exception and identify the source of the error more quickly and accurately. If the method invocation includes any call to Exception.getMessage() or Exception.getLocalizedMessage() and not an exception is already passed as the last parameter to the log method, then we will append the exception as the last parameter in the log method.
  • Loggers should be named for their enclosing classes - Ensure LoggerFactory#getLogger(Class) is called with the enclosing class as argument.
  • Migrate Apache Commons Logging 1.x to SLF4J 1.x - Transforms usages of Apache Commons Logging 1.x to leveraging SLF4J 1.x directly.
  • Migrate JUL to SLF4J - Migrates usage of Java Util Logging (JUL) to using SLF4J directly.
  • Migrate Log4j 1.x to SLF4J 1.x - Transforms usages of Log4j 1.x to leveraging SLF4J 1.x directly. Note, this currently does not modify log4j.properties files.
  • Migrate Log4j 2.x to SLF4J 1.x - Transforms usages of Log4j 2.x to leveraging SLF4J 1.x directly. Note, this currently does not modify log4j.properties files.
  • Migrate Log4j to SLF4J - Migrates usage of Apache Log4j to using SLF4J directly. Use of the traditional Log4j to SLF4J bridge can result in loss of performance, as the Log4j messages must be formatted before they can be passed to SLF4J. Note, this currently does not modify log4j.properties files.
  • Migrate SLF4J to Log4j 2.x API - Transforms code written using SLF4J to use Log4j 2.x API.
  • Parameterize SLF4J's logging statements - Use SLF4J's parameterized logging, which can significantly boost performance for messages that otherwise would be assembled with String concatenation. Particularly impactful when the log level is not enabled, as no work is done to assemble the message.
  • SLF4J best practices - Applies best practices to logging with SLF4J.
  • SLF4J logging statements should begin with constants - Logging statements shouldn't begin with String#format, calls to toString(), etc.

spring

76 recipes

  • Comment deprecated methods in Spring 3.4 - Spring Boot 3.4 deprecates methods that are not commonly used or need manual interaction.
  • Downgrade Jakarta Servlet API to 5.0 when using Jetty - Jetty does not yet support Servlet 6.0. This recipe will detect the presence of the spring-boot-starter-jetty as a first-order dependency and will add the maven property jakarta-servlet.version setting it's value to 5.0.0. This will downgrade the jakarta-servlet artifact if the pom's parent extends from the spring-boot-parent.
  • Find patterns that require updating for Spring Boot 2.5 - Looks for a series of patterns that have not yet had auto-remediation recipes developed for.
  • Find projects affected by changes to the default error view message attribute - As of Spring Boot 2.5 the message attribute in the default error view was removed rather than blanked when it is not shown. spring-webmvc or spring-webflux projects that parse the error response JSON may need to deal with the missing item (release notes). You can still use the server.error.include-message property if you want messages to be included.
  • Finds uses of Encryptors.queryableText() - Encryptors.queryableText() is insecure and is removed in Spring Security 6.
  • Migrate SAP cloud foundry logging support to Spring Boot 3.x - Migrate SAP cloud foundry logging support from cf-java-logging-support-servlet to cf-java-logging-support-servlet-jakarta, to use Jakarta with Spring Boot 3.
  • Migrate Spring Boot 2.x projects to JUnit 5 from JUnit 4 - This recipe will migrate a Spring Boot application's tests from JUnit 4 to JUnit 5. This spring-specific migration includes conversion of Spring Test runners to Spring Test extensions and awareness of the composable Spring Test annotations.
  • Migrate Spring Boot Management Endpoint Security properties to 3.4 - Migrate the settings for Management Endpoint Security from true|false to read-only|none.
  • Migrate Spring Boot properties to 2.0 - Migrate properties found in application.properties and application.yml.
  • Migrate Spring Boot properties to 2.1 - Migrate properties found in application.properties and application.yml.
  • Migrate Spring Boot properties to 2.2 - Migrate properties found in application.properties and application.yml.
  • Migrate Spring Boot properties to 2.3 - Migrate properties found in application.properties and application.yml.
  • Migrate Spring Boot properties to 2.4 - Migrate properties found in application.properties and application.yml.
  • Migrate Spring Boot properties to 2.5 - Migrate properties found in application.properties and application.yml.
  • Migrate Spring Boot properties to 2.6 - Migrate properties found in application.properties and application.yml.
  • Migrate Spring Boot properties to 2.7 - Migrate properties found in application.properties and application.yml.
  • Migrate Spring Boot properties to 3.0 - Migrate properties found in application.properties and application.yml.
  • Migrate Spring Boot properties to 3.1 - Migrate properties found in application.properties and application.yml.
  • Migrate Spring Boot properties to 3.2 - Migrate properties found in application.properties and application.yml.
  • Migrate Spring Boot properties to 3.3 - Migrate properties found in application.properties and application.yml.
  • Migrate Spring Boot properties to 3.4 - Migrate properties found in application.properties and application.yml.
  • Migrate Spring Boot properties to 3.5 - Migrate properties found in application.properties and application.yml.
  • Migrate Spring Cloud Sleuth 3.1 to Micrometer Tracing 1.0 - Spring Cloud Sleuth has been discontinued and only compatible with Spring Boot 2.x.
  • Migrate Spring Cloud properties to 2020 - Migrate properties found in application.properties and application.yml.
  • Migrate Spring Cloud properties to 2021 - Migrate properties found in application.properties and application.yml.
  • Migrate Spring Cloud properties to 2022 - Migrate properties found in application.properties and application.yml.
  • Migrate Spring Cloud properties to 2023 - Migrate properties found in application.properties and application.yml.
  • Migrate Spring Cloud properties to 2024 - Migrate properties found in application.properties and application.yml.
  • Migrate Spring Cloud properties to 2025 - Migrate properties found in application.properties and application.yml.
  • Migrate Spring to Spring Boot - Migrate non Spring Boot applications to the latest compatible Spring Boot release. This recipe will modify an application's build files introducing Maven dependency management for Spring Boot, or adding the Gradle Spring Boot build plugin.
  • Migrate dropWizard dependencies to Spring Boot 3.x - Migrate dropWizard dependencies to the new artifactId, since these are changed with Spring Boot 3.
  • Migrate from Spring Boot 1.x to 2.0 - Migrate Spring Boot 1.x applications to the latest Spring Boot 2.0 release. This recipe will modify an application's build files, make changes to deprecated/preferred APIs, and migrate configuration settings that have changes between versions. This recipe will also chain additional framework migrations (Spring Framework, Spring Data, etc) that are required as part of the migration to Spring Boot 2.0.
  • Migrate rider-spring (JUnit4) to rider-junit5 (JUnit5) - This recipe will migrate the necessary dependencies and annotations from DbRider with JUnit4 to JUnit5 in a Spring application.
  • Migrate thymeleaf dependencies to Spring Boot 3.x - Migrate thymeleaf dependencies to the new artifactId, since these are changed with Spring Boot 3.
  • Migrate to Spring Batch 5.0 from 4.3 - Migrate applications built on Spring Batch 4.3 to the latest Spring Batch 5.0 release.
  • Migrate to Spring Boot 2.1 - Migrate applications to the latest Spring Boot 2.1 release. This recipe will modify an application's build files, make changes to deprecated/preferred APIs, and migrate configuration settings that have changes between versions. This recipe will also chain additional framework migrations (Spring Framework, Spring Data, etc) that are required as part of the migration to Spring Boot 2.1.
  • Migrate to Spring Boot 2.2 - Migrate applications to the latest Spring Boot 2.2 release. This recipe will modify an application's build files, make changes to deprecated/preferred APIs, and migrate configuration settings that have changes between versions. This recipe will also chain additional framework migrations (Spring Framework, Spring Data, etc) that are required as part of the migration to Spring Boot 2.2.
  • Migrate to Spring Boot 2.3 - Migrate applications to the latest Spring Boot 2.3 release. This recipe will modify an application's build files, make changes to deprecated/preferred APIs, and migrate configuration settings that have changes between versions. This recipe will also chain additional framework migrations (Spring Framework, Spring Data, etc) that are required as part of the migration to Spring Boot 2.3.
  • Migrate to Spring Boot 2.4 - Migrate applications to the latest Spring Boot 2.4 release. This recipe will modify an application's build files, make changes to deprecated/preferred APIs, and migrate configuration settings that have changes between versions. This recipe will also chain additional framework migrations (Spring Framework, Spring Data, etc) that are required as part of the migration to Spring Boot 2.4.
  • Migrate to Spring Boot 2.6 - Migrate applications to the latest Spring Boot 2.6 release. This recipe will modify an application's build files, make changes to deprecated/preferred APIs, and migrate configuration settings that have changes between versions. This recipe will also chain additional framework migrations (Spring Framework, Spring Data, etc) that are required as part of the migration to Spring Boot 2.6.
  • Migrate to Spring Boot 3.0 - Migrate applications to the latest Spring Boot 3.0 release. This recipe will modify an application's build files, make changes to deprecated/preferred APIs, and migrate configuration settings that have changes between versions. This recipe will also chain additional framework migrations (Spring Framework, Spring Data, etc) that are required as part of the migration to Spring Boot 2.7.
  • Migrate to Spring Boot 3.1 - Migrate applications to the latest Spring Boot 3.1 release. This recipe will modify an application's build files, make changes to deprecated/preferred APIs, and migrate configuration settings that have changes between versions. This recipe will also chain additional framework migrations (Spring Framework, Spring Data, etc) that are required as part of the migration to Spring Boot 3.0.
  • Migrate to Spring Boot 3.2 - Migrate applications to the latest Spring Boot 3.2 release. This recipe will modify an application's build files, make changes to deprecated/preferred APIs, and migrate configuration settings that have changes between versions. This recipe will also chain additional framework migrations (Spring Framework, Spring Data, etc) that are required as part of the migration to Spring Boot 3.1.
  • Migrate to Spring Boot 3.3 - Migrate applications to the latest Spring Boot 3.3 release. This recipe will modify an application's build files, make changes to deprecated/preferred APIs, and migrate configuration settings that have changes between versions. This recipe will also chain additional framework migrations (Spring Framework, Spring Data, etc) that are required as part of the migration to Spring Boot 3.2.
  • Migrate to Spring Boot 3.4 - Migrate applications to the latest Spring Boot 3.4 release. This recipe will modify an application's build files, make changes to deprecated/preferred APIs, and migrate configuration settings that have changes between versions. This recipe will also chain additional framework migrations (Spring Framework, Spring Data, etc) that are required as part of the migration to Spring Boot 3.4.
  • Migrate to Spring Boot 3.4 - Migrate applications to the latest Spring Boot 3.4 release. This recipe will modify an application's build files, make changes to deprecated/preferred APIs.
  • Migrate to Spring Boot 3.5 - Migrate applications to the latest Spring Boot 3.5 release. This recipe will modify an application's build files, make changes to deprecated/preferred APIs, and migrate configuration settings that have changes between versions. This recipe will also chain additional framework migrations (Spring Framework, Spring Data, etc) that are required as part of the migration to Spring Boot 3.5.
  • Migrate to Spring Cloud 2022 - Migrate applications to the latest Spring Cloud 2022 (Kilburn) release.
  • Migrate to Spring Cloud 2023 - Migrate applications to the latest Spring Cloud 2023 (Leyton) release.
  • Migrate to Spring Cloud 2024 - Migrate applications to the latest Spring Cloud 2024 (Moorgate) release.
  • Migrate to Spring Cloud 2025 - Migrate applications to the latest Spring Cloud 2025 (Northfields) release.
  • Migrate to Spring Kafka 3.0 - Migrate applications to the latest Spring Kafka 3.0 release.
  • Migrate to Spring Kafka 3.3 - Migrate applications to the latest Spring Kafka 3.3 release.
  • Migrate to Spring Security 5.7 - Migrate applications to the latest Spring Security 5.7 release. This recipe will modify an application's build files, make changes to deprecated/preferred APIs, and migrate configuration settings that have changes between versions.
  • Migrate to Spring Security 5.8 - Migrate applications to the latest Spring Security 5.8 release. This recipe will modify an application's build files, make changes to deprecated/preferred APIs, and migrate configuration settings that have changes between versions.
  • Migrate to Spring Security 6.0 - Migrate applications to the latest Spring Security 6.0 release. This recipe will modify an application's build files, make changes to deprecated/preferred APIs, and migrate configuration settings that have changes between versions.
  • Migrate to Spring Security 6.1 - Migrate applications to the latest Spring Security 6.1 release. This recipe will modify an application's build files, make changes to deprecated/preferred APIs, and migrate configuration settings that have changes between versions.
  • Migrate to Spring Security 6.2 - Migrate applications to the latest Spring Security 6.2 release. This recipe will modify an application's build files, make changes to deprecated/preferred APIs, and migrate configuration settings that have changes between versions.
  • Migrate to Spring Security 6.3 - Migrate applications to the latest Spring Security 6.3 release. This recipe will modify an application's build files, make changes to deprecated/preferred APIs, and migrate configuration settings that have changes between versions.
  • Migrate to Spring Security 6.4 - Migrate applications to the latest Spring Security 6.4 release. This recipe will modify an application's build files, make changes to deprecated/preferred APIs, and migrate configuration settings that have changes between versions.
  • Remove the deprecated properties additional-keys-to-sanitize from the configprops and env end points - Spring Boot 3.0 removed the key-based sanitization mechanism used in Spring Boot 2.x in favor of a unified approach. See https://github.com/openrewrite/rewrite-spring/issues/228
  • Remove unnecessary use-authorization-manager for message security in Spring security 6 - In Spring Security 6, &lt;websocket-message-broker&gt; defaults use-authorization-manager to true. So, the use-authorization-manager attribute for message security is no longer needed and can be removed.
  • Rename server.max-http-header-size to server.max-http-request-header-size - Previously, the server.max-http-header-size was treated inconsistently across the four supported embedded web servers. When using Jetty, Netty, or Undertow it would configure the max HTTP request header size. When using Tomcat it would configure the max HTTP request and response header sizes. The renamed property is used to configure the http request header size in Spring Boot 3.0. To limit the max header size of an HTTP response on Tomcat or Jetty (the only two servers that support such a setting), use a WebServerFactoryCustomizer.
  • Rename the package name from com.nimbusds.jose.shaded.json to net.minidev.json - Rename the package name from com.nimbusds.jose.shaded.json to net.minidev.json.
  • Replace global method security with method security - @EnableGlobalMethodSecurity and &lt;global-method-security&gt; are deprecated in favor of @EnableMethodSecurity and &lt;method-security&gt;, respectively. The new annotation and XML element activate Spring’s pre-post annotations by default and use AuthorizationManager internally.
  • Spring Boot 2.x best practices - Applies best practices to Spring Boot 2 applications.
  • Spring Boot 3.3 best practices - Applies best practices to Spring Boot 3 applications.
  • Spring Boot 3.3 best practices (only) - Applies best practices to Spring Boot 3 applications, without chaining in upgrades to Spring Boot.
  • Spring Boot 3.5 best practices - Applies best practices to Spring Boot 3.5+ applications.
  • Upgrade Gradle 8 to 8.4+ for Spring Boot 3.4 - Spring Boot 3.4 requires Gradle 8.4+.
  • Upgrade Gradle to 7.6.4+ for Spring Boot 3.4 - Spring Boot 3.4 requires Gradle 7.6.4.
  • Upgrade dependencies to Spring Cloud 2022 - Upgrade dependencies to Spring Cloud 2022 from prior 2021.x version.
  • Upgrade dependencies to Spring Cloud 2023 - Upgrade dependencies to Spring Cloud 2023 from prior 2022.x version.
  • Upgrade dependencies to Spring Cloud 2024 - Upgrade dependencies to Spring Cloud 2024 from prior 2023.x version.
  • Upgrade dependencies to Spring Cloud 2025 - Upgrade dependencies to Spring Cloud 2025 from prior 2024.x version.
  • Use bean name applicationTaskExecutor instead of taskExecutor - Spring Boot 3.5 removed the bean name taskExecutor. Where this bean name is used, the recipe replaces the bean name to applicationTaskExecutor. This also includes instances where the developer provided their own bean named taskExecutor. This also includes scenarios where JSR-250's @Resource annotation is used.

springdata

1 recipe

springdoc

9 recipes

springfox

2 recipes

springframework

8 recipes

sqlserver

1 recipe

storybook

9 recipes

stylistic

87 recipes

svelte

18 recipes

swagger

9 recipes

taglib

3 recipes

taglibs

1 recipe

terraform

114 recipes

test

2 recipes

testing

39 recipes

testng

1 recipe

testwebxml

1 recipe

thymeleaf

1 recipe

tld

1 recipe

tracing

1 recipe

transaction

2 recipes

unaffected

1 recipe

underscore

4 recipes

validation

2 recipes

validation-mapping

1 recipe

var

1 recipe

  • Use local variable type inference - Apply local variable type inference (var) for primitives and objects. These recipes can cause unused imports, be advised to run `org.openrewrite.java.RemoveUnusedImports afterwards.

virtual_threads

2 recipes

  • Find Virtual Thread opportunities - Find opportunities to convert existing code to use Virtual Threads.
  • Find non-virtual ExecutorService creation - Find all places where static java.util.concurrent.Executors method creates a non-virtual java.util.concurrent.ExecutorService. This recipe can be used to search fro ExecutorService that can be replaced by Virtual Thread executor.

vue

57 recipes

web-api

1 recipe

web-app

2 recipes

web-fragment

1 recipe

weblogic

51 recipes

webservices

3 recipes

webservices-policy

2 recipes

webxml

1 recipe

wsee-clientHandlerChain

2 recipes

wsee-standaloneclient

2 recipes

xhtml

1 recipe

xjb

1 recipe

xmlunit

1 recipe