Skip to main content

Standalone Recipes

This doc contains recipes that are not included as part of any larger composite recipe. These recipes can be run independently and are not bundled with other recipes.

Total standalone recipes: 1784

other

rewrite-all

  • Find call graph - Produces a data table where each row represents a method call.
  • Find duplicate source files - Record the presence of LSTs with duplicate paths, indicating that the same file was parsed more than once.
  • Language composition report - Counts the number of lines of the various kinds of source code and data formats parsed by OpenRewrite. Comments are not included in line counts. This recipe emits its results as two data tables, making no changes to any source file. One data table is per-file, the other is per-repository.

rewrite-analysis

rewrite-apache

rewrite-azul

rewrite-circleci

rewrite-codemods

rewrite-compiled-analysis

rewrite-comprehension

rewrite-concourse

rewrite-core

  • Append to text file - Appends or replaces content of an existing plain text file, or creates a new one if it doesn't already exist. Please note that this recipes requires existing plain text files' format to be successfully parsable by OpenRewrite. If a file is left unchanged, it might be parsed as a Quark rather than plain text. In such case, use the plainTextMask option. See the Gradle or Maven plugin configuration page.
  • Change text - Completely replaces the contents of the text file with other text. Use together with a FindSourceFiles precondition to limit which files are changed.
  • Delete files - Delete files by source path.
  • End of Line @ End of File (EOL @ EOF) - Ensure that the file ends with the newline character. Note: If this recipe modifies a file, it converts the file into plain text. As such, this recipe should be run after any recipe that modifies the language-specific LST.
  • Experimental find text with multiselect - Search for text, treating all textual sources as plain text. This version of the recipe exists to experiment with multiselect recipe options.
  • Find LST provenance - Produces a data table showing what versions of OpenRewrite/Moderne tooling was used to produce a given LST.
  • Find build metadata - Find source files with matching build metadata.
  • Find colliding source files - Finds source files which share a path with another source file. There should always be exactly one source file per path within a repository. This is a diagnostic for finding problems in OpenRewrite parsers/build plugins.
  • Find committers on repositories - List the committers on a repository.
  • Find deserialization errors - Produces a data table collecting all deserialization errors of serialized LSTs.
  • Find files - Find files by source path. Paths are always interpreted as relative to the repository root.
  • Find instances of type Quark - Quark source files are pointers to the existence of a file without capturing any of the contents of the file.
  • Find parse to print inequality - OpenRewrite Parser implementations should produce SourceFile objects whose printAll() method should be byte-for-byte equivalent with the original source file. When this isn't true, recipes can still run on the SourceFile and even produce diffs, but the diffs would fail to apply as a patch to the original source file. Most Parser use Parser#requirePrintEqualsInput to produce a ParseError when they fail to produce a SourceFile that is print idempotent.
  • Find source files with ParseExceptionResult markers - This recipe explores parse failures after an LST is produced for classifying the types of failures that can occur and prioritizing fixes according to the most common problems.
  • Is in repository - A search recipe which marks files that are in a repository with one of the supplied names. Intended for use as a precondition for other recipes being run over many different repositories.
  • List runtime classpath - A diagnostic utility which emits the runtime classpath to a data table.
  • Move a file - Move a file to a different directory. The file name will remain the same.
  • Remove ignoral of files or directories from .gitignore - This recipe will remove a file or directory from the .gitignore file. If the file or directory is already in the .gitignore file, it will be removed or negated. If the file or directory is not in the .gitignore file, no action will be taken.
  • Repository contains file - Intended to be used primarily as a precondition for other recipes, this recipe checks if a repository contains a specific file or files matching a pattern. If present all files in the repository are marked with a SearchResult marker. If you want to get only the matching file as a search result, use FindSourceFiles instead.
  • Set file permission attributes - Set a file's read, write and executable permission attributes.
  • Show Git source control metadata - List out the contents of each unique GitProvenance marker in the set of source files. When everything is working correctly, exactly one such marker should be printed as all source files are expected to come from the same repository / branch / commit hash.
  • org.openrewrite.config.CompositeRecipe - A recipe that consists of a list of other recipes.

rewrite-cryptography

rewrite-csharp

rewrite-devcenter

  • Parent POM upgrade - Determine the current state of a repository relative to a desired parent POM upgrade.

rewrite-docker

rewrite-dotnet

rewrite-dropwizard

rewrite-feature-flags

rewrite-github-actions

rewrite-gitlab

rewrite-gradle

  • Add Gradle platform dependency - Add a gradle platform dependency to a build.gradle file in the correct configuration based on where it is used.
  • Add Gradle plugin - Add a build plugin to a Gradle build file's plugins block.
  • Add Gradle settings plugin - Add plugin to Gradle settings file plugins block by id.
  • Add a Gradle settings repository - Add a Gradle settings repository to settings.gradle(.kts).
  • Add the Develocity Gradle plugin - Add the Develocity Gradle plugin to settings.gradle files.
  • Change Extra Property - Gradle's ExtraPropertiesExtension is a commonly used mechanism for setting arbitrary key/value pairs on a project. This recipe will change the value of a property with the given key name if that key can be found. It assumes that the value being set is a String literal. Does not add the value if it does not already exist.
  • Change Gradle dependency - Change a Gradle dependency coordinates. The newGroupId or newArtifactId MUST be different from before.
  • Change a Gradle dependency classifier - Changes classifier of an existing dependency declared in build.gradle files.
  • Change a Gradle dependency extension - Changes extension of an existing dependency declared in build.gradle files.
  • Change a Gradle plugin - Changes the selected Gradle plugin to the new plugin.
  • Change a Gradle plugin version by id - Change a Gradle plugin by id to a later version.
  • Dependency constraint to resolution rule - Gradle dependency constraints are useful for managing the versions of transitive dependencies. Some plugins, such as the Spring Dependency Management plugin, do not respect these constraints. This recipe converts constraints into resolution rules, which can achieve similar effects to constraints but are harder for plugins to ignore.
  • Does not include Gradle dependency - A precondition which returns false if visiting a Gradle file which includes the specified dependency in the classpath of some scope. For compatibility with multimodule projects, this should most often be applied as a precondition.
  • Enable Develocity build cache - Adds buildCache configuration to develocity where not yet present.
  • Find Gradle JVMTestSuite plugin configuration - Find Gradle JVMTestSuite plugin configurations and produce a data table.
  • Find Gradle dependency - Finds dependencies declared in gradle build files. See the reference on Gradle configurations or the diagram below for a description of what configuration to use. A project's compile and runtime classpath is based on these configurations. <img alt="Gradle compile classpath" src="https://docs.gradle.org/current/userguide/img/java-library-ignore-deprecated-main.png" width="200px"/> A project's test classpath is based on these configurations. <img alt="Gradle test classpath" src="https://docs.gradle.org/current/userguide/img/java-library-ignore-deprecated-test.png" width="200px"/>.
  • Find Gradle plugin - Find a Gradle plugin by id and/or class name. For best results both should be specified, as one cannot automatically be used to infer the other.
  • Find Gradle projects - Gradle projects are those with build.gradle or build.gradle.kts files.
  • Find Gradle repository - Find a Gradle repository by url.
  • Find Gradle wrappers - Find Gradle wrappers.
  • Migrate from Gradle Enterprise to Develocity - Migrate from the Gradle Enterprise Gradle plugin to the Develocity Gradle plugin.
  • Module has dependency - Searches for Gradle Projects (modules) that have a dependency matching the specified id or implementing class. Places a SearchResult marker on all sources within a project with a matching dependency. This recipe is intended to be used as a precondition for other recipes. For example this could be used to limit the application of a spring boot migration to only projects that use spring-boot-starter, limiting unnecessary upgrading. If the search result you want is instead just the build.gradle(.kts) file that use the dependency, use the FindDependency recipe instead.
  • Module has plugin - Searches for Gradle Projects (modules) that have a plugin matching the specified id or implementing class. Places a SearchResult marker on all sources within a project with a matching plugin. This recipe is intended to be used as a precondition for other recipes. For example this could be used to limit the application of a spring boot migration to only projects that apply the spring dependency management plugin, limiting unnecessary upgrading. If the search result you want is instead just the build.gradle(.kts) file applying the plugin, use the FindPlugins recipe instead.
  • Remove a Gradle dependency - Removes a single dependency from the dependencies section of the build.gradle.
  • Remove redundant explicit dependencies and versions - Remove explicitly-specified dependencies and dependency versions that are managed by a Gradle platform/enforcedPlatform.
  • Remove repository - Removes a repository from Gradle build scripts. Named repositories include "jcenter", "mavenCentral", "mavenLocal", and "google".
  • Upgrade transitive Gradle dependencies - Upgrades the version of a transitive dependency in a Gradle build file. There are many ways to do this in Gradle, so the mechanism for upgrading a transitive dependency must be considered carefully depending on your style of dependency management.
  • Use HTTPS for repositories - Use HTTPS for repository URLs.
  • Use Map notation for Gradle dependency declarations - In Gradle, dependencies can be expressed as a String like &quot;groupId:artifactId:version&quot;, or equivalently as a Map like group: 'groupId', name: 'artifactId', version: 'version' (groovy) or group = &quot;groupId&quot;, name = &quot;artifactId&quot;, version = &quot;version&quot; (kotlin). This recipe replaces dependencies represented as Strings with an equivalent dependency represented as a Map.

rewrite-groovy

rewrite-hcl

rewrite-hibernate

  • Find JPQL definitions - Find Java Persistence Query Language definitions in the codebase.
  • Migrate UserType to Hibernate 6 - With Hibernate 6 the UserType interface received a type parameter making it more strictly typed. This recipe applies the changes required to adhere to this change.

rewrite-java

rewrite-java-dependencies

  • Dependency insight for Gradle and Maven - Finds dependencies, including transitive dependencies, in both Gradle and Maven projects. Matches within all Gradle dependency configurations and Maven scopes.
  • Dependency report - Emits a data table detailing all Gradle and Maven dependencies. This recipe makes no changes to any source file.
  • Dependency resolution diagnostic - Recipes which manipulate dependencies must be able to successfully access the artifact repositories and resolve dependencies from them. This recipe produces two data tables used to understand the state of dependency resolution. The Repository accessibility report lists all the artifact repositories known to the project and whether respond to network access. The network access is attempted while the recipe is run and so is representative of current conditions. The Gradle dependency configuration errors lists all the dependency configurations that failed to resolve one or more dependencies when the project was parsed. This is representative of conditions at the time the LST was parsed.
  • Find minimum JUnit version - A recipe to find the minimum version of JUnit dependencies. This recipe is designed to return the minimum version of JUnit in a project. It will search for JUnit 4 and JUnit 5 dependencies in the project. If both versions are found, it will return the minimum version of JUnit 4. If a minimumVersion is provided, the recipe will search to see if the minimum version of JUnit used by the project is no lower than the minimumVersion. For example: if the minimumVersion is 4, and the project has JUnit 4.12 and JUnit 5.7, the recipe will return JUnit 4.12. If the project has only JUnit 5.7, the recipe will return JUnit 5.7. Another example: if the minimumVersion is 5, and the project has JUnit 4.12 and JUnit 5.7, the recipe will not return any results.
  • Find relocated dependencies - Find Maven and Gradle dependencies and Maven plugins that have relocated to a new groupId or artifactId. Relocation information comes from the oga-maven-plugin maintained by Jonathan Lermitage, Filipe Roque and others. This recipe makes no changes to any source file by default. Add changeDependencies=true to change dependencies, but note that you might need to run additional recipes to update imports and adopt other breaking changes.
  • Find the oldest matching dependency version in use - The oldest dependency version in use is the lowest dependency version in use in any source set of any subproject of a repository. It is possible that, for example, the main source set of a project uses Jackson 2.11, but a test source set uses Jackson 2.16. In this case, the oldest Jackson version in use is Java 2.11.
  • Module has dependency - Searches for both Gradle and Maven modules that have a dependency matching the specified groupId and artifactId. Places a SearchResult marker on all sources within a module with a matching dependency. This recipe is intended to be used as a precondition for other recipes. For example this could be used to limit the application of a spring boot migration to only projects that use spring-boot-starter, limiting unnecessary upgrading. If the search result you want is instead just the build.gradle(.kts) or pom.xml file applying the plugin, use the FindDependency recipe instead.
  • Repository has dependency - Searches for both Gradle and Maven modules that have a dependency matching the specified groupId and artifactId. Places a SearchResult marker on all sources within a repository with a matching dependency. This recipe is intended to be used as a precondition for other recipes. For example this could be used to limit the application of a spring boot migration to only projects that use a springframework dependency, limiting unnecessary upgrading. If the search result you want is instead just the build.gradle(.kts) or pom.xml file applying the plugin, use the FindDependency recipe instead.
  • Upgrade transitive Gradle or Maven dependencies - Upgrades the version of a transitive dependency in a Maven pom.xml or Gradle build.gradle. Leaves direct dependencies unmodified. Can be paired with the regular Upgrade Dependency Version recipe to upgrade a dependency everywhere, regardless of whether it is direct or transitive.

rewrite-java-security

  • Dependency insight for C# - Finds dependencies in *.csproj and packages.config.
  • Find and fix vulnerable Nuget dependencies - This software composition analysis (SCA) tool detects and upgrades dependencies with publicly disclosed vulnerabilities. This recipe both generates a report of vulnerable dependencies and upgrades to newer versions with fixes. This recipe only upgrades to the latest patch version. If a minor or major upgrade is required to reach the fixed version, this recipe will not make any changes. Vulnerability information comes from the GitHub Security Advisory Database, which aggregates vulnerability data from several public databases, including the National Vulnerability Database maintained by the United States government. Dependencies following Semantic Versioning will see their patch version updated where applicable.
  • Find hard-coded loopback IPv4 addresses - Locates mentions of hard-coded IPv4 addresses from the loopback IP range. The loopback IP range includes 127.0.0.0 to 127.255.255.255. This detects the entire localhost/loopback subnet range, not just the commonly used 127.0.0.1.
  • Find hard-coded private IPv4 addresses - Locates mentions of hard-coded IPv4 addresses from private IP ranges. Private IP ranges include: * 192.168.0.0 to 192.168.255.255 * 10.0.0.0 to 10.255.255.255 * 172.16.0.0 to 172.31.255.255 It is not detecting the localhost subnet 127.0.0.0 to 127.255.255.255.
  • Find licenses in use in third-party dependencies - Locates and reports on all licenses in use.
  • Find sensitive API endpoints - Find data models exposed by REST APIs that contain sensitive information like PII and secrets.
  • Fix CWE-338 with SecureRandom - Use a cryptographically strong pseudo-random number generator (PRNG).
  • Improper privilege management - Marking code as privileged enables a piece of trusted code to temporarily enable access to more resources than are available directly to the code that called it.
  • Prevent clickjacking - The frame-ancestors directive can be used in a Content-Security-Policy HTTP response header to indicate whether or not a browser should be allowed to render a page in a &lt;frame&gt; or &lt;iframe&gt;. Sites can use this to avoid Clickjacking attacks by ensuring that their content is not embedded into other sites.
  • Remove unused dependencies - Scans through source code collecting references to types and methods, removing any dependencies that are not used from Maven or Gradle build files. This recipe takes reflective access into account: When reflective access to a class is made unambiguously via a string literal, such as: Class.forName(&quot;java.util.List&quot;) that is counted correctly. When reflective access to a class is made ambiguously via anything other than a string literal no dependencies will be removed. This recipe takes transitive dependencies into account: When a direct dependency is not used but a transitive dependency it brings in is in use the direct dependency is not removed.
  • Secure Spring service exporters - The default Java deserialization mechanism is available via ObjectInputStream class. This mechanism is known to be vulnerable. If an attacker can make an application deserialize malicious data, it may result in arbitrary code execution. Spring’s RemoteInvocationSerializingExporter uses the default Java deserialization mechanism to parse data. As a result, all classes that extend it are vulnerable to deserialization attacks. The Spring Framework contains at least HttpInvokerServiceExporter and SimpleHttpInvokerServiceExporter that extend RemoteInvocationSerializingExporter. These exporters parse data from the HTTP body using the unsafe Java deserialization mechanism. See the full blog post by Artem Smotrakov on CVE-2016-1000027 from which the above description is excerpted.
  • Secure random - Use cryptographically secure Pseudo Random Number Generation in the "main" source set. Replaces instantiation of java.util.Random with java.security.SecureRandom.
  • SecureRandom seeds are not constant or predictable - Remove SecureRandom#setSeed(*) method invocations having constant or predictable arguments.
  • Software bill of materials - Produces a software bill of materials (SBOM) for a project. An SBOM is a complete list of all dependencies used in a project, including transitive dependencies. The produced SBOM is in the CycloneDX XML format. Supports Gradle and Maven. Places a file named sbom.xml adjacent to the Gradle or Maven build file.
  • Upgrade C# dependency versions - Upgrades dependencies in *.csproj and packages.config.

rewrite-jenkins

rewrite-json

  • Add value to JSON Object - Adds a value at the specified keyPath with the specified key, if the key doesn't already exist.
  • Change key - Change a JSON mapping entry key, while leaving the value intact.
  • Change value - Change a JSON mapping entry value leaving the key intact.
  • Delete key - Delete a JSON mapping entry key.
  • Find JSON object members - Find JSON object members by JsonPath expression.
  • Format JSON - Format JSON code using a standard comprehensive set of JSON formatting recipes.
  • JSON indent - Format tabs and indents in JSON.
  • JSON new lines - Split members into separate lines in JSON.

rewrite-kotlin

rewrite-kubernetes

rewrite-liberty

rewrite-logging-frameworks

rewrite-maven

  • Add Maven parent - Add a parent pom to a Maven pom.xml. Does nothing if a parent pom is already present.
  • Add a comment to a Maven dependency - Adds a comment as the first element in a Maven dependency.
  • Add a configuration option for the Maven runtime - Add a new configuration option for the Maven runtime if not already present.
  • Add repository - Adds a new Maven Repository or updates a matching repository.
  • Add the Develocity Maven extension - To integrate the Develocity Maven extension into Maven projects, ensure that the develocity-maven-extension is added to the .mvn/extensions.xml file if not already present. Additionally, configure the extension by adding the .mvn/develocity.xml configuration file.
  • Change Maven Project Version - Change the project version of a Maven pom.xml. Identifies the project to be changed by its groupId and artifactId. If the version is defined as a property, this recipe will only change the property value if the property exists within the same pom.
  • Change Maven plugin configuration - Apply the specified configuration to a Maven plugin. Will not add the plugin if it does not already exist in the pom.
  • Change Maven plugin dependencies - Applies the specified dependencies to a Maven plugin. Will not add the plugin if it does not already exist in the pom.
  • Change Maven plugin executions - Apply the specified executions to a Maven plugin. Will not add the plugin if it does not already exist in the pom.
  • Dependency management dependencies should have a version - If they don't have a version, they can't possibly affect dependency resolution anywhere, and can be safely removed.
  • Does not include Maven dependency - A precondition which returns false if visiting a Maven pom which includes the specified dependency in the classpath of some scope. For compatibility with multimodule projects, this should most often be applied as a precondition.
  • Effective dependencies - Emit the data of binary dependency relationships.
  • Effective managed dependencies - Emit the data of binary dependency relationships.
  • Enable Develocity build cache - Add Develocity build cache configuration to any .mvn/ Develocity configuration file that lack existing configuration.
  • Find Maven dependency management entry - Finds first-order dependency management entries, i.e. dependencies that are defined directly in a project.
  • Find Maven plugin - Finds a Maven plugin within a pom.xml.
  • Find Maven project properties - Finds the specified Maven project properties within a pom.xml.
  • Find Maven projects - Maven projects are pom.xml files with a MavenResolutionResult marker.
  • Find SCM tag - Finds any &lt;scm&gt; tag directly inside the &lt;project&gt; root of a Maven pom.xml file.
  • Find effective maven settings - List the effective maven settings file for the current project.
  • Increment Maven project version - Increase Maven project version by incrementing either the major, minor, or patch version as defined by semver. Other versioning schemes are not supported.
  • List effective Maven repositories - Lists the Maven repositories that would be used for dependency resolution, in order of precedence. This includes Maven repositories defined in the Maven settings file (and those contributed by active profiles) as determined when the LST was produced.
  • Manage dependencies - Make existing dependencies managed by moving their version to be specified in the dependencyManagement section of the POM.
  • Maven parent insight - Find Maven parents matching a groupId and artifactId.
  • Maven repository order - Determine the order in which dependencies will be resolved for each pom.xml based on its defined repositories and effective settings.xml.
  • Modernize obsolete Maven poms - Very old Maven poms are no longer supported by current versions of Maven. This recipe updates poms with &lt;pomVersion&gt;3&lt;/pomVersion&gt; to &lt;modelVersion&gt;4.0.0&lt;/modelVersion&gt; of the Maven pom schema. This does not attempt to upgrade old dependencies or plugins and is best regarded as the starting point of a migration rather than an end-point.
  • Module has dependency - Searches for Maven modules that have a dependency matching the specified groupId and artifactId. Places a SearchResult marker on all sources within a module with a matching dependency. This recipe is intended to be used as a precondition for other recipes. For example this could be used to limit the application of a spring boot migration to only projects that use spring-boot-starter, limiting unnecessary upgrading. If the search result you want is instead just the build.gradle(.kts) file applying the plugin, use the FindDependency recipe instead.
  • Module has plugin - Searches for Maven modules that have a plugin matching the specified groupId and artifactId. Places a SearchResult marker on all sources within a module with a matching plugin. This recipe is intended to be used as a precondition for other recipes. For example this could be used to limit the application of a spring boot migration to only projects that apply the spring boot plugin, limiting unnecessary upgrading. If the search result you want is instead just the build.gradle(.kts) file applying the plugin, use the FindPlugins recipe instead.
  • Print Maven dependency hierarchy in DOT format - The DOT language format is specified here.
  • Remove repository - Removes a matching Maven repository.
  • Remove unused properties - Detect and remove Maven property declarations which do not have any usage within the project.
  • Update Maven wrapper - Update the version of Maven used in an existing Maven wrapper.
  • Upgrade transitive Maven dependencies - Upgrades the version of a transitive dependency in a Maven pom file. Leaves direct dependencies unmodified. Can be paired with the regular Upgrade Dependency Version recipe to upgrade a dependency everywhere, regardless of whether it is direct or transitive.

rewrite-micrometer

rewrite-micronaut

rewrite-migrate-java

rewrite-nodejs

  • Find Node.js projects - Find Node.js projects and summarize data about them.
  • Find and fix vulnerable npm dependencies - This software composition analysis (SCA) tool detects and upgrades dependencies with publicly disclosed vulnerabilities. This recipe both generates a report of vulnerable dependencies and upgrades to newer versions with fixes. This recipe only upgrades to the latest patch version. If a minor or major upgrade is required to reach the fixed version, this recipe will not make any changes. Vulnerability information comes from the GitHub Security Advisory Database, which aggregates vulnerability data from several public databases, including the National Vulnerability Database maintained by the United States government. Dependencies following Semantic Versioning will see their patch version updated where applicable.
  • Upgrade Node.js dependencies - Upgrade matching Node.js direct dependencies.

rewrite-properties

rewrite-quarkus

rewrite-rewrite

  • Find OpenRewrite recipes - This recipe finds all OpenRewrite recipes, primarily to produce a data table that is being used to experiment with fine-tuning a large language model to produce more recipes.

rewrite-spring

  • Add SetUseTrailingSlashMatch() in configuration - This is part of Spring MVC and WebFlux URL Matching Changes, as of Spring Framework 6.0, the trailing slash matching configuration option has been deprecated and its default value set to false. This means that previously, a controller @GetMapping(&quot;/some/greeting&quot;) would match both GET /some/greeting and GET /some/greeting/, but it doesn't match GET /some/greeting/ anymore by default and will result in an HTTP 404 error. This recipe is change the default with the global Spring MVC or Webflux configuration.
  • Add io.spring.dependency-management plugin, if in use - Prior to Spring Boot 2.0 the dependency management plugin was applied automatically as part of the overall spring boot plugin. Afterwards the dependency-management plugin must be applied explicitly, or Gradle's platform() feature may be used instead. This recipe makes usage of io-spring.dependency-management explicit in anticipation of upgrade to Spring Boot 2.0 or later.
  • Add missing @Configuration annotation - Class having @Bean annotation over any methods but missing @Configuration annotation over the declaring class would have @Configuration annotation added.
  • Add trailing slash to Spring routes - This is part of Spring MVC and WebFlux URL Matching Changes, as of Spring Framework 6.0, the trailing slash matching configuration option has been deprecated and its default value set to false. This means that previously, a controller @GetMapping(&quot;/some/greeting&quot;) would match both GET /some/greeting and GET /some/greeting/, but it doesn't match GET /some/greeting/ anymore by default and will result in an HTTP 404 error. This recipe is to add declaration of additional route explicitly on the controller handler (like @GetMapping(&quot;/some/greeting&quot;, &quot;/some/greeting/&quot;).
  • Bean methods should return concrete types - Replace Bean method return types with concrete types being returned. This is required for Spring 6 AOT.
  • Delete empty web.xml files - Deletes web.xml files that contain only an empty &lt;web-app&gt; root element with no child elements.
  • Expand Spring YAML properties - Expand YAML properties to not use the dot syntax shortcut.
  • Find HTTP API calls via RestTemplate - Find outbound HTTP API calls made via Spring's RestTemplate class.
  • Find Spring API endpoints - Find all HTTP API endpoints exposed by Spring applications. More specifically, this marks method declarations annotated with @RequestMapping, @GetMapping, @PostMapping, @PutMapping, @DeleteMapping, and @PatchMapping as search results.
  • Find Spring components - Find Spring components, including controllers, services, repositories, return types of @Bean annotated methods, etc.
  • Integration scheduler pool size - Spring Integration now reuses an available TaskScheduler rather than configuring its own. In a typical application setup relying on the auto-configuration, this means that Spring Integration uses the auto-configured task scheduler that has a pool size of 1. To restore Spring Integration’s default of 10 threads, use the spring.task.scheduling.pool.size property.
  • Is likely a Spring Boot project - Marks the project if it's likely a Spring Boot project.
  • Is likely a Spring Framework project - Marks the project if it's likely a Spring Framework project.
  • Is likely not a Spring Boot project - Marks the project if it's likely not a Spring Boot project.
  • Maintain trailing slash URL mappings - This is part of Spring MVC and WebFlux URL Matching Changes, as of Spring Framework 6.0, the trailing slash matching configuration option has been deprecated and its default value set to false. This means that previously, a controller @GetMapping(&quot;/some/greeting&quot;) would match both GET /some/greeting and GET /some/greeting/, but it doesn't match GET /some/greeting/ anymore by default and will result in an HTTP 404 error. This recipe is to maintain trailing slash in all HTTP url mappings.
  • Migrate multi-condition @ConditionalOnBean annotations - Migrate multi-condition @ConditionalOnBean annotations to AnyNestedCondition.
  • [Migrate ´web.xmltoWebApplicationInitializer](/recipes/java/spring/framework/webxml/webxmltowebapplicationinitializer.md) - _Migrate web.xmltoWebApplicationInitializerfor Spring applications. This allows for programmatic configuration of the web application context, replacing the need for XML-based configuration. This recipe only picks upweb.xmlfiles located in thesrc/main/webapp/WEB-INF` directory to avoid inference with tests._
  • Normalize Spring properties to kebab-case - Normalize Spring properties to use lowercase and hyphen-separated syntax. For example, changing spring.main.showBanner to spring.main.show-banner. With Spring's relaxed binding, kebab-case may be used in properties files and still be converted to configuration beans. Note, an exception to this is the case of @Value, which is match-sensitive. For example, @Value(&quot;${anExampleValue}&quot;) will not match an-example-value. The Spring reference documentation recommends using kebab-case for properties where possible.
  • Remove TestRestTemplate.HttpClientOption.ENABLE_REDIRECTS option - The TestRestTemplate now uses the same follow redirects settings as the regular RestTemplate. The HttpOption.ENABLE_REDIRECTS option has also been deprecated. This recipe removes the option from the TestRestTemplate constructor arguments.
  • Remove implicit web annotation names - Removes implicit web annotation names.
  • Remove unnecessary @Repository annotation from Spring Data Repository sub-interface - Removes superfluous @Repository annotation from Spring Data Repository sub-interfaces.
  • Remove unneeded oauth2Login config when upgrading to Spring Security 6 - oauth2Login() is a Spring Security feature that allows users to authenticate with an OAuth2 or OpenID Connect 1.0 provider. When a user is authenticated using this feature, they are granted a set of authorities that determines what actions they are allowed to perform within the application. In Spring Security 5, the default authority given to a user authenticated with an OAuth2 or OpenID Connect 1.0 provider via oauth2Login() is ROLE_USER. This means that the user is allowed to access the application's resources as a regular user. However, in Spring Security 6, the default authority given to a user authenticated with an OAuth2 provider is OAUTH2_USER, and the default authority given to a user authenticated with an OpenID Connect 1.0 provider is OIDC_USER. These authorities are more specific and allow for better customization of the user's permissions within the application. If you are upgrading to Spring Security 6 and you have previously configured a GrantedAuthoritiesMapper to handle the authorities of users authenticated via oauth2Login(), you can remove it completely as the new default authorities should be sufficient.
  • Rename bean - Renames a Spring bean, both declaration and references.
  • Separate application YAML by profile - The Spring team's recommendation is to separate profile properties into their own YAML files now.
  • Update the API manifest - Keep a consolidated manifest of the API endpoints that this application exposes up-to-date.
  • Upgrade Spring dependencies - Upgrades dependencies according to the specified version of spring boot. Spring boot has many direct and transitive dependencies. When a module has an explicit dependency on one of these it may also need to be upgraded to match the version used by spring boot.
  • Use TLS for AMQP connection strings - Use TLS for AMQP connection strings.
  • Use TLS for JDBC connection strings - Increasingly, for compliance reasons (e.g. NACHA), JDBC connection strings should be TLS-enabled. This recipe will update the port and optionally add a connection attribute to indicate that the connection is TLS-enabled.
  • Use DiskSpaceHealthIndicator(File, DataSize) - DiskSpaceHealthIndicator(File, long) was deprecated in Spring Data 2.1 for removal in 2.2.
  • Use QuerydslPredicateExecutor&lt;T&gt; - QuerydslJpaRepository&lt;T, ID extends Serializable&gt; was deprecated in Spring Data 2.1.

rewrite-sql

rewrite-static-analysis

rewrite-struts

  • Find Struts actions - Find actions and their associated definitions.
  • Find struts XML files - Struts XML files may have any name, and may be outside a resources directory, so the true test is to look at the content of the file.

rewrite-terraform

rewrite-testing-frameworks

rewrite-third-party

rewrite-vulncheck

  • Use VulnCheck Exploit Intelligence to fix vulnerabilities - This software composition analysis (SCA) tool detects and upgrades dependencies with publicly disclosed vulnerabilities. This recipe both generates a report of vulnerable dependencies and upgrades to newer versions with fixes. This recipe by default only upgrades to the latest patch version. If a minor or major upgrade is required to reach the fixed version, this can be controlled using the maximumUpgradeDelta option. Vulnerability information comes from VulnCheck Vulnerability Intelligence. The recipe has an option to limit fixes to only those vulnerabilities that have evidence of exploitation at various levels of severity.

rewrite-xml

rewrite-yaml

  • Append to sequence - Append item to YAML sequence.
  • Change YAML property - Change a YAML property. Expects dot notation for nested YAML mappings, similar to how Spring Boot interprets application.yml files.
  • Coalesce YAML properties - Simplify nested map hierarchies into their simplest dot separated property form, similar to how Spring Boot interprets application.yml files.
  • Create YAML file - Create a new YAML file.
  • Find YAML properties - Find YAML properties that match the specified propertyKey. Expects dot notation for nested YAML mappings, similar to how Spring Boot interprets application.yml files.
  • Unfold YAML properties - Transforms dot-separated property keys in YAML files into nested map hierarchies to enhance clarity and readability, or for compatibility with tools expecting structured YAML.
  • YAML indent - Format tabs and indents in YAML.