Skip to content

[openrewrite] add JavaSecurityBestPractices#2645

Closed
Pankraz76 wants to merge 1 commit intodiffplug:mainfrom
Pankraz76:bp-rewrite-third-party
Closed

[openrewrite] add JavaSecurityBestPractices#2645
Pankraz76 wants to merge 1 commit intodiffplug:mainfrom
Pankraz76:bp-rewrite-third-party

Conversation

@Pankraz76
Copy link

@Pankraz76 Pankraz76 commented Sep 25, 2025 

All sources parsed, running active recipes: org.openrewrite.gradle.GradleBestPractices, org.openrewrite.java.RemoveUnusedImports, org.openrewrite.java.migrate.UpgradeToJava17, org.openrewrite.java.recipes.JavaRecipeBestPractices, org.openrewrite.java.recipes.RecipeTestingBestPractices, org.openrewrite.java.security.JavaSecurityBestPractices, org.openrewrite.staticanalysis.JavaApiBestPractices, org.openrewrite.staticanalysis.LowercasePackage, org.openrewrite.staticanalysis.MissingOverrideAnnotation, org.openrewrite.staticanalysis.ModifierOrder, org.openrewrite.staticanalysis.NoFinalizer, org.openrewrite.staticanalysis.RemoveUnusedLocalVariables, org.openrewrite.staticanalysis.RemoveUnusedPrivateFields, org.openrewrite.staticanalysis.RemoveUnusedPrivateMethods, org.openrewrite.gradle.GradleBestPractices, org.openrewrite.java.RemoveUnusedImports, org.openrewrite.java.migrate.UpgradeToJava17, org.openrewrite.java.recipes.JavaRecipeBestPractices, org.openrewrite.java.recipes.RecipeTestingBestPractices, org.openrewrite.java.security.JavaSecurityBestPractices, org.openrewrite.staticanalysis.JavaApiBestPractices, org.openrewrite.staticanalysis.LowercasePackage, org.openrewrite.staticanalysis.MissingOverrideAnnotation, org.openrewrite.staticanalysis.ModifierOrder, org.openrewrite.staticanalysis.NoFinalizer, org.openrewrite.staticanalysis.RemoveUnusedLocalVariables, org.openrewrite.staticanalysis.RemoveUnusedPrivateFields, org.openrewrite.staticanalysis.RemoveUnusedPrivateMethods, org.openrewrite.gradle.GradleBestPractices, org.openrewrite.java.RemoveUnusedImports, org.openrewrite.java.migrate.UpgradeToJava17, org.openrewrite.java.recipes.JavaRecipeBestPractices, org.openrewrite.java.recipes.RecipeTestingBestPractices, org.openrewrite.java.security.JavaSecurityBestPractices, org.openrewrite.staticanalysis.JavaApiBestPractices, org.openrewrite.staticanalysis.LowercasePackage, org.openrewrite.staticanalysis.MissingOverrideAnnotation, org.openrewrite.staticanalysis.ModifierOrder, org.openrewrite.staticanalysis.NoFinalizer, org.openrewrite.staticanalysis.RemoveUnusedLocalVariables, org.openrewrite.staticanalysis.RemoveUnusedPrivateFields, org.openrewrite.staticanalysis.RemoveUnusedPrivateMethods, org.openrewrite.gradle.GradleBestPractices, org.openrewrite.java.RemoveUnusedImports, org.openrewrite.java.migrate.UpgradeToJava17, org.openrewrite.java.recipes.JavaRecipeBestPractices, org.openrewrite.java.recipes.RecipeTestingBestPractices, org.openrewrite.java.security.JavaSecurityBestPractices, org.openrewrite.staticanalysis.JavaApiBestPractices, org.openrewrite.staticanalysis.LowercasePackage, org.openrewrite.staticanalysis.MissingOverrideAnnotation, org.openrewrite.staticanalysis.ModifierOrder, org.openrewrite.staticanalysis.NoFinalizer, org.openrewrite.staticanalysis.RemoveUnusedLocalVariables, org.openrewrite.staticanalysis.RemoveUnusedPrivateFields, org.openrewrite.staticanalysis.RemoveUnusedPrivateMethods, org.openrewrite.gradle.GradleBestPractices, org.openrewrite.java.RemoveUnusedImports, org.openrewrite.java.migrate.UpgradeToJava17, org.openrewrite.java.recipes.JavaRecipeBestPractices, org.openrewrite.java.recipes.RecipeTestingBestPractices, org.openrewrite.java.security.JavaSecurityBestPractices, org.openrewrite.staticanalysis.JavaApiBestPractices, org.openrewrite.staticanalysis.LowercasePackage, org.openrewrite.staticanalysis.MissingOverrideAnnotation, org.openrewrite.staticanalysis.ModifierOrder, org.openrewrite.staticanalysis.NoFinalizer, org.openrewrite.staticanalysis.RemoveUnusedLocalVariables, org.openrewrite.staticanalysis.RemoveUnusedPrivateFields, org.openrewrite.staticanalysis.RemoveUnusedPrivateMethods, org.openrewrite.gradle.GradleBestPractices, org.openrewrite.java.RemoveUnusedImports, org.openrewrite.java.migrate.UpgradeToJava17, org.openrewrite.java.recipes.JavaRecipeBestPractices, org.openrewrite.java.recipes.RecipeTestingBestPractices, org.openrewrite.java.security.JavaSecurityBestPractices, org.openrewrite.staticanalysis.JavaApiBestPractices, org.openrewrite.staticanalysis.LowercasePackage, org.openrewrite.staticanalysis.MissingOverrideAnnotation, org.openrewrite.staticanalysis.ModifierOrder, org.openrewrite.staticanalysis.NoFinalizer, org.openrewrite.staticanalysis.RemoveUnusedLocalVariables, org.openrewrite.staticanalysis.RemoveUnusedPrivateFields, org.openrewrite.staticanalysis.RemoveUnusedPrivateMethods
Changes have been made to lib/src/main/java/com/diffplug/spotless/FormatterProperties.java by:
    org.openrewrite.java.security.JavaSecurityBestPractices
        org.openrewrite.java.security.XmlParserXXEVulnerability
Changes have been made to lib/src/main/java/com/diffplug/spotless/java/FormatAnnotationsStep.java by:
    org.openrewrite.staticanalysis.RemoveUnusedPrivateFields
Changes have been made to lib/src/main/java/com/diffplug/spotless/kotlin/KtfmtStep.java by:
    org.openrewrite.staticanalysis.ModifierOrder
Changes have been made to lib/src/main/java/com/diffplug/spotless/biome/BiomeSettings.java by:
    org.openrewrite.staticanalysis.ModifierOrder
Changes have been made to lib/src/main/java/com/diffplug/spotless/NoLambda.java by:
    org.openrewrite.staticanalysis.ModifierOrder
Changes have been made to lib/src/main/java/com/diffplug/spotless/generic/IdeaStep.java by:
    org.openrewrite.java.security.JavaSecurityBestPractices
        org.openrewrite.java.security.SecureTempFileCreation
Changes have been made to lib/src/main/java/com/diffplug/spotless/npm/SimpleRestClient.java by:
    org.openrewrite.staticanalysis.ModifierOrder
Changes have been made to lib/src/main/java/com/diffplug/spotless/npm/StandardNpmProcessFactory.java by:
    org.openrewrite.staticanalysis.ModifierOrder
Changes have been made to lib/src/main/java/com/diffplug/spotless/sql/dbeaver/FormatterToken.java by:
    org.openrewrite.staticanalysis.MissingOverrideAnnotation
Changes have been made to lib/src/main/java/com/diffplug/spotless/sql/dbeaver/KeywordCase.java by:
    org.openrewrite.staticanalysis.MissingOverrideAnnotation
Changes have been made to lib/src/jackson/java/com/diffplug/spotless/glue/json/JacksonJsonFormatterFunc.java by:
    org.openrewrite.staticanalysis.MissingOverrideAnnotation
Changes have been made to lib/src/sortPom/java/com/diffplug/spotless/glue/pom/SortPomFormatterFunc.java by:
    org.openrewrite.java.security.JavaSecurityBestPractices
        org.openrewrite.java.security.SecureTempFileCreation
Changes have been made to lib-extra/src/main/java/com/diffplug/spotless/extra/GitRatchet.java by:
    org.openrewrite.staticanalysis.ModifierOrder
Changes have been made to lib-extra/src/main/java/com/diffplug/spotless/extra/GitAttributesLineEndings.java by:
    org.openrewrite.staticanalysis.ModifierOrder
Changes have been made to lib-extra/src/test/java/com/diffplug/spotless/extra/wtp/EclipseWtpFormatterStepTest.java by:
    org.openrewrite.java.security.JavaSecurityBestPractices
        org.openrewrite.java.security.SecureTempFileCreation
        org.openrewrite.staticanalysis.ModifierOrder
Changes have been made to lib-extra/src/test/java/com/diffplug/spotless/extra/groovy/GrEclipseFormatterStepTest.java by:
    org.openrewrite.staticanalysis.ModifierOrder
Changes have been made to plugin-gradle/src/main/java/com/diffplug/gradle/spotless/SpotlessTaskService.java by:
    org.openrewrite.staticanalysis.ModifierOrder
Changes have been made to plugin-gradle/src/main/java/com/diffplug/gradle/spotless/JsonExtension.java by:
    org.openrewrite.staticanalysis.MissingOverrideAnnotation
Changes have been made to plugin-gradle/src/main/java/com/diffplug/gradle/spotless/CssExtension.java by:
    org.openrewrite.staticanalysis.MissingOverrideAnnotation
Changes have been made to plugin-gradle/src/main/java/com/diffplug/gradle/spotless/JavascriptExtension.java by:
    org.openrewrite.staticanalysis.MissingOverrideAnnotation
        org.openrewrite.staticanalysis.ModifierOrder
Changes have been made to plugin-gradle/src/main/java/com/diffplug/gradle/spotless/FormatExtension.java by:
    org.openrewrite.staticanalysis.ModifierOrder
Changes have been made to plugin-gradle/src/main/java/com/diffplug/gradle/spotless/SpotlessTaskImpl.java by:
    org.openrewrite.staticanalysis.MissingOverrideAnnotation
Changes have been made to plugin-gradle/src/main/java/com/diffplug/gradle/spotless/TypescriptExtension.java by:
    org.openrewrite.staticanalysis.MissingOverrideAnnotation
Changes have been made to plugin-gradle/src/main/java/com/diffplug/gradle/spotless/IdeHook.java by:
    org.openrewrite.staticanalysis.ModifierOrder
Changes have been made to plugin-maven/src/main/java/com/diffplug/spotless/maven/incremental/UpToDateChecker.java by:
    org.openrewrite.staticanalysis.MissingOverrideAnnotation
Changes have been made to plugin-maven/src/main/java/com/diffplug/spotless/maven/ArtifactResolver.java by:
    org.openrewrite.staticanalysis.ModifierOrder
Changes have been made to plugin-maven/src/main/java/com/diffplug/spotless/maven/java/Eclipse.java by:
    org.openrewrite.staticanalysis.MissingOverrideAnnotation
Changes have been made to plugin-maven/src/main/java/com/diffplug/spotless/maven/javascript/EslintJs.java by:
    org.openrewrite.staticanalysis.MissingOverrideAnnotation
Changes have been made to testlib/src/test/java/com/diffplug/spotless/FileSignatureTest.java by:
    org.openrewrite.staticanalysis.ModifierOrder
Changes have been made to testlib/src/test/java/com/diffplug/spotless/GitPrePushHookInstallerTest.java by:
    org.openrewrite.staticanalysis.ModifierOrder
Please review and commit the results.
Estimate time saved: 1h 36m
close() called when useCnt is already zero for Repository[/Users/vincent.potucek/IdeaProjects/spotless/.git]

Pankraz76
Pankraz76 commented Sep 25, 2025
View reviewed changes
lib/src/main/java/com/diffplug/spotless/FormatterProperties.java
private Node getRootNode(final InputStream is) throws IOException, IllegalArgumentException {
try {
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
try {
Copy link
Author

@Pankraz76 Pankraz76 Sep 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is something i cant comprehend.

@nedtwigg
Copy link
Member

nedtwigg commented Sep 25, 2025

@nedtwigg nedtwigg closed this Sep 25, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Pankraz76 @nedtwigg