Owasp recipe refers to missing Spring recipe - Githubissues

openrewrite / rewrite-java-security

OpenRewrite recipes for patching Java security vulnerabilities.

Apache License 2.0

17 stars 15 forks source link

Owasp recipe refers to missing Spring recipe #127

Closed Bananeweizen closed 6 months ago

Bananeweizen commented 6 months ago

What version of OpenRewrite are you using?

I am using

rewrite-java-security 2.5.0

What is the full stack trace of any errors you encountered?

[ERROR] Recipe validation error in org.openrewrite.java.security.OwaspA01.recipeList[3] (in jar:file:/C:/Users/foo/.m2/repository/org/openrewrite/recipe/rewrite-java-security/2.5.0/rewrite-java-security-2.5.0.jar!/META-INF/rewrite/owasp.yml): recipe 'org.openrewrite.java.security.spring.UnvalidatedRedirect' does not exist.

Are you interested in contributing a fix to OpenRewrite?

Maybe. The new entry in the yaml was added in https://github.com/openrewrite/rewrite-java-security/commit/894f757b9e23eb0e0a50444cd13ed2874017409e. I believe there is no such recipe anywhere in this or other rewrite repos, so the line should probably just be deleted again. However, I haven't really checked all the commits before and after that one, so I might miss something.

knutwannheden commented 6 months ago

@Bananeweizen Thanks for reporting. I indeed don't think that was intentional. I've removed it from the list.