gh-openrewrite-rewrite-docs…/skills/writing-openrewrite-recipes/references/recipes-static-analysis-common.csv

Fully Qualified Recipe Name,Recipe Name,Description
io.moderne.cryptography.FindRSAKeyGenParameters,Find RSA key generation parameters,Finds RSAKeyGenParameterSpec instantiations and extracts their parameter values into a data table.
io.moderne.cryptography.FindSSLSocketParameters,Find SSL socket configuration parameters,Finds SSLSocket setter method invocations and extracts their parameter values into a data table.
io.moderne.cryptography.FindSecurityModifications,Find Security class modifications,Finds invocations of java.security.Security methods that modify security configuration such as removeProvider addProvider insertProviderAt setProperty and removeProperty.
io.moderne.cryptography.FindSecuritySetProperties,Find `Security.setProperty(..)` calls for certain properties,There is a defined set of properties that should not be set using `Security.setProperty(..)` as they can lead to security vulnerabilities.
io.moderne.hibernate.search.FindJPQLDefinitions,Find JPQL definitions,Find Java Persistence Query Language definitions in the codebase.
org.openrewrite.analysis.java.FindNullPointerIssues,Find null pointer issues,Detects potential null pointer dereferences using path-sensitive analysis to distinguish between definite NPEs possible NPEs and safe dereferences.
org.openrewrite.analysis.java.controlflow.FindUnusedDefinitions,Find unused variable definitions,Identifies variable assignments whose values are never used before being overwritten.
org.openrewrite.analysis.java.controlflow.search.FindCyclomaticComplexity,Find cyclomatic complexity,Calculates the cyclomatic complexity of methods and produces a data table containing the class name method name argument types complexity value and complexity threshold.
org.openrewrite.analysis.java.controlflow.search.FindUnreachableCode,Find unreachable code,Uses control flow analysis to identify statements that can never be executed.
org.openrewrite.analysis.java.dataflow.FindDeadStores,Find dead stores,Identifies variable assignments whose values are never used before being overwritten or going out of scope.
org.openrewrite.analysis.java.security.FindSecurityVulnerabilities,Find security vulnerabilities using taint analysis,Identifies potential security vulnerabilities where untrusted data from sources flows to sensitive sinks without proper sanitization.
org.openrewrite.analysis.java.datalineage.TrackDataLineage,Track data lineage,Tracks the flow of data from database sources (JDBC queries JPA entities) to API sinks (REST endpoints GraphQL mutations) to understand data dependencies and support compliance requirements.
org.openrewrite.analysis.java.privacy.FindPiiExposure,Find PII exposure in logs and external APIs,Detects when Personally Identifiable Information (PII) is exposed through logging statements or sent to external APIs without proper sanitization. This helps prevent data leaks and ensures compliance with privacy regulations like GDPR and CCPA.
org.openrewrite.analysis.java.security.FindCommandInjection,Find command injection vulnerabilities,Detects when user-controlled input flows into system command execution methods like Runtime.exec() or ProcessBuilder which could allow attackers to execute arbitrary commands.
org.openrewrite.analysis.java.security.FindLdapInjection,Find LDAP injection vulnerabilities,Finds LDAP injection vulnerabilities by tracking tainted data flow from user input to LDAP queries.
org.openrewrite.analysis.java.security.FindPathTraversal,Find path traversal vulnerabilities,Detects potential path traversal vulnerabilities where user input flows to file system operations without proper validation.
org.openrewrite.analysis.java.security.FindSqlInjection,Find SQL injection vulnerabilities,Detects potential SQL injection vulnerabilities where user input flows to SQL execution methods without proper sanitization.
org.openrewrite.analysis.java.security.FindUnencryptedPiiStorage,Find unencrypted PII storage,Identifies when personally identifiable information (PII) is stored in databases files or other persistent storage without encryption.
org.openrewrite.analysis.java.security.FindXssVulnerability,Find XSS vulnerabilities,Detects potential cross-site scripting vulnerabilities where user input flows to output methods without proper sanitization.
org.openrewrite.analysis.java.security.FindXxeVulnerability,Find XXE vulnerabilities,Locates XML parsers that are not configured to prevent XML External Entity (XXE) attacks.
io.moderne.vulncheck.FixVulnCheckVulnerabilities,Use [VulnCheck Exploit Intelligence](https://docs.vulncheck.com/products/exploit-and-vulnerability-intelligence/exploit-intelligence) to fix vulnerabilities,This software composition analysis (SCA) tool detects and upgrades dependencies with publicly disclosed vulnerabilities. This recipe both generates a report of vulnerable dependencies and upgrades to newer versions with fixes. This recipe by default only upgrades to the latest **patch** version.  If a minor or major upgrade is required to reach the fixed version this can be controlled using the `maximumUpgradeDelta` option. Vulnerability information comes from VulnCheck Vulnerability Intelligence. The recipe has an option to limit fixes to only those vulnerabilities that have evidence of exploitation at various levels of severity.
org.openrewrite.FindCollidingSourceFiles,Find colliding source files,Finds source files which share a path with another source file. There should always be exactly one source file per path within a repository. This is a diagnostic for finding problems in OpenRewrite parsers/build plugins.
org.openrewrite.FindDeserializationErrors,Find deserialization errors,Produces a data table collecting all deserialization errors of serialized LSTs.
org.openrewrite.FindLstProvenance,Find LST provenance,Produces a data table showing what versions of OpenRewrite/Moderne tooling was used to produce a given LST.
org.openrewrite.FindParseFailures,Find source files with `ParseExceptionResult` markers,This recipe explores parse failures after an LST is produced for classifying the types of failures that can occur and prioritizing fixes according to the most common problems.
org.openrewrite.FindQuarks,Find instances of type `Quark`,`Quark` source files are pointers to the existence of a file without capturing any of the contents of the file.
org.openrewrite.FindSourceFiles,Find files,Find files by source path. Paths are always interpreted as relative to the repository root.
org.openrewrite.search.FindBuildMetadata,Find build metadata,Find source files with matching build metadata.
org.openrewrite.search.FindCommitters,Find committers on repositories,List the committers on a repository.
org.openrewrite.search.FindParseToPrintInequality,Find parse to print inequality,OpenRewrite `Parser` implementations should produce `SourceFile` objects whose `printAll()` method should be byte-for-byte equivalent with the original source file. When this isn't true recipes can still run on the `SourceFile` and even produce diffs but the diffs would fail to apply as a patch to the original source file. Most `Parser` use `Parser#requirePrintEqualsInput` to produce a `ParseError` when they fail to produce a `SourceFile` that is print idempotent.
org.openrewrite.search.RepositoryContainsFile,Repository contains file,Intended to be used primarily as a precondition for other recipes this recipe checks if a repository contains a specific file or files matching a pattern. If present all files in the repository are marked with a `SearchResult` marker. If you want to get only the matching file as a search result use `FindSourceFiles` instead.
org.openrewrite.text.Find,Find text,Textual search optionally using Regular Expression (regex) to query.
org.openrewrite.text.FindAndReplace,Find and replace,Textual find and replace optionally interpreting the search query as a Regular Expression (regex). When operating on source files that are language-specific Lossless Semantic Tree such as Java or XML this operation converts the source file to plain text for the rest of the recipe run. So if you are combining this recipe with language-specific recipes in a single recipe run put all the language-specific recipes before this recipe.
org.openrewrite.gradle.search.FindDependency,Find Gradle dependency,"Finds dependencies declared in gradle build files. See the [reference](https://docs.gradle.org/current/userguide/java_library_plugin.html#sec:java_library_configurations_graph) on Gradle configurations or the diagram below for a description of what configuration to use. A project's compile and runtime classpath is based on these configurations.  <img alt=""Gradle compile classpath"" src=""https://docs.gradle.org/current/userguide/img/java-library-ignore-deprecated-main.png"" width=""200px""/> A project's test classpath is based on these configurations.  <img alt=""Gradle test classpath"" src=""https://docs.gradle.org/current/userguide/img/java-library-ignore-deprecated-test.png"" width=""200px""/>."
org.openrewrite.gradle.search.FindDependencyHandler,Find Gradle `dependencies` blocks,Find the dependency handler containing any number of dependency definitions.
org.openrewrite.gradle.search.FindGradleProject,Find Gradle projects,Gradle projects are those with `build.gradle` or `build.gradle.kts` files.
org.openrewrite.gradle.search.FindGradleWrapper,Find Gradle wrappers,Find Gradle wrappers.
org.openrewrite.gradle.search.FindJVMTestSuites,Find Gradle JVMTestSuite plugin configuration,Find Gradle JVMTestSuite plugin configurations and produce a data table.
org.openrewrite.gradle.search.FindPlugins,Find Gradle plugin,Find a Gradle plugin by id and/or class name. For best results both should be specified as one cannot automatically be used to infer the other.
org.openrewrite.gradle.search.FindRepository,Find Gradle repository,Find a Gradle repository by url.
org.openrewrite.hcl.search.FindAndReplaceLiteral,Find and replace literals in HCL files,Find and replace literal values in HCL files. This recipe parses the source files on which it runs as HCL meaning you can execute HCL language-specific recipes before and after this recipe in a single recipe run.
org.openrewrite.hcl.search.FindContent,Find content,Find HCL content by path.
org.openrewrite.java.search.FindAnnotations,Find annotations,Find all annotations matching the annotation pattern.
org.openrewrite.java.search.FindClassHierarchy,Find class hierarchy,Discovers all class declarations within a project recording which files they appear in their superclasses and interfaces. That information is then recorded in a data table.
org.openrewrite.java.search.FindComments,Find within comments and literals,"Find regular expression matches within comments and literals. ""Literals"" includes string literals character literals and numeric literals."
org.openrewrite.java.search.FindCompileErrors,Find compile errors,Compile errors result in a particular LST structure that can be searched for.
org.openrewrite.java.search.FindDeprecatedClasses,Find uses of deprecated classes,Find uses of deprecated classes optionally ignoring those classes that are inside deprecated scopes.
org.openrewrite.java.search.FindDeprecatedFields,Find uses of deprecated fields,Find uses of deprecated fields in any API.
org.openrewrite.java.search.FindDeprecatedMethods,Find uses of deprecated methods,Find uses of deprecated methods in any API.
org.openrewrite.java.search.FindDeprecatedUses,Find uses of deprecated classes methods and fields,Find deprecated uses of methods fields and types. Optionally ignore those classes that are inside deprecated scopes.