This project holds multiple codemodder codemods that help with enforcing missing validation in JAX-RS controller methods.
The first codemod adds missing @Valid annotations to JAX-RS controller methods.
@Path("/example")
public class MyController {
@POST
@Consumes(MediaType.APPLICATION_JSON)
- public Response createMyDTO(MyDTO dto) {
+ public Response createMyDTO(@Valid MyDTO dto) {
// my business logic here
return Response.ok().build();
}
}The next codemod switches manually deserialized object patterns to using JAX-RS's built in deserialization, which would allow the framework to automatically apply validation.
@Path("/example")
public class MyController {
@POST
@Consumes(MediaType.APPLICATION_JSON)
- public Response createMyDTO(String body) {
+ public Response createMyDTO(@Valid MyDTO dto) {
// my business logic here
- MyDTO dto = new ObjectMapper().readValue(body, MyDTO.class);
doSomething(dto);
return Response.ok().build();
}
}-
Install JDK 17 for building this project. We recommend Eclipse Adoptium
-
Install Semgrep CLI. See here for instructions. It can usually be done via
pip:pip install semgrep
If your Python library paths contain your home directory as a root folder (i.e.
due to the use of the $HOME environment variable), you may need to manually
set up your PYTHONPATH for tests:
PYTHONPATH=$HOME/<subpath-to-python-libs-folder> ./gradlew checkYou can check your python paths with:
python -m site$ ./gradlew check$ ./gradlew distZipAfter building, you can run the distribution packaged in the distZip task.
$ cd app/build/distributions/
$ unzip app.zip
# do it without making the actual code changes on disk
$ app/bin/app --dry-run /my-project
# do it and make the actual code changes
$ app/bin/app /my-project