openrewrite · bryceatmoderne · Dec 11, 2024 · Dec 11, 2024 · Dec 11, 2024 · Dec 11, 2024
diff --git a/build.gradle b/build.gradle
@@ -15,7 +15,7 @@ dependencyCheck {
 
 
 group = "org.openrewrite.recipe"
-description = "Enforce logging best practices and migrate between logging frameworks. Automatically."
+description = "Patch Java security vulnerabilities. Automatically."
 
 def rewriteVersion = rewriteRecipe.rewriteVersion.get()
 
@@ -25,6 +25,7 @@ recipeDependencies {
     parserClasspath("com.fasterxml.jackson.core:jackson-databind:2.13.+")
     parserClasspath("org.springframework:spring-context:5.+")
     parserClasspath("org.springframework.security:spring-security-config:5.+")
+    parserClasspath("org.springframework.security:spring-security-web:5.+")
     parserClasspath("javax:javaee-api:7.+")
     parserClasspath("jakarta.servlet:jakarta.servlet-api:4.+")
 }

diff --git a/...write/classpath/spring-context-5.3.33.jar → ...write/classpath/spring-context-5.3.39.jar b/...write/classpath/spring-context-5.3.33.jar → ...write/classpath/spring-context-5.3.39.jar
diff --git a/...asspath/spring-security-config-5.8.11.jar → ...asspath/spring-security-config-5.8.16.jar b/...asspath/spring-security-config-5.8.11.jar → ...asspath/spring-security-config-5.8.16.jar
diff --git a/src/main/resources/META-INF/rewrite/classpath/spring-security-web-5.8.16.jar b/src/main/resources/META-INF/rewrite/classpath/spring-security-web-5.8.16.jar
diff --git a/src/test/java/org/openrewrite/java/security/spring/CsrfProtectionTest.java b/src/test/java/org/openrewrite/java/security/spring/CsrfProtectionTest.java
@@ -38,7 +38,12 @@ public void putMessage(String key, @Nullable Object value) {
 
         spec.recipe(new CsrfProtection(null))
           .parser(JavaParser.fromJavaVersion()
-            .classpath("spring-boot-autoconfigure", "spring-security-config", "spring-context", "servlet-api", "spring-beans"))
+            .classpath(
+              "spring-boot-autoconfigure",
+              "spring-security-config",
+              "spring-context",
+              "servlet-api",
+              "spring-beans"))
           .executionContext(ctx); // don't skip source set generation
     }
 
@@ -50,7 +55,7 @@ void withSecurityConfig() {
           java(
                 """
             import org.springframework.boot.autoconfigure.SpringBootApplication;
-            
+
             @SpringBootApplication
             class Application {
             }
@@ -60,7 +65,7 @@ class Application {
               import org.springframework.context.annotation.Configuration;
               import org.springframework.security.config.annotation.web.builders.HttpSecurity;
               import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
-              
+
               @Configuration
               class SecurityConfig extends WebSecurityConfigurerAdapter {
                   @Override
@@ -73,7 +78,7 @@ protected void configure(HttpSecurity http) throws Exception {
               import org.springframework.security.config.annotation.web.builders.HttpSecurity;
               import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
               import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
-              
+
               @Configuration
               class SecurityConfig extends WebSecurityConfigurerAdapter {
                   @Override