From 9ab5f8667a5b36b6ad49802b06d94eab1c587463 Mon Sep 17 00:00:00 2001 From: Jonathan Leitschuh Date: Thu, 15 Feb 2024 04:37:17 -0500 Subject: [PATCH] Improve `MigrateDefaultHttpClient` documentation (#493) Signed-off-by: Jonathan Leitschuh --- .../httpclient4/MigrateDefaultHttpClient.java | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/src/main/java/org/openrewrite/java/apache/httpclient4/MigrateDefaultHttpClient.java b/src/main/java/org/openrewrite/java/apache/httpclient4/MigrateDefaultHttpClient.java index 0351196d6..036263548 100644 --- a/src/main/java/org/openrewrite/java/apache/httpclient4/MigrateDefaultHttpClient.java +++ b/src/main/java/org/openrewrite/java/apache/httpclient4/MigrateDefaultHttpClient.java @@ -23,6 +23,9 @@ import org.openrewrite.java.search.UsesType; import org.openrewrite.java.tree.J; +import java.util.Collections; +import java.util.Set; + public class MigrateDefaultHttpClient extends Recipe { @Override public String getDisplayName() { @@ -31,8 +34,18 @@ public String getDisplayName() { @Override public String getDescription() { - return "Since DefaultHttpClient is deprecated, we need to change it to the CloseableHttpClient. " + - "It only covers the default scenario with no custom HttpParams or ConnectionManager."; + return "Since `DefaultHttpClient` is deprecated, we need to change it to the `CloseableHttpClient`. " + + "It only covers the default scenario with no custom `HttpParams` or `ConnectionManager`.\n\n" + + "Of note: the `DefaultHttpClient` [does not support TLS 1.2](https://find-sec-bugs.github.io/bugs.htm#DEFAULT_HTTP_CLIENT).\n" + + "\n" + + "References:\n" + + " - [Find Sec Bugs](https://find-sec-bugs.github.io/bugs.htm#DEFAULT_HTTP_CLIENT)" + + " - [IBM Support Pages](https://www.ibm.com/support/pages/im-using-apache-httpclient-make-outbound-call-my-web-application-running-websphere-application-server-traditional-and-im-getting-ssl-handshake-error-how-can-i-debug)"; + } + + @Override + public Set getTags() { + return Collections.singleton("CWE-326"); } @Override @@ -46,7 +59,7 @@ public TreeVisitor getVisitor() { @Override public J visitNewClass(J.NewClass newClass, ExecutionContext ctx) { - if (noArgsMatcher.matches(newClass.getConstructorType())) { + if (noArgsMatcher.matches(newClass)) { maybeAddImport("org.apache.http.impl.client.HttpClients"); doAfterVisit(new ChangeType( "org.apache.http.impl.client.DefaultHttpClient",