Package io.codemodder

Interface DependencyGAV

All Known Implementing Classes:
DependencyGAV.Default
public interface DependencyGAV
Models a Java dependency we might want to add.

  • Field Details

    • JAVA_SECURITY_TOOLKIT_VERSION

      static final String JAVA_SECURITY_TOOLKIT_VERSION
      See Also:

    • JAVA_SECURITY_TOOLKIT_GAV

      static final String JAVA_SECURITY_TOOLKIT_GAV
      See Also:

    • JAVA_SECURITY_TOOLKIT

      static final DependencyGAV JAVA_SECURITY_TOOLKIT
      The pixee Java Security Toolkit is required by many weaves/visitors, so we'll expose it here.

    • OWASP_XSS_JAVA_ENCODER

      static final DependencyGAV OWASP_XSS_JAVA_ENCODER
      There are multiple XSS rules require an XSS encoder.

  • Method Details

    • group

      String group()
      The group of the dependency. For example, org.owasp or com.google.guava.

    • artifact

      String artifact()
      The artifact of the dependency. For example, owasp-java-html-sanitizer.

    • version

      String version()
      The version of the dependency. For example, 2019.2.

    • justification

      Optional<String> justification()
      The justification for adding this dependency. For example, "We need this to sanitize HTML"

    • repositoryUrl

      Optional<String> repositoryUrl()
      The repository URL for this dependency's source control. If unknown, this will be empty.

    • hasNoTransitiveDependencies

      Optional<Boolean> hasNoTransitiveDependencies()
      Whether this dependency has transitive dependencies. If unknown, this will be empty.

    • license

      Optional<String> license()
      The license for this dependency.

    • createDefault

      static DependencyGAV createDefault(String group, String artifact, String version)
      Create a new DependencyGAV with the given group, artifact, and version -- the bare minimum to describe a dependency for injection. If more information is available, consider using createDefault(String, String, String, String, String, String, Boolean) which allows for more actionable information for developers to make informed choices about dependencies.

    • createDefault

      static DependencyGAV createDefault(String group, String artifact, String version, String justification, String license, String repositoryUrl, Boolean noTransitiveDependencies)
      Create a new DependencyGAV with the given group, artifact, version, justification, license, and repository URL.
      Parameters:
      group - the group of the dependency
      artifact - the artifact of the dependency
      version - the version of the dependency
      justification - a short text for the justification for adding this dependency (can be null)
      license - the license for this dependency (see DependencyLicenses for common licenses) (can be null)
      repositoryUrl - the repository URL for this dependency's source control (can be null)