Tip
To discuss issues privately, reach out via openapi2javarecords@protonmail.com.
| Version | Supported |
|---|---|
| 3.x | ✅ |
| 2.x | ✅ |
| < 2.0 | ❌ |
Caution
If you discover a potential security vulnerability within the .mustache templates of this project, please do not use the public issue tracker. Instead, follow these steps:
Please report vulnerabilities by opening a Draft Security Advisory on GitHub. Or, provide details via openapi2javarecords@protonmail.com.
You can expect an initial acknowledgement of your report within 48–72 hours.
Once a fix is ready and a new version is published, a public security advisory will be released to credit your discovery and notify the community.
Note
This allows for a private conversation between you and the maintainer. You may opt-out of the credit and remain anonymous, if desired.
Caution
Since these templates are used for code generation, users should adhere to the following:
- Inspect OpenAPI Spec
- Ensure your source OpenAPI specification files are from a trusted source.
- Dependency Management
- Use Dependabot or similar tools to stay updated with the latest template versions.
- Only retrieve these
.mustachetemplates from Official Sources!- GitHub Packages
- Maven Central
- Review Files Used When Generating
- ALWAYS secure that input-files (such as
.mustachefiles) are authentic, that no unexpected files are downloaded and/or retrieved, and only trusted files are used for code generation. - It is recommended to explicitly state what files you expect to retrieve from this project, i.e., do not retrieve any arbitrary files like:
*/*or*.mustache. - Instead, import these files located in
templates/explicitly:generateBuilders.mustachejavadoc.mustachelicenseInfo.mustachemodelEnum.mustachepojo.mustacheuseBeanValidation.mustache
- ALWAYS secure that input-files (such as
- Review Generated Code
- ALWAYS secure that resulting files - whether new, modified or removed - are as expected.
An overview of the entities, contexts and domains within and surrounding this project. The purpose of the following diagram, is to highlight key "actors" or entities in the complete use-case of this project. Each entity presented SHOULD be considered having some impact of the resulting Generated Code, and SHOULD hence also be considered a point of risk. Arrows indicate information/data flow, where solid lines indicate a direct influence, while dotted lines MAY have an indirect influence. E.g. the OpenAPI Specification is directly used in openapi-generator, which will indirectly affect the Mustache Templates.
flowchart TB
invoker(("
Invoker
(User / CI)
"))
subgraph openapi-to-java-records-mustache-templates
mustache_templates["Mustache Templates"]
end
subgraph Extended [Extended openapi-generator Context]
code_dependencies["Code Dependencies"]
plugin_configuration["
openapi-generator
Configuration
"]
subgraph openapi-generator
maven_plugin["openapi-generator-maven-plugin"]
openapi_generator_cli["openapi-generator-cli"]
openapi_generator["`openapi-generator`"]
end
end
subgraph External
cli["CLI"]
mvn_gradle["`Maven/Gradle`"]
openapi_spec["OpenAPI Specification"]
end
generated_code["Generated Code"]
downstream_dependent["Downstream Dependent Code"]
style External fill:#500
style Extended fill:#550
style openapi-generator fill:#050
style openapi-to-java-records-mustache-templates fill:#050
invoker --> mvn_gradle & cli
mvn_gradle --> maven_plugin
maven_plugin --> openapi_generator
cli --> openapi_generator_cli
openapi_generator_cli --> openapi_generator
plugin_configuration --> openapi_generator
code_dependencies -.-> openapi_generator
plugin_configuration -.-> mustache_templates
openapi_spec --> openapi_generator
openapi_spec -.-> mustache_templates
openapi_generator <--> mustache_templates
openapi_generator ==> generated_code
mustache_templates -.-> generated_code
generated_code ==> downstream_dependent