Skip to content

Provides different utilities methods to apply processing from a security perspective.

License

Notifications You must be signed in to change notification settings

righettod/code-snippets-security-utils

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Dependabot Updates Test MadeWithIntelliJ MadeWithMaven AutomatedWith TargetJDK

Description

Note

Java was chosen but the ideas behind the proposed code can be applied to other languages.

💻This project provides different utilities methods to apply processing from a security perspective. These code snippet:

  • Can be used, as "foundation", to customize the validation to the app context.
  • Were implemented in a way to facilitate adding or removal of validations depending on usage context.
  • Were centralized into one class to be able to enhance them across time as well as handle missing case/bug.

🔬I uses it, as a sandbox, to create/test/provide remediation code proposals when I perform web assessment or secure code review activities.

Disclaimer

Caution

I do not claim (and will never claim) that the proposed code is 100% effective, these are simply practical tests of ideas regarding security issues I have encountered.

📍The project will not be deployed, as an artefact, into the Maven repository or the GitHub Package repository because the code provided is intended to be tailored to the business and technical context of the application.

Tips for validating file contents

Note

The tips and code snippets provided enrich the advices provided by the OWASP File Upload Cheat Sheet.

flowchart TB
    A[File received] --> B("🔬Call corresponding isXXXSafe() methods")
    B --> C{🤔File is safe?}
    C -->|No| E[❌File rejected]
    C -->|Yes| D("🔬Call sanitizeFile() methods")
    D --> F{🤔Exception occur?} 
    F -->|Yes| E
    F -->|No| G[✅File accepted]
Loading

Content & conventions

📝Code is centralized into the class SecurityUtils.

🧪Unit tests are centralized into the class TestSecurityUtils.

📖Conventions used:

  • One utility methods in SecurityUtils class is associated to one unit test methods in TestSecurityUtils class: Both with the same name.
  • All tests data are stored into the resources folder of the test area.
  • Each utility methods have a single goal and is fully documented in terms of usage as well as Internet references used.

Documentation

The javadoc of the class SecurityUtils is exposed here.

Usage

👨‍💻The repository can be open directly into Intellij IDEA.

💻Maven command to run all the unit tests:

$ mvn clean test
[INFO] ------------------------------------------------
[INFO]  T E S T S
[INFO] ------------------------------------------------
[INFO] Running eu.righettod.TestSecurityUtils
[INFO] Tests run: 8, Failures: 0, Errors: 0, Skipped: 0

Misc