Security Traits

A collection of security traits

License

License

MIT License
Categories

Categories

Security
GroupId

GroupId

com.aaronbedra
ArtifactId

ArtifactId

security-traits
Last Version

Last Version

0.0.3
Release Date

Release Date

Type

Type

jar
Description

Description

Security Traits
A collection of security traits
Project URL

Project URL

https://github.com/abedra/security_traits
Source Code Management

Source Code Management

https://github.com/abedra/security_traits

Download security-traits

How to add to project

<!-- https://jarcasting.com/artifacts/com.aaronbedra/security-traits/ -->
<dependency>
    <groupId>com.aaronbedra</groupId>
    <artifactId>security-traits</artifactId>
    <version>0.0.3</version>
</dependency>
// https://jarcasting.com/artifacts/com.aaronbedra/security-traits/
implementation 'com.aaronbedra:security-traits:0.0.3'
// https://jarcasting.com/artifacts/com.aaronbedra/security-traits/
implementation ("com.aaronbedra:security-traits:0.0.3")
'com.aaronbedra:security-traits:jar:0.0.3'
<dependency org="com.aaronbedra" name="security-traits" rev="0.0.3">
  <artifact name="security-traits" type="jar" />
</dependency>
@Grapes(
@Grab(group='com.aaronbedra', module='security-traits', version='0.0.3')
)
libraryDependencies += "com.aaronbedra" % "security-traits" % "0.0.3"
[com.aaronbedra/security-traits "0.0.3"]

Dependencies

compile (8)

Group / Artifact Type Version
junit : junit jar 4.12
com.squareup.okhttp3 : okhttp jar 4.2.2
com.jnape.palatable : lambda jar 5.2.0
com.jnape.palatable : lambda test-jar 5.2.0
org.hamcrest : hamcrest jar 2.2
com.jnape.palatable : shoki jar 1.0-alpha-1
com.jnape.palatable : traitor jar 1.4.0
org.projectlombok : lombok jar 1.18.10

Project Modules

There are no modules declared in this project.

Security Traits

This project serves as a set of security focused unit tests. It can be used inside of a standalone test project or embedded into a JVM language project test suite. They should be used to test drive the security aspects of your systems.

Installation

Maven

<dependency>
  <groupId>com.aaronbedra</groupId>
  <artifactId>security-traits</artifactId>
  <version>0.0.3</version>
</dependency>

Gradle

implementation 'com.aaronbedra:security-traits:0.0.3'

For Non JVM based Projects

In order to create a test project, you will need to first create a JVM project. These examples use Java, but use is possible inside of any JVM language project capable of running JUnit tests.

For JVM Based Projects

Simply create a new test file and follow the examples below. Please be aware the traits will execute live HTTP requests. A network connection that has access to the destination url is required.

Traits

Web

@RunWith(Traits.class)
public class GetRepsheetTest {
    @TestTraits({
            SecureHeaders.class,
            SecureRedirect.class,
            SecureCookies.class
    })
    public WebRequestTestSubject<IO<?>, Cookie> secureHeaders() {
        return okHttpWebRequestTestSubject(hostname("getrepsheet.com"));
    }
}

Secure Headers

Makes the following assertions on response headers:

Header Expected Value
X-Frame-Options DENY
X-Content-Type-Options nosniff
X-XSS-Protection 1; mode=block
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Download-Options noopen
X-Permitted-Cross-Domain-Policy none

Secure Redirect

Makes the following assertions:

  • HTTP response status is 301
  • Location header is the HTTPS version of the requested URL.

Secure Cookies

Collects all cookies presented in the response and ensures they are marked HttpOnly and secure

Password

@RunWith(Traits.class)
public class PasswordTest {
    @TestTraits({
            AtLeastTwelveCharacters.class,
            AtLeastOneNumber.class,
            AtLeastOneUpper.class,
            AtLeastOneLower.class,
            AtLeastOneSpecial.class
    })
    public String passwordGeneratorSingleExecution() {
        return generatePassword(getConfiguration()).unsafeToString();
    }

    @TestTraits(Unique.class)
    public Fn0<String> passwordGeneratorMultipleExecutions() {
        return () -> generatePassword(getConfiguration()).unsafeToString();
    }

    @TestTraits({
            HasRedactedDefaultGetters.class,
            HasUnsafeToString.class
    })
    public Password redactedToString() {
        return password("testing");
    }

    private PasswordConfiguration getConfiguration() {
        return passwordConfiguration(
                passwordRequiredLength(12),
                passwordRequiredLowerCaseCharacters(1),
                passwordRequiredUpperCaseCharacters(1),
                passwordRequiredNumberCharacters(1),
                passwordRequiredSpecialCharacters(1)
        );
    }
}

Password Generation

The following traits are available to demonstrate secure password generation:

  • AtLeastOneNumber
  • AtLeastOneUpper
  • AtLeastOneLower
  • AtLeastOneSpecial
  • AtLeastTwelveCharacters
  • Unique

Password Objects

The following traits are available on constructed password objects:

  • HasRedactedDefaultGetters
  • HasUnsafeToString

Contributing

Pull requests, questions, and ideas for new test are always welcome. Feel free to open an issue or pull request at any time. The requirement for submission is that the idea be complete and the test suite passing.

Versions

Version
0.0.3
0.0.2
0.0.1