This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Category:OWASP Content Validation using Java Annotations Project"

From OWASP
Jump to: navigation, search
 
(14 intermediate revisions by 4 users not shown)
Line 1: Line 1:
 +
{|
 +
|-
 +
! width="700" align="center" | <br>
 +
! width="500" align="center" | <br>
 +
|-
 +
| align="right" | [[Image:OWASP Inactive Banner.jpg|800px| link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Inactive_Projects]]
 +
| align="right" |
 +
 +
|}
 
==== Main ====
 
==== Main ====
  
==== Project Identification ====
+
= Overview =
{{Template:OWASP Content Validation using Java Annotations Project}}
+
 
 +
The project was initially inspired by the input validation framework Heimdall [http://portal.acm.org/citation.cfm?id=1250584],
 +
where the main goal is to provide a clear separation between
 +
validation and application logic.
 +
This separation was achieved by using an XML configuration file
 +
defining which tests were to be run on which object properties.
 +
 
 +
The first step of our project consisted in checking whether
 +
the need for an XML external file could be eliminated by using annotations
 +
to associate tests and object properties, instead.
 +
 
 +
After a new input validation framework based on annotations was succesfully implemented,
 +
the focus of the project shifted to investigate how far annotations can be pushed
 +
for validation purpouses, while keeping their use as intuitive and simple as possible.
 +
 
 +
At the moment we defined and implemented:
 +
* ''composed'' annotations: which allow the user to compose existing annotations in a boolean fashion to create new tests without the need of writing new code.
 +
* ''cross'' annotations: which allow the user to define tests on multiple object properties, rather than just single ones, which have inter-dependent validation constraints.
 +
 
 +
Other main features that characterize the framework are:
 +
* Easy integration in any esisting Java projects
 +
* High reusability of existing validation tests
 +
* Possibility of creating new custom annotations with little effort
 +
 
 +
A slide presentation is available here [http://www.ii.uib.no/~dagh/validatorflyer.pdf PDF]
 +
while a full technical report can be downloaded here [http://www.ii.uib.no/publikasjoner/texrap/pdf/2009-389.pdf PDF]
 +
 
 +
= Project Goals =
 +
 
 +
The final goal of the project is to create a framework for input validation based on annotations, which is easy to use and will
 +
help integrate this aspect of security into both new and existing applications.
 +
 
 +
Th current goals are:
 +
* Continuously improving the framework with frequent releases
 +
* Extend the library of predefined annotations
 +
* Create an Eclipse plug-in to simplify the creation of custom annotations and help their insertion in the application code
 +
* Investigate further uses of annotations for input validation
 +
* Improve both the documentation
 +
* Implement a better summary for the validation results, that can contain custom error messages and that is easy to query by the user
 +
 
 +
= Main Links =
 +
 
 +
Full technical report [http://www.ii.uib.no/publikasjoner/texrap/pdf/2009-389.pdf TECHNICAL DOCUMENTATION]
 +
 
 +
Project [http://sourceforge.net/projects/shipvalidator/ DOWNLOAD SITE]
 +
 
 +
Email list [https://lists.owasp.org/mailman/listinfo/owasp_cvuja_project owasp_cvuja_project]
 +
 
 +
Bug Tracker : [https://sourceforge.net/tracker/?group_id=263528&atid=1160394 Sourceforge bug tracker]
 +
<!-- ==== Project Identification ====
 +
{{Template:OWASP Content Validation using Java Annotations Project}} -->
 +
 
 +
==== Project Details ====
 +
{{:GPC Project Details/OWASP Content Validation using Java Annotations Project | OWASP Project Identification Tab}}
 +
 
  
 
[[Category:OWASP Project|Content Validation using Java Annotations Project]]
 
[[Category:OWASP Project|Content Validation using Java Annotations Project]]

Latest revision as of 19:47, 23 January 2014
OWASP Inactive Banner.jpg

Main

The project was initially inspired by the input validation framework Heimdall [1], where the main goal is to provide a clear separation between validation and application logic. This separation was achieved by using an XML configuration file defining which tests were to be run on which object properties.

The first step of our project consisted in checking whether the need for an XML external file could be eliminated by using annotations to associate tests and object properties, instead.

After a new input validation framework based on annotations was succesfully implemented, the focus of the project shifted to investigate how far annotations can be pushed for validation purpouses, while keeping their use as intuitive and simple as possible.

At the moment we defined and implemented:

  • composed annotations: which allow the user to compose existing annotations in a boolean fashion to create new tests without the need of writing new code.
  • cross annotations: which allow the user to define tests on multiple object properties, rather than just single ones, which have inter-dependent validation constraints.

Other main features that characterize the framework are:

  • Easy integration in any esisting Java projects
  • High reusability of existing validation tests
  • Possibility of creating new custom annotations with little effort

A slide presentation is available here PDF while a full technical report can be downloaded here PDF

Subcategories

This category has only the following subcategory.

O

Retrieved from "https://wiki.owasp.org/index.php?title=Category:OWASP_Content_Validation_using_Java_Annotations_Project&oldid=166475"