Difference between revisions of "Category:OWASP Content Validation using Java Annotations Project"

From OWASP
Jump to: navigation, search
(First complete draft of project overview)
Line 3: Line 3:
 
= Overview =
 
= Overview =
  
We wish to explore the use of Java annotations for object validation, specifically for content validation. The result will be a framework which should be easy to use with an existing application. The existing approaches are either part of a large framework (e.g. JSR-303), which makes certain assumptions about the application, or restrict the developer in extending and/or customizing the validation framework. We have an initial implementation of a flexible framework which can be deployed with any Java application. We have also submitted a paper on our approach to an international security conference to be held later this year.  
+
The project was initially inspired by the input validation framework Heimdall [http://portal.acm.org/citation.cfm?id=1250584],  
 +
where the main goal is to provide a clear separation between
 +
validation and application logic.
 +
This separation was achieved by using an XML configuration file
 +
defining which tests were to be run on which object properties.
 +
 
 +
The first step of our project consisted in checking whether
 +
the need for an XML external file could be eliminated by using annotations
 +
to associate tests and object properties, instead.
 +
 
 +
After a new input validation framework based on annotations was succesfully implemented,  
 +
the focus of the project shifted to investigate how far annotations can be pushed
 +
for validation purpouses, while keeping their use as intuitive and simple as possible.
 +
 
 +
At the moment we defined and implemented:
 +
* ''composed'' annotations: which allow the user to compose existing annotations in a boolean fashion to create new tests without the need of writing new code.
 +
* ''cross'' annotations: which allow the user to define tests on multiple object properties, rather than just single ones, which have inter-dependent validation constraints.
 +
 
 +
Other main features that characterize the framework are:
 +
* Easy integration in any esisting Java projects
 +
* High reusability of existing validation tests
 +
* Possibility of creating new custom annotations with little effort
 +
 
 +
A slide presentation is available here [http://www.ii.uib.no/~dagh/validatorflyer.pdf PDF]
 +
 
  
 
= Project Goals =
 
= Project Goals =
 +
 +
The final goal of the project is to create a framework for input validation based on annotations, which is easy to use and will
 +
help integrate this aspect of security into both new and existing applications.
 +
 +
Th current goals are:
 +
* Continuosly improving the framework with frequent releases
 +
* Extend the library of predefined annotations
 +
* Create an Eclipse plug-in to simplify the creation of custom annotations and help their insertion in the application code
 +
* Investigate further uses of annotations for input validation
 +
  
 
= Main Links =
 
= Main Links =
 +
 +
Project [http://sourceforge.net/projects/shipvalidator/ DOWNLOAD SITE]
  
 
==== Project Identification ====
 
==== Project Identification ====

Revision as of 04:33, 4 August 2009

Main

[edit]

The project was initially inspired by the input validation framework Heimdall [1], where the main goal is to provide a clear separation between validation and application logic. This separation was achieved by using an XML configuration file defining which tests were to be run on which object properties.

The first step of our project consisted in checking whether the need for an XML external file could be eliminated by using annotations to associate tests and object properties, instead.

After a new input validation framework based on annotations was succesfully implemented, the focus of the project shifted to investigate how far annotations can be pushed for validation purpouses, while keeping their use as intuitive and simple as possible.

At the moment we defined and implemented:

  • composed annotations: which allow the user to compose existing annotations in a boolean fashion to create new tests without the need of writing new code.
  • cross annotations: which allow the user to define tests on multiple object properties, rather than just single ones, which have inter-dependent validation constraints.

Other main features that characterize the framework are:

  • Easy integration in any esisting Java projects
  • High reusability of existing validation tests
  • Possibility of creating new custom annotations with little effort

A slide presentation is available here PDF


The final goal of the project is to create a framework for input validation based on annotations, which is easy to use and will help integrate this aspect of security into both new and existing applications.

Th current goals are:

  • Continuosly improving the framework with frequent releases
  • Extend the library of predefined annotations
  • Create an Eclipse plug-in to simplify the creation of custom annotations and help their insertion in the application code
  • Investigate further uses of annotations for input validation


Subcategories

This category has only the following subcategory.