Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/secure-software-engineering/authcheck

Analysis for access-control vulnerabilities in Java Spring Security applications.
https://github.com/secure-software-engineering/authcheck

access-control authentication authorization java security soot springframework

Last synced: 3 months ago
JSON representation

Analysis for access-control vulnerabilities in Java Spring Security applications.

Host: GitHub
URL: https://github.com/secure-software-engineering/authcheck
Owner: secure-software-engineering
License: mit
Created: 2019-03-25T15:42:15.000Z (almost 6 years ago)
Default Branch: master
Last Pushed: 2022-05-25T06:29:23.000Z (over 2 years ago)
Last Synced: 2024-04-15T22:20:09.591Z (10 months ago)
Topics: access-control, authentication, authorization, java, security, soot, springframework
Language: JavaScript
Size: 11.4 MB
Stars: 13
Watchers: 8
Forks: 5
Open Issues: 2
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# authcheck
Analysis for access-control vulnerabilities in Java Spring Security applications.

Copyright (c) 2019 Secure Software Engineering Group at Paderborn University and Fraunhofer IEM
* http://www.hni.uni-paderborn.de/swt
* https://www.iem.fraunhofer.de/

## contributors
* Tobias Petrasch
* Goran Piskachev
* Abdul Rehman Tareen
* Johannes Späth
* Eric Bodden

Contact: Goran Piskachev ([email protected])

# using authcheck in MacOS or Linux

First, compile the AuthCheck's source, use the following Maven command for that in the context of *./SootAnalysis* directory.
```$ mvn package```

Then, compile demo/example application by using the following Maven command in the context of *./Spring_Examples/demo* directory.
```$ mvn package```

There are two ready-made configuration files *configuration.json* and *input.json* in *./SootAnalysis* directory, which are used for demo analysis of the example application existing in the source. The former file contains various settings for the analysis and the latter contains the input model needed for the analysis.

Before running the authcheck on MacOS or Linux, the *configuration.json* file needs to be modified according to your settings; the attributes *jceJarPath* and *rtJarPath* must include your Java Home path.

After that, in the contex of *./SootAnalysis* directory, the following command can be used to execute authcheck:
```$ java -cp target/Soot-Analysis-1.0-SNAPSHOT-jar-with-dependencies.jar de.fraunhofer.iem.authchecker.Checker configuration.json```

After the successful execution of the above command, the analysis will create the report.html in the *./report* directory, which will contain results and suggestions about the analysis.