Spring Security - 1.2
Extension ID
com.castsoftware.springsecurity
What’s new?
Please see Spring Security 1.2 - Release Notes for more information.
Description
In what situation should you install this extension?
This extension provides specific rules for the Spring Security technology. These rules are compliant with CWE and OWASP TOP 10 Standards for Security.
How to identify if an application is using Spring Security?
Check for the presence of the Spring Security Filter in the web.xml file:
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
Check for a dependency of spring-security-web and spring-security-config in the pom.xml file:
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>${spring.version}</version>
</dependency>
Function Point, Quality and Sizing support
This extension provides the following support:
- Function Points (transactions): a green tick indicates that OMG Function Point counting and Transaction Risk Index are supported
- Quality and Sizing: a green tick indicates that CAST can measure size and that a minimum set of Quality Rules exist
Function Points (transactions) | Quality and Sizing |
---|---|
❌ | ✅ |
Compatibility
Core release | Operating System | Supported |
---|---|---|
8.4.x | Microsoft Windows / Linux | ✅ |
8.3.x | Microsoft Windows | ✅ |
Supported Spring Security and Framework versions
This extension is compatible with the following Spring Security and Framework versions:
Item | Version |
---|---|
Spring Security versions | 3.2.0 and above |
Spring Framework versions | 3.2.0 and above |
Packaging, delivering and analyzing your source code
Once the extension is downloaded and installed, there is nothing specific to do: analyze your source code with the JEE Analyzer and the rules will be triggered.
What results can you expect?
Once the analysis/snapshot generation has completed, you can view the results in the normal manner.
Structural rules
The following structural rules are provided: