Skip to content

A repository containing code security remediation solutions used by WhiteSource Cure

License

Notifications You must be signed in to change notification settings

whitesource/CureKit

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

95 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

CureKit - WhiteSource Cure Encoding Package

Language Build Status License

CureKit is a security library mostly used by the WhiteSource Cure self-fixing product.

WhiteSource Cure is an innovative solution that automatically generates remediation suggestions for vulnerabilities identified by detection tools in proprietary code. The remediation suggestions are presented on the vulnerable code itself and can be used as-is in your IDE.

CureKit contains encoders and other utilities, critical to the Self-Healing process suggested by WhiteSource Cure. The sanitization methods offered in CureKit offer solutions for security vulnerabilities in your code, such as Cross-Site Scripting, Path Traversal, Os Command Injection and more. These methods rely on OWASP's encoders and best-practice fix recommendations.

Start using the CureKit Sanitizers

You can download a JAR from Maven Central.

The jar is also available in Maven:

<dependency>
    <groupId>io.whitesource</groupId>
    <artifactId>curekit</artifactId>
    <version>1.1.0</version>
</dependency>

Quick Overview

The CureKit Java library is intended for quick contextual encoding with very little overhead, either in performance or usage. To get started, simply add the encoder-1.0.3.jar, import io.whitesource.cure.Encoder and start using.

Example usage:

    PrintWriter out = ....;
        out.println("<textarea>"+Encode.forHtmlXss(userData)+"</textarea>");

About

A repository containing code security remediation solutions used by WhiteSource Cure

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages