Skip to content

DevelopersCoffee/java-cwe-security-skills

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
.github/workflows
.github/workflows
 
 
cwe-113-http-response-splitting
cwe-113-http-response-splitting
 
 
cwe-1333-redos
cwe-1333-redos
 
 
cwe-190-integer-overflow
cwe-190-integer-overflow
 
 
cwe-191-integer-underflow
cwe-191-integer-underflow
 
 
cwe-200-information-exposure
cwe-200-information-exposure
 
 
cwe-209-error-message-exposure
cwe-209-error-message-exposure
 
 
cwe-22-path-traversal
cwe-22-path-traversal
 
 
cwe-259-hardcoded-password
cwe-259-hardcoded-password
 
 
cwe-284-improper-access-control
cwe-284-improper-access-control
 
 
cwe-287-improper-authentication
cwe-287-improper-authentication
 
 
cwe-295-insecure-tls-trust-manager
cwe-295-insecure-tls-trust-manager
 
 
cwe-306-missing-authentication
cwe-306-missing-authentication
 
 
cwe-307-brute-force-protection
cwe-307-brute-force-protection
 
 
cwe-311-non-encrypted-storage
cwe-311-non-encrypted-storage
 
 
cwe-319-cleartext-transmission
cwe-319-cleartext-transmission
 
 
cwe-321-hardcoded-crypto-key
cwe-321-hardcoded-crypto-key
 
 
cwe-326-inadequate-encryption-strength
cwe-326-inadequate-encryption-strength
 
 
cwe-327-weak-cryptography
cwe-327-weak-cryptography
 
 
cwe-328-weak-hash-algorithm
cwe-328-weak-hash-algorithm
 
 
cwe-329-missing-random-iv
cwe-329-missing-random-iv
 
 
cwe-330-weak-prng
cwe-330-weak-prng
 
 
cwe-347-jwt-signature-bypass
cwe-347-jwt-signature-bypass
 
 
cwe-359-privacy-violation
cwe-359-privacy-violation
 
 
cwe-362-race-condition
cwe-362-race-condition
 
 
cwe-367-race-condition-toctou
cwe-367-race-condition-toctou
 
 
cwe-369-divide-by-zero
cwe-369-divide-by-zero
 
 
cwe-377-insecure-temporary-file
cwe-377-insecure-temporary-file
 
 
cwe-400-resource-exhaustion
cwe-400-resource-exhaustion
 
 
cwe-434-unrestricted-file-upload
cwe-434-unrestricted-file-upload
 
 
cwe-501-trust-boundary-violation
cwe-501-trust-boundary-violation
 
 
cwe-522-insufficiently-protected-credentials
cwe-522-insufficiently-protected-credentials
 
 
cwe-532-sensitive-info-in-logs
cwe-532-sensitive-info-in-logs
 
 
cwe-552-files-accessible-externally
cwe-552-files-accessible-externally
 
 
cwe-601-open-redirect
cwe-601-open-redirect
 
 
cwe-606-unchecked-loop-condition
cwe-606-unchecked-loop-condition
 
 
cwe-613-insufficient-session-expiration
cwe-613-insufficient-session-expiration
 
 
cwe-643-xpath-injection
cwe-643-xpath-injection
 
 
cwe-693-missing-security-headers
cwe-693-missing-security-headers
 
 
cwe-732-improper-file-permissions
cwe-732-improper-file-permissions
 
 
cwe-77-command-injection
cwe-77-command-injection
 
 
cwe-776-xml-entity-expansion
cwe-776-xml-entity-expansion
 
 
cwe-78-os-command-injection
cwe-78-os-command-injection
 
 
cwe-780-rsa-without-oaep
cwe-780-rsa-without-oaep
 
 
cwe-79-xss
cwe-79-xss
 
 
cwe-798-hardcoded-credentials
cwe-798-hardcoded-credentials
 
 
cwe-820-unsynchronized-access
cwe-820-unsynchronized-access
 
 
cwe-833-deadlock
cwe-833-deadlock
 
 
cwe-89-sql-injection
cwe-89-sql-injection
 
 
cwe-90-ldap-injection
cwe-90-ldap-injection
 
 
cwe-91-xml-injection
cwe-91-xml-injection
 
 
cwe-917-expression-language-injection
cwe-917-expression-language-injection
 
 
cwe-93-crlf-injection
cwe-93-crlf-injection
 
 
cwe-94-code-injection
cwe-94-code-injection
 
 
docs
docs
 
 
scripts
scripts
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
SKILL.md
SKILL.md
 
 
index.md
index.md
 
 
mkdocs.yml
mkdocs.yml
 
 

Repository files navigation

🛡️ Java CWE Security Skills

The Largest Open-Source AI Security Skill Library for Java

Install with npx skills Skills Count License: MIT

Claude Code GitHub Copilot Cursor Augment 40+ Agents

Deterministic Vulnerable → Secure code transformations for AI coding assistants

Quick Start | All Skills | How It Works | Contributing

🚀 Quick Start

Install All 53 Skills (Recommended)

npx skills add DevelopersCoffee/java-cwe-security-skills --all

Install to Specific Agents

# Claude Code only
npx skills add DevelopersCoffee/java-cwe-security-skills --all -a claude-code

# Multiple agents
npx skills add DevelopersCoffee/java-cwe-security-skills --all -a claude-code -a cursor -a augment

Install Specific Skills

# List available skills
npx skills add DevelopersCoffee/java-cwe-security-skills --list

# Install specific skills
npx skills add DevelopersCoffee/java-cwe-security-skills \
  --skill cwe-89-sql-injection \
  --skill cwe-79-xss

🎯 What This Library Does

This repository provides 53 deterministic remediation patterns for common Java security vulnerabilities. Each skill contains:

  • Vulnerable Code - The exact insecure pattern to identify
  • Secure Code - The deterministic fix to apply
  • 📖 Explanation - Why the vulnerability exists and how the fix works

Why Deterministic?

AI coding assistants can hallucinate fixes. Our skills provide exact code transformations that eliminate guesswork:

// ❌ VULNERABLE - SQL Injection (CWE-89)
String query = "SELECT * FROM users WHERE id = " + userId;
Statement stmt = conn.createStatement();
ResultSet rs = stmt.executeQuery(query);

// ✅ SECURE - Parameterized Query
String query = "SELECT * FROM users WHERE id = ?";
PreparedStatement pstmt = conn.prepareStatement(query);
pstmt.setString(1, userId);
ResultSet rs = pstmt.executeQuery();

📋 Available Skills

Category CWEs Covered
Injection CWE-77, 78, 89, 90, 91, 93, 94, 643, 917
XSS & Output CWE-79, 113
Authentication CWE-287, 295, 306, 307, 522, 798
Authorization CWE-284, 501
Cryptography CWE-259, 321, 326, 327, 328, 329, 330, 780
Data Protection CWE-200, 209, 311, 319, 359, 532
File Handling CWE-22, 377, 434, 552, 732
Session Management CWE-347, 613
Concurrency CWE-362, 367, 820, 833
Resource Management CWE-190, 191, 369, 400, 606, 1333
XML Security CWE-776
Web Security CWE-601, 693

📄 View Complete Index →

🔧 How It Works

  1. Install skills to your AI agent using npx skills
  2. Agent loads skill descriptions into context
  3. When reviewing code, the agent matches vulnerability patterns
  4. Skill activates and provides deterministic remediation

Each skill uses the "Use this skill when..." trigger pattern for accurate activation.

🤝 Contributing

We welcome contributions! To add a new CWE skill:

  1. Fork this repository
  2. Create a folder: cwe-XXX-vulnerability-name/
  3. Add SKILL.md following the existing template
  4. Submit a Pull Request

📚 Sources

📄 License

MIT License - see LICENSE for details.

Built with ❤️ by DevelopersCoffee

Star this repo if it helps secure your Java applications!

GitHub Stars

About

Deterministic Java security remediation skills mapped to MITRE CWE vulnerabilities for AI coding agents and DevSecOps platforms.

developerscoffee.github.io/java-cwe-security-skills/

Topics

java security skills owasp vulnerability cwe secure-coding devsecops ai-agents sast ai-security codeql vulnerability-remediation ai-skills augment-code

Resources

Readme

License

View license

Contributing

Contributing
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages