Random enum

As a software engineers or software developers we need to test what we are implementing (you have a description of types of tests here). When implementing these tests, we can hardcode the data we are using or, we can randomly generate it what, despite we can think it is going to make our life more difficult when debugging errors, it is going to make it easier in the long run. Our code should not be linked to the data it is processing, it should be generic for the type of data it is expecting.

To do this, the easiest way is to implement or use libraries that implement random generators. One of the most interesting and one it is always forgotten is the random generator for our enums.

In Java, there is an easy way to implement it.

It can be just for one enum class:

private static CarBrand randomCarBrand() {
    return CarBrand.class.getEnumConstants()[new Random().nextInt(CarBrand.class.getEnumConstants().length)];
}

Or, even more interesting, it can be a generic random generator that it receives as a parameter an enum class and return the random value:

public static <T extends Enum<?>> T randomEnum(Class<T> clazz) {
    int x = random.nextInt(clazz.getEnumConstants().length);
    return clazz.getEnumConstants()[x];
}

We can see an example here:

import java.util.Random;

public class RandomEnum {

    public static void main(String[] args) {

        for (int i = 0; i < 10; i++) {
            System.out.println(randomCarBrand());
        }
    }

    private static CarBrand randomCarBrand() {
        return CarBrand.class.getEnumConstants()[new   Random().nextInt(CarBrand.class.getEnumConstants().length)];
    }

    enum CarBrand {
        ARUTI_SUZUKI,
        TATA,
        HONDA,
        HYUNDAI,
        FORD,
        MAHINDRA,
        SKODA,
        ARIEL,
        ASHOK_LEYLAND,
        ASTON_MARTIN,
        AUDI,
        BAJAJ,
        BENTLEY,
        BMW,
    }
}

Do not forget, from know on, if you are not doing it, try to make all your tests, except if you want to test an edge case, random and see how it goes.

Random enum

Checking certificate dates

Sometime, when we are working or doing some investigations in our spare time we need to check the dates a web certificate has, especially, the expiration date. Obviously, we can go to our browser, introduce the desired url and with a few clicks check the issued and expiration dates.

But, there is another way more simple, easier and, in case we need it, we can script.

echo | openssl s_client -servername www.google.co.uk -connect www.google.co.uk:443 2>/dev/null | openssl x509 -noout -dates

This simple command gives us the information we want.

I hope it is useful.

Checking certificate dates

Change file date and time

Sometimes if we need to perform some tests we need some files to have a modification day and time matching our criteria. If we are in a Unix/Linux based system, we can use easily the command line tool “touch”.

An example command will be:

touch -t 01010001 file.txt
touch execution

Extracted from “man touch”. The option “-t” changes the access and modification times to the specified time instead of the current time of day.  The argument is of the form:[[CC]YY]MMDDhhmm[.SS]

Change file date and time

Headless browser

A lot of people do not know but some browsers have a “headless” option we can use to execute operations using the console or terminal. This is useful for scripts, invocations from our applications or anything we can think of.

We just need to execute the next instruction:

firefox --headless --screenshot ~/image.png www.google.com

The result is going to be something like:

Headless browser

Java reflection: Accessing a private field

Sometimes, when we import 3rd-party libraries, we can find cases where the information we want is has been populated in an object but, the property is a private one and there are no methods to recover it. Here, it is where the Java reflection capabilities can help us.

Note: Use reflection carefully and, usually, as a last resource.

Let’s say we have a simple class with a private property:

class A {
    private String value = "value";
}

We want to access the property “value” but, for obvious reasons, we cannot do it.

We can implement our reflection method to access the property value:

import java.lang.reflect.Field;

public class Reflection {

   public static void main(String[] args) throws NoSuchFieldException, IllegalAccessException {
      final A a = new A();
      final Field secureRenegotiationField = a.getClass().getDeclaredField("value");

      secureRenegotiationField.setAccessible(true);

      System.out.println((String) secureRenegotiationField.get(a));
   }
}

With these few lines of code, we will be able to access the value.

Java reflection: Accessing a private field

Groups in Regular Expressions

We cannot discuss the power of regular expression, an amazing tool with unlimited (usually our imagination) capabilities to progress strings. Every developer should, at least, have a basic understanding of them. But, lately, I have realized not a lot of people knows the possibility of creating and labeling “groups”. Groups allow us to access in a very  simple and clear way to the expressions matching our regular expression.

Regular expressions allow us to not just match text but also to extract information for further processing. This is done by defining groups of characters and capturing them using the special parentheses “(” and “)” metacharacters. Any subpattern inside a pair of parentheses will be captured as a group. In practice, this can be used to extract information like phone numbers or emails from all sorts of data.

Here, I am just going to write a little example to show the basic behavior and, I leave to all of you to find the appropriate use cases. In the example, I am going to extract some different hashes for further processing.

public static void main(String[] args) {
    final Pattern HASH_PATTERN = Pattern.compile("^(?<md5>[0-9a-f]{32})(?:/)(?<sha1>[0-9a-f]{40})(?:/)(?<sha256>[0-9a-f]{64})$");
    final Matcher matcher = HASH_PATTERN.matcher("ce114e4501d2f4e2dcea3e17b546f339/a54d88e06612d820bc3be72877c74f257b561b19/c7be1ed902fb8dd4d48997c6452f5d7e509fbcdbe2808b16bcf4edce4c07d14e");

    if (matcher.matches()) {         
        final String md5 = matcher.group("md5");         
        final String sha1 = matcher.group("sha1");         
        final String sha256 = matcher.group("sha256");         
        ...
    }     
    ... 
}

As you can see, the example is pretty simple, it takes one line that contains a string and extracts the MD5, SHA1 and SHA256 hashes. We can see the code is easy to read and understand because everything is using human readable labels not just numbers to access the groups and there is no need to process the string with split operations or similars.

The syntax for the groups is:

(?<name>X)– X, as a named-capturing group

(?:X) – X, as a non-capturing group

With this, we can easily make our code easier to read and maintain when we are extracting information or doing some text processing.

For further information, check the Java documentation: Pattern (Java SE 10 & JDK 10)

Groups in Regular Expressions

Enterprise roles

We are living big times. Companies are changing, evolving, re-inveting themselves and usually all of this happens with the help of technology, think that, luckily, allow us to be involved. But, all these changes have helped the appearance of new or re-invented roles at directive levels in the different companies.

We are hired to get our job done and, sometimes, this job involves to discuss and present our ideas to managers or directives. Here, it is where we fall in this dance of letters and acronyms like CEO, CTO, CISO… A long list of them, and, to do our job properly, we need to know who we should be addressing. We do not want to be losing our time and, I am quite sure, they do not want to lose their time.

For this reason, I have made a small list of these roles and what they mean, just a little help for the most common ones:

For this reason, I have made a small list of these roles and what they mean, just a little help for the most common ones:

CEO (Chief Executive Officer)

He is the executive director, the manager, the highest position in the organizational chart of the organization. It is the final responsible for the actions carried out within the company, its performance and its efficiency.

Its main function is to supervise and ensure that the strategy defined in the company complies with the achievement of the objectives of the organization, in addition to sowing the principles and basic pillars to be followed within the company.

The CEO has an important relationship with the CIO, because the strategies of companies are closely linked to the field of information technology.

CIO (Chief Information Officer)

He is the systems manager or director of information technology. It reports directly to the CEO, and basically ensures that the organization’s strategies are aligned with information technology to achieve the planned objectives.

In addition, it is responsible for improving the information technology processes of the organization, managing risk and business continuity, controlling the cost of information technology infrastructure, aligning information technology governance with technological requirements, and establish improvements and innovations of solutions and products.

CSO (Chief Security Officer)

It is responsible for the security of the organization. The CSO is sometimes called the corporate security officer. We can think that the CISO and the CSO are the same role and that they perform the same functions. In small organizations it is common for both responsibilities to coincide in the same person. But it really is not like that. The role of the CISO is usually more focused on aspects of information security, while the CSO is required to:

  • Have a business vision that understands the risks the organization faces and how to deal with them.
  • Understand the mission and objectives of the company and ensure that all activities are planned and executed to meet those objectives.
  • Understand the regulatory needs, the management of the reputation of the organization and the expectations of the users.
  • Establish business continuity and disaster recovery plans in the field of information technology.
  • Be aware of regulatory changes, should be informed of the consequences for the activities of the organization and proposing appropriate measures to adapt to the new regulatory framework.

When there is CSO and CISO, the CISO reports to the CSO and the CSO to the address.

CTO (Chief Technology Officer)

The role of the CTO in a role similar to the CIO but more “technical”. In this sense, they have identified no less than six different roles that CTOs can play. They intermingle with the functions of the CIO. However, we can say that he is a technical director, being responsible for the day-to-day management of information technologies.

CISO (Chief Information Security Officer)

The CISO (Chief Information Security Officer) is the director of information security. Basically it is a role played at the executive level and its main function is to align the security of information with business objectives. In this way it is guaranteed at all times that the company’s information is adequately protected.

As we said, every day new roles are emerging. Therefore, many of the responsibilities of a position have been modified over the years. However, for the role of CISO we can say that in general, its responsibilities include:

  • Generate and implement information security policies.
  • Guarantee the security and privacy of the data.
  • Supervise the administration of control of access to information.
  • Supervise the regulatory compliance of information security.
  • Responsible for the response team to information security incidents of the organization.
  • Supervise the security architecture of the company’s information.

In general, these are the roles you can hear around more often but a lot more of them exist, i.e. CFO (Chief Financial Officer), CMO (Chief Marketing Officer), CDO (Chief Data Officer or Chief Digital Officer). This last one, probably it is going to show more often every day. As we can see the rule basically is: Chief + + Officer.

Let’s just keep them in mind, next time we need to talk or email someone to do our job.

Post based on: INCIBE

Enterprise roles