SecurityService.java

package com.popx.servizio;

import org.mindrot.jbcrypt.BCrypt;

public class SecurityService {

    /*@
      @ public normal_behavior
      @ requires password != null && !password.isEmpty();
      @
      @ // L’hash è sempre non nullo e diverso dalla password in chiaro
      @ ensures \result != null;
      @ ensures !\result.equals(password);
      @
      @ // Un hash valido BCrypt inizia sempre con "$2"
      @ ensures \result.startsWith("$2");
      @*/
    public static String hashPassword(String password) {
        int costFactor = 12;
        String salt = BCrypt.gensalt(costFactor);
        return BCrypt.hashpw(password, salt);
    }

    /*@
      @ public normal_behavior
      @ requires password != null && !password.isEmpty();
      @ requires hashedPassword != null && !hashedPassword.isEmpty();
      @
      @ // L’output è sempre booleano
      @ ensures \result == true || \result == false;
      @*/
    public static boolean checkPassword(String password, String hashedPassword) {
        return BCrypt.checkpw(password, hashedPassword);
    }
}




Active mutators

CONDITIONALS_BOUNDARY
EMPTY_RETURNS
FALSE_RETURNS
INCREMENTS
INVERT_NEGS
MATH
NEGATE_CONDITIONALS
NULL_RETURNS
PRIMITIVE_RETURNS
TRUE_RETURNS
VOID_METHOD_CALLS

Tests examined

com.popx.unit.servizio.SecurityServiceTest.[engine:junit-jupiter]/[class:com.popx.unit.servizio.SecurityServiceTest]/[method:checkPassword_correctPassword_returnsTrue()] (421 ms)
com.popx.unit.servizio.SecurityServiceTest.[engine:junit-jupiter]/[class:com.popx.unit.servizio.SecurityServiceTest]/[method:checkPassword_wrongPassword_returnsFalse()] (432 ms)
com.popx.integration.servizio.AuthenticationServiceTest.[engine:junit-jupiter]/[class:com.popx.integration.servizio.AuthenticationServiceTest]/[method:registerAndLogin_successful()] (430 ms)
com.popx.integration.servizio.AuthenticationServiceTest.[engine:junit-jupiter]/[class:com.popx.integration.servizio.AuthenticationServiceTest]/[method:login_wrongPassword_fails()] (432 ms)
com.popx.unit.servizio.SecurityServiceTest.[engine:junit-jupiter]/[class:com.popx.unit.servizio.SecurityServiceTest]/[method:hashPassword_returnsValidBcryptHash()] (211 ms)
com.popx.integration.persistenza.UserDAOImplTest.[engine:junit-jupiter]/[class:com.popx.integration.persistenza.UserDAOImplTest]/[method:saveUser_success_and_getUserByEmail_returnsUser()] (229 ms)
com.popx.integration.servizio.AuthenticationServiceTest.[engine:junit-jupiter]/[class:com.popx.integration.servizio.AuthenticationServiceTest]/[method:register_existingUser_fails()] (228 ms)
com.popx.integration.persistenza.UserDAOImplTest.[engine:junit-jupiter]/[class:com.popx.integration.persistenza.UserDAOImplTest]/[method:saveUser_duplicateEmail_throwsSQLException()] (430 ms)

Report generated by PIT 1.15.2

1		package com.popx.servizio;
2
3		import org.mindrot.jbcrypt.BCrypt;
4
5		public class SecurityService {
6
7		/*@
8		@ public normal_behavior
9		@ requires password != null && !password.isEmpty();
10		@
11		@ // L’hash è sempre non nullo e diverso dalla password in chiaro
12		@ ensures \result != null;
13		@ ensures !\result.equals(password);
14		@
15		@ // Un hash valido BCrypt inizia sempre con "$2"
16		@ ensures \result.startsWith("$2");
17		@*/
18		public static String hashPassword(String password) {
19		int costFactor = 12;
20		String salt = BCrypt.gensalt(costFactor);
21	1 1. hashPassword : replaced return value with "" for com/popx/servizio/SecurityService::hashPassword → KILLED	return BCrypt.hashpw(password, salt);
22		}
23
24		/*@
25		@ public normal_behavior
26		@ requires password != null && !password.isEmpty();
27		@ requires hashedPassword != null && !hashedPassword.isEmpty();
28		@
29		@ // L’output è sempre booleano
30		@ ensures \result == true \|\| \result == false;
31		@*/
32		public static boolean checkPassword(String password, String hashedPassword) {
33	2 1. checkPassword : replaced boolean return with false for com/popx/servizio/SecurityService::checkPassword → KILLED 2. checkPassword : replaced boolean return with true for com/popx/servizio/SecurityService::checkPassword → KILLED	return BCrypt.checkpw(password, hashedPassword);
34		}
35		}
		Mutations
21		1.1 Location : hashPassword Killed by : com.popx.unit.servizio.SecurityServiceTest.[engine:junit-jupiter]/[class:com.popx.unit.servizio.SecurityServiceTest]/[method:hashPassword_returnsValidBcryptHash()] replaced return value with "" for com/popx/servizio/SecurityService::hashPassword → KILLED
33		1.1 Location : checkPassword Killed by : com.popx.unit.servizio.SecurityServiceTest.[engine:junit-jupiter]/[class:com.popx.unit.servizio.SecurityServiceTest]/[method:checkPassword_correctPassword_returnsTrue()] replaced boolean return with false for com/popx/servizio/SecurityService::checkPassword → KILLED 2.2 Location : checkPassword Killed by : com.popx.unit.servizio.SecurityServiceTest.[engine:junit-jupiter]/[class:com.popx.unit.servizio.SecurityServiceTest]/[method:checkPassword_wrongPassword_returnsFalse()] replaced boolean return with true for com/popx/servizio/SecurityService::checkPassword → KILLED

SecurityService.java

Mutations

Active mutators

Tests examined