Module de.cuioss.http
Package de.cuioss.http.security.monitoring

Class SecurityEventCounter

java.lang.Object
de.cuioss.http.security.monitoring.SecurityEventCounter
public class SecurityEventCounter extends Object
Thread-safe counter for tracking security events by failure type.

This class provides a centralized mechanism for counting security violations, enabling monitoring, alerting, and security analytics. It uses atomic operations and concurrent collections to ensure thread safety without locks.

Design Principles

  • Thread Safety - All operations are atomic and thread-safe
  • Lock-Free - Uses lock-free data structures for performance
  • Memory Efficient - Only allocates counters for observed failure types
  • Non-Blocking - All operations complete in constant time

Usage Examples

 // Create event counter
 SecurityEventCounter counter = new SecurityEventCounter();

 // Increment counters for different failure types
 long pathTraversalCount = counter.increment(UrlSecurityFailureType.PATH_TRAVERSAL_DETECTED);
 long encodingCount = counter.increment(UrlSecurityFailureType.DOUBLE_ENCODING);

 // Query current counts
 long currentCount = counter.getCount(UrlSecurityFailureType.PATH_TRAVERSAL_DETECTED);

 // Get all counts for reporting
 Map<UrlSecurityFailureType, Long> allCounts = counter.getAllCounts();

 // Reset all counters
 counter.reset();

Concurrent Access

This class is designed for high-concurrency environments where multiple threads may be simultaneously incrementing counters for different or the same failure types. All operations are atomic and consistent.

Memory Characteristics

Counters are created lazily - only failure types that have been observed will consume memory. This makes the class efficient even when dealing with the full range of possible UrlSecurityFailureType values.

Implements: Task S1 from HTTP verification specification
Since:
1.0
See Also:

  • Constructor Details

  • Method Details

    • increment

      public long increment(UrlSecurityFailureType failureType)
      Increments the counter for the specified failure type and returns the new count.

      This operation is atomic and thread-safe. If this is the first time the failure type has been observed, a new counter will be created and initialized to 1.

      Parameters:
      failureType - The type of security failure to increment. Must not be null.
      Returns:
      The new count value after incrementing
      Throws:
      NullPointerException - if failureType is null

    • incrementBy

      public long incrementBy(UrlSecurityFailureType failureType, long delta)
      Increments the counter for the specified failure type by the given delta.

      This operation is atomic and thread-safe. If this is the first time the failure type has been observed, a new counter will be created and initialized to the delta value.

      Parameters:
      failureType - The type of security failure to increment. Must not be null.
      delta - The amount to add to the counter. Must be positive.
      Returns:
      The new count value after incrementing
      Throws:
      NullPointerException - if failureType is null
      IllegalArgumentException - if delta is negative

    • getCount

      public long getCount(UrlSecurityFailureType failureType)
      Returns the current count for the specified failure type.

      Returns 0 if no events of this type have been recorded. This operation is thread-safe and returns a consistent snapshot of the counter value.

      Parameters:
      failureType - The failure type to query. Must not be null.
      Returns:
      The current count for the failure type, or 0 if no events recorded
      Throws:
      NullPointerException - if failureType is null

    • getAllCounts

      public Map<UrlSecurityFailureType,Long> getAllCounts()
      Returns a snapshot of all current counts.

      Returns an immutable map containing all observed failure types and their current counts. Only failure types with non-zero counts are included. This is useful for reporting and monitoring purposes.

      Returns:
      An immutable map of failure types to their current counts

    • getTotalCount

      public long getTotalCount()
      Returns the total count across all failure types.

      This method sums all individual counters to provide a total count of security events. Note that this is a snapshot in time and may not be consistent across concurrent modifications.

      Returns:
      The total count of all security events

    • getFailureTypeCount

      public int getFailureTypeCount()
      Returns the number of distinct failure types that have been observed.

      This returns the number of different UrlSecurityFailureType values that have had at least one event recorded.

      Returns:
      The number of distinct failure types with recorded events

    • hasEvents

      public boolean hasEvents(UrlSecurityFailureType failureType)
      Checks if any events have been recorded for the specified failure type.
      Parameters:
      failureType - The failure type to check. Must not be null.
      Returns:
      true if at least one event has been recorded for this failure type
      Throws:
      NullPointerException - if failureType is null

    • hasAnyEvents

      public boolean hasAnyEvents()
      Checks if any security events have been recorded at all.
      Returns:
      true if any security events have been recorded

    • reset

      public void reset(UrlSecurityFailureType failureType)
      Resets the counter for a specific failure type to zero.

      This atomically sets the counter for the specified failure type to zero. If no events have been recorded for this failure type, this operation has no effect.

      Parameters:
      failureType - The failure type to reset. Must not be null.
      Throws:
      NullPointerException - if failureType is null

    • reset

      public void reset()
      Resets all counters to zero.

      This atomically resets all failure type counters to zero. The failure types remain in the internal map but with zero counts. This is useful for periodic reporting cycles where you want to start fresh counts.

    • clear

      public void clear()
      Completely clears all counters and removes failure types from tracking.

      This removes all failure types from the internal map, effectively returning the counter to its initial state. This is more aggressive than reset() as it also frees the memory used by the counter objects.

    • toString

      public String toString()
      Returns a string representation of the counter state.

      This includes the total count and the number of distinct failure types being tracked. It does not include detailed counts to avoid exposing potentially sensitive information.

      Overrides:
      toString in class Object
      Returns:
      A string representation of the counter state