Module de.cuioss.http

Package de.cuioss.http.security.pipeline

Class URLParameterValidationPipeline

java.lang.Object

de.cuioss.http.security.pipeline.AbstractValidationPipeline

de.cuioss.http.security.pipeline.URLParameterValidationPipeline

All Implemented Interfaces:

HttpSecurityValidator

public final class URLParameterValidationPipeline
extends AbstractValidationPipeline

Sequential validation pipeline specifically for URL parameter components.

Validation Sequence

1. Length Validation - Enforces maximum parameter length limits
2. Character Validation - Validates RFC 3986 query characters
3. Decoding - URL decodes with security checks
4. Normalization - Parameter normalization and security checks
5. Pattern Matching - Detects injection attacks and suspicious patterns

Design Principles

• Sequential Execution - Each stage processes the output of the previous stage
• Early Termination - Pipeline stops on first security violation
• Security First - Validates before any transformation
• Immutable - Thread-safe pipeline instance

Usage Example

 SecurityConfiguration config = SecurityConfiguration.defaults();
 SecurityEventCounter counter = new SecurityEventCounter();

 URLParameterValidationPipeline pipeline = new URLParameterValidationPipeline(config, counter);

 try {
     String safeParam = pipeline.validate("user_id=123");
     // Use safeParam for processing
 } catch (UrlSecurityException e) {
     // Handle security violation
     log.warn("Parameter validation failed: {}", e.getMessage());
 }
 

Implements: Task P2 from HTTP verification specification

Since:

1.0

Field Summary

Fields inherited from class de.cuioss.http.security.pipeline.AbstractValidationPipeline

eventCounter, stages

Constructor Summary

Constructors

Constructor	Description
URLParameterValidationPipeline(SecurityConfiguration config, SecurityEventCounter eventCounter)	Creates a new URL parameter validation pipeline with the specified configuration.

Method Summary

Modifier and Type	Method	Description
ValidationType	getValidationType()	Returns the validation type handled by this pipeline.

Methods inherited from class de.cuioss.http.security.pipeline.AbstractValidationPipeline

validate

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface de.cuioss.http.security.core.HttpSecurityValidator

andThen, compose, when

Constructor Details

URLParameterValidationPipeline

public URLParameterValidationPipeline(SecurityConfiguration config,
 SecurityEventCounter eventCounter)

Creates a new URL parameter validation pipeline with the specified configuration.

Parameters:

config - The security configuration to use

eventCounter - The counter for tracking security events

Throws:

NullPointerException - if config or eventCounter is null

Method Details

getValidationType

public ValidationType getValidationType()

Description copied from class: AbstractValidationPipeline

Returns the validation type handled by this pipeline.

Specified by:

getValidationType in class AbstractValidationPipeline

Returns:

The validation type for this pipeline