de.cuioss.http.security.pipeline.AbstractValidationPipeline

de.cuioss.http.security.pipeline.URLPathValidationPipeline

All Implemented Interfaces:: HttpSecurityValidator

public final class URLPathValidationPipeline extends AbstractValidationPipeline

Sequential validation pipeline specifically for URL path components.

Validation Sequence

Length Validation - Enforces maximum path length limits
Character Validation - Validates RFC 3986 path characters
Decoding - URL decodes with security checks
Normalization - Path normalization and traversal detection
Pattern Matching - Detects injection attacks and suspicious patterns

Design Principles

Sequential Execution - Each stage processes the output of the previous stage
Early Termination - Pipeline stops on first security violation
Security First - Validates before any transformation
Immutable - Thread-safe pipeline instance

Usage Example

 SecurityConfiguration config = SecurityConfiguration.defaults();
 SecurityEventCounter counter = new SecurityEventCounter();

 URLPathValidationPipeline pipeline = new URLPathValidationPipeline(config, counter);

 try {
     String safePath = pipeline.validate("/api/users/123");
     // Use safePath for processing
 } catch (UrlSecurityException e) {
     // Handle security violation
     log.warn("Path validation failed: {}", e.getMessage());
 }

Implements: Task P1 from HTTP verification specification

Since:: 1.0

Field Summary

Fields inherited from class de.cuioss.http.security.pipeline.AbstractValidationPipeline
eventCounter, stages
Constructor Summary

Constructors

Constructor

Description

URLPathValidationPipeline(SecurityConfiguration config, SecurityEventCounter eventCounter)

Creates a new URL path validation pipeline with the specified configuration.
Method Summary

Modifier and Type

Method

Description

ValidationType

getValidationType()

Returns the validation type handled by this pipeline.

Methods inherited from class de.cuioss.http.security.pipeline.AbstractValidationPipeline
validate

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface de.cuioss.http.security.core.HttpSecurityValidator
andThen, compose, when

Constructor Details
- URLPathValidationPipeline
  
  public URLPathValidationPipeline(SecurityConfiguration config, SecurityEventCounter eventCounter)
  
  Creates a new URL path validation pipeline with the specified configuration.
  
  Parameters:
  
  config - The security configuration to use
  
  eventCounter - The counter for tracking security events
  
  Throws:
  
  NullPointerException - if config or eventCounter is null
Method Details
- getValidationType
  
  public ValidationType getValidationType()
  
  Description copied from class: AbstractValidationPipeline
  
  Returns the validation type handled by this pipeline.
  
  Specified by:
  
  getValidationType in class AbstractValidationPipeline
  
  Returns:
  
  The validation type for this pipeline

Class URLPathValidationPipeline

Validation Sequence

Design Principles

Usage Example

Field Summary

Fields inherited from class de.cuioss.http.security.pipeline.AbstractValidationPipeline

Constructor Summary

Method Summary

Methods inherited from class de.cuioss.http.security.pipeline.AbstractValidationPipeline

Methods inherited from class java.lang.Object

Methods inherited from interface de.cuioss.http.security.core.HttpSecurityValidator

Constructor Details

URLPathValidationPipeline

Method Details

getValidationType