Module de.cuioss.http

Package de.cuioss.http.security.validation

@NullMarked package de.cuioss.http.security.validation

Individual validation stages for HTTP security checking.

This package contains the implementation of specific validation stages that can be composed into validation pipelines. Each stage focuses on a specific aspect of security validation and follows the fail-fast principle.

Validation Stages

• LengthValidationStage - Input length and depth validation (first stage)
• CharacterValidationStage - Character set and encoding validation
• DecodingStage - URL decoding and encoding attack detection
• NormalizationStage - Path normalization and canonicalization
• PatternMatchingStage - Attack pattern detection
• CharacterValidationConstants - RFC-compliant character sets

Design Principles

• Immutability - All stages are immutable after construction
• Thread Safety - Safe for concurrent use without synchronization
• Performance - Optimized for <1ms validation times
• Composability - Stages can be combined in different pipelines

Usage Example

 // Individual stage usage
 LengthValidationStage lengthStage = new LengthValidationStage(config, ValidationType.URL_PATH);
 CharacterValidationStage charStage = new CharacterValidationStage(config, ValidationType.URL_PATH);

 String input = "/api/../../../etc/passwd";
 try {
     String checked = lengthStage.validate(input);
     String validated = charStage.validate(checked);
 } catch (UrlSecurityException e) {
     // Handle security violation
 }
 

Package Nullability

This package follows strict nullability conventions using JSpecify annotations:

• All parameters and return values are non-null by default
• Nullable parameters and return values are explicitly annotated with @Nullable

Since:

1.0

See Also:

• de.cuioss.http.security.pipeline
• HttpSecurityValidator

Class	Description
CharacterValidationConstants	RFC-compliant character set definitions for HTTP component validation.
CharacterValidationStage	Character validation stage that enforces RFC-compliant character sets for HTTP components.
DecodingStage	HTTP protocol-layer decoding validation stage with security checks.
LengthValidationStage	Length validation stage with configurable limits for HTTP components.
NormalizationStage	Path normalization validation stage with security checks.
PatternMatchingStage	Pattern matching validation stage for detecting malicious attack patterns.