Created
March 6, 2019 06:56
-
-
Save arjunKumbakkara/18826e1a67b00468a16101de2e8acedb to your computer and use it in GitHub Desktop.
Loops through a given JSON and does field by field verification against a set of configured Security tags
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import java.util.ArrayList; | |
import java.util.Arrays; | |
import java.util.HashMap; | |
import java.util.Iterator; | |
import java.util.List; | |
import java.util.Map; | |
import java.util.Set; | |
import javax.servlet.http.HttpServletRequest; | |
import org.apache.logging.log4j.LogManager; | |
import org.apache.logging.log4j.Logger; | |
import com.google.gson.JsonArray; | |
import com.google.gson.JsonElement; | |
import com.google.gson.JsonObject; | |
import com.google.gson.JsonParser; | |
import com.sixdee.imp.jwt.exceptions.SecurityContractViolationException; | |
/** | |
* @author Arjun Kumbakkara | |
* @version 1.0.0 | 6thMarch,2019| | |
* @author(arjunkumbakkara.github.io)|JSON Parsing/Verification field wise. | |
*/ | |
public class SecurityContractCheck { | |
private Logger logger = LogManager.getLogger(SecurityContractCheck.class.getName()); | |
//Test it Here | |
/*public static void main(String[] args) { | |
String test1= "{ \"max_page\": 2,\"posts\": {\"3111623007\": {\"id_post\": 3111623007,\"media_align\": \"float_left\",\"tags\": [],\"nb_comments\": 24},\"3114564209\": {\"id_post\": 3114564209, \"media_align\": \"float_left\",\"tags\": [],\"nb_comments\": 33 }, \"3116902311\": {\"id_post\": 3116902311,\"media_align\": \"float_left\", \"tags\": [], \"nb_comments\": 29 }}}"; | |
String jsonStr = "{ \"dataArray\": [{ \"A\": \"a\", \"B\": \"b\", \"C\": \"c\" }, { \"A\": \"a1\", \"B\": \"b2\", \"C\": \"c3\" }] }"; | |
Map<String, Object> testr=createJsonFieldMapping(test1); | |
for (Map.Entry<String, Object> entry : testr.entrySet()) | |
System.out.println("Key = " + entry.getKey() + | |
", Value = " + entry.getValue()); | |
}*/ | |
public HashMap<String, Object> createJsonFieldMapping(String json) { | |
JsonParser parser = new JsonParser(); | |
JsonObject object = (JsonObject) parser.parse(json); | |
Set<Map.Entry<String, JsonElement>> set = object.entrySet(); | |
HashMap<String, Object> map = new HashMap<String, Object>(); | |
Iterator<Map.Entry<String, JsonElement>> iterator = set.iterator(); | |
/*while(iterator.hasNext()){ | |
System.out.println(""+iterator.next()); | |
}*/ | |
while (iterator.hasNext()) { | |
Map.Entry<String, JsonElement> entry = iterator.next(); | |
String key = entry.getKey(); | |
JsonElement value = entry.getValue(); | |
if (null != value) { | |
if (!value.isJsonPrimitive()) { | |
if (value.isJsonObject()) { | |
System.out.println(""+key+"|"+value.toString()); | |
map.put(key, createJsonFieldMapping(value.toString())); | |
} else if (value.isJsonArray() && value.toString().contains(":")) { | |
List<HashMap<String, Object>> list = new ArrayList<>(); | |
JsonArray array = value.getAsJsonArray(); | |
if (null != array) { | |
for (JsonElement element : array) { | |
list.add(createJsonFieldMapping(element.toString())); | |
} | |
map.put(key, list); | |
} | |
} else if (value.isJsonArray() && !value.toString().contains(":")) { | |
map.put(key, value.getAsJsonArray()); | |
} | |
} else { | |
logger.debug(""+key+"|"+value.getAsString()); | |
if(checkForSecurityViolation(value.getAsString())) { | |
map.put(key, value.getAsString()); | |
}else { | |
throw new SecurityContractViolationException("Value to the key"+key+" : "+value.getAsString()+" is found as a Security contract violation(Suspected SQL Injection).Request aborted."); | |
} | |
} | |
} | |
} | |
return map; | |
} | |
public void isSecure(String json,HttpServletRequest req){ | |
logger.info("Layer:SecurityContractIntegrityCheck|Method:isSecure--> Flow advances with |SQL INJECTION| & |FORMULA INJECTION| Screening. "); | |
createJsonFieldMapping(json); | |
logger.info("Layer:SecurityContractIntegrityCheck|Method:isSecure--> Flow advanced with with Enforced Authority Screening. "); | |
} | |
public boolean checkForSecurityViolation(String valueToBeChecked){ | |
boolean isValid=true; | |
if(containsAnyFromTheList(valueToBeChecked,GlobalCache.SECURITY_LAYER_CHECK_CONSTANTS)){ | |
isValid=false; | |
} | |
return isValid; | |
} | |
public boolean containsAnyFromTheList(String inputStr, String[] securityConstants) { | |
return Arrays.stream(securityConstants).parallel().anyMatch(inputStr::contains); | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment