arjunKumbakkara/SecurityContractCheck.java

## SecurityContractCheck.java
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import com.google.gson.JsonArray;
import com.google.gson.JsonElement;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import com.sixdee.imp.jwt.exceptions.SecurityContractViolationException;
/**
 * @author Arjun Kumbakkara
 * @version 1.0.0 | 6thMarch,2019|
 * @author(arjunkumbakkara.github.io)|JSON Parsing/Verification field wise.
 */
public class SecurityContractCheck {

	private Logger logger = LogManager.getLogger(SecurityContractCheck.class.getName());

	//Test it Here
	/*public static void main(String[] args) {
		String test1= "{ \"max_page\": 2,\"posts\":  {\"3111623007\":  {\"id_post\": 3111623007,\"media_align\": \"float_left\",\"tags\":  [],\"nb_comments\": 24},\"3114564209\":  {\"id_post\": 3114564209, \"media_align\": \"float_left\",\"tags\":  [],\"nb_comments\": 33 }, \"3116902311\":  {\"id_post\": 3116902311,\"media_align\": \"float_left\", \"tags\":  [], \"nb_comments\": 29 }}}";
		String jsonStr = "{         \"dataArray\": [{              \"A\": \"a\",                \"B\": \"b\",               \"C\": \"c\"            }, {                \"A\": \"a1\",              \"B\": \"b2\",              \"C\": \"c3\"           }]      }";
		Map<String, Object> testr=createJsonFieldMapping(test1);
		for (Map.Entry<String, Object> entry : testr.entrySet())
			System.out.println("Key = " + entry.getKey() +
					", Value = " + entry.getValue());
	}*/

	public HashMap<String, Object> createJsonFieldMapping(String json) {
		JsonParser parser = new JsonParser();
		JsonObject object = (JsonObject) parser.parse(json);
		Set<Map.Entry<String, JsonElement>> set = object.entrySet();
		HashMap<String, Object> map = new HashMap<String, Object>();
		Iterator<Map.Entry<String, JsonElement>> iterator = set.iterator();
		/*while(iterator.hasNext()){
	    	System.out.println(""+iterator.next());
	    }*/
		while (iterator.hasNext()) {
			Map.Entry<String, JsonElement> entry = iterator.next();
			String key = entry.getKey();
			JsonElement value = entry.getValue();
			if (null != value) {
				if (!value.isJsonPrimitive()) {
					if (value.isJsonObject()) {
						System.out.println(""+key+"|"+value.toString());
						map.put(key, createJsonFieldMapping(value.toString()));
					} else if (value.isJsonArray() && value.toString().contains(":")) {

						List<HashMap<String, Object>> list = new ArrayList<>();
						JsonArray array = value.getAsJsonArray();
						if (null != array) {
							for (JsonElement element : array) {
								list.add(createJsonFieldMapping(element.toString()));
							}
							map.put(key, list);
						}
					} else if (value.isJsonArray() && !value.toString().contains(":")) {
						map.put(key, value.getAsJsonArray());
					}
				} else {
					logger.debug(""+key+"|"+value.getAsString());
					if(checkForSecurityViolation(value.getAsString())) {
						map.put(key, value.getAsString());
					}else {
						throw new SecurityContractViolationException("Value to the key"+key+" : "+value.getAsString()+" is found as a Security contract violation(Suspected SQL Injection).Request aborted.");
					}
				}
			}
		}
		return map;
	}

	public void isSecure(String json,HttpServletRequest req){
		logger.info("Layer:SecurityContractIntegrityCheck|Method:isSecure-->  Flow advances with |SQL INJECTION| &  |FORMULA INJECTION| Screening. ");
		createJsonFieldMapping(json);
		logger.info("Layer:SecurityContractIntegrityCheck|Method:isSecure-->  Flow advanced with with Enforced Authority Screening. ");

	}

	public boolean checkForSecurityViolation(String valueToBeChecked){
		boolean isValid=true;
		if(containsAnyFromTheList(valueToBeChecked,GlobalCache.SECURITY_LAYER_CHECK_CONSTANTS)){
			isValid=false;
		}
		return isValid;
	}
	public boolean containsAnyFromTheList(String inputStr, String[] securityConstants) {
		return Arrays.stream(securityConstants).parallel().anyMatch(inputStr::contains);
	}


}
	import java.util.ArrayList;
	import java.util.Arrays;
	import java.util.HashMap;
	import java.util.Iterator;
	import java.util.List;
	import java.util.Map;
	import java.util.Set;
	import javax.servlet.http.HttpServletRequest;
	import org.apache.logging.log4j.LogManager;
	import org.apache.logging.log4j.Logger;
	import com.google.gson.JsonArray;
	import com.google.gson.JsonElement;
	import com.google.gson.JsonObject;
	import com.google.gson.JsonParser;
	import com.sixdee.imp.jwt.exceptions.SecurityContractViolationException;
	/**
	* @author Arjun Kumbakkara
	* @version 1.0.0 \| 6thMarch,2019\|
	* @author(arjunkumbakkara.github.io)\|JSON Parsing/Verification field wise.
	*/
	public class SecurityContractCheck {

	private Logger logger = LogManager.getLogger(SecurityContractCheck.class.getName());

	//Test it Here
	/*public static void main(String[] args) {
	String test1= "{ \"max_page\": 2,\"posts\": {\"3111623007\": {\"id_post\": 3111623007,\"media_align\": \"float_left\",\"tags\": [],\"nb_comments\": 24},\"3114564209\": {\"id_post\": 3114564209, \"media_align\": \"float_left\",\"tags\": [],\"nb_comments\": 33 }, \"3116902311\": {\"id_post\": 3116902311,\"media_align\": \"float_left\", \"tags\": [], \"nb_comments\": 29 }}}";
	String jsonStr = "{ \"dataArray\": [{ \"A\": \"a\", \"B\": \"b\", \"C\": \"c\" }, { \"A\": \"a1\", \"B\": \"b2\", \"C\": \"c3\" }] }";
	Map<String, Object> testr=createJsonFieldMapping(test1);
	for (Map.Entry<String, Object> entry : testr.entrySet())
	System.out.println("Key = " + entry.getKey() +
	", Value = " + entry.getValue());
	}*/

	public HashMap<String, Object> createJsonFieldMapping(String json) {
	JsonParser parser = new JsonParser();
	JsonObject object = (JsonObject) parser.parse(json);
	Set<Map.Entry<String, JsonElement>> set = object.entrySet();
	HashMap<String, Object> map = new HashMap<String, Object>();
	Iterator<Map.Entry<String, JsonElement>> iterator = set.iterator();
	/*while(iterator.hasNext()){
	System.out.println(""+iterator.next());
	}*/
	while (iterator.hasNext()) {
	Map.Entry<String, JsonElement> entry = iterator.next();
	String key = entry.getKey();
	JsonElement value = entry.getValue();
	if (null != value) {
	if (!value.isJsonPrimitive()) {
	if (value.isJsonObject()) {
	System.out.println(""+key+"\|"+value.toString());
	map.put(key, createJsonFieldMapping(value.toString()));
	} else if (value.isJsonArray() && value.toString().contains(":")) {

	List<HashMap<String, Object>> list = new ArrayList<>();
	JsonArray array = value.getAsJsonArray();
	if (null != array) {
	for (JsonElement element : array) {
	list.add(createJsonFieldMapping(element.toString()));
	}
	map.put(key, list);
	}
	} else if (value.isJsonArray() && !value.toString().contains(":")) {
	map.put(key, value.getAsJsonArray());
	}
	} else {
	logger.debug(""+key+"\|"+value.getAsString());
	if(checkForSecurityViolation(value.getAsString())) {
	map.put(key, value.getAsString());
	}else {
	throw new SecurityContractViolationException("Value to the key"+key+" : "+value.getAsString()+" is found as a Security contract violation(Suspected SQL Injection).Request aborted.");
	}
	}
	}
	}
	return map;
	}

	public void isSecure(String json,HttpServletRequest req){
	logger.info("Layer:SecurityContractIntegrityCheck\|Method:isSecure--> Flow advances with \|SQL INJECTION\| & \|FORMULA INJECTION\| Screening. ");
	createJsonFieldMapping(json);
	logger.info("Layer:SecurityContractIntegrityCheck\|Method:isSecure--> Flow advanced with with Enforced Authority Screening. ");

	}

	public boolean checkForSecurityViolation(String valueToBeChecked){
	boolean isValid=true;
	if(containsAnyFromTheList(valueToBeChecked,GlobalCache.SECURITY_LAYER_CHECK_CONSTANTS)){
	isValid=false;
	}
	return isValid;
	}
	public boolean containsAnyFromTheList(String inputStr, String[] securityConstants) {
	return Arrays.stream(securityConstants).parallel().anyMatch(inputStr::contains);
	}


	}