java

package
v0.1.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 27, 2026 License: GPL-3.0 Imports: 1 Imported by: 0

Documentation

Overview

Package java - annotations.go provides Java annotation to source type mappings This centralizes all annotation-based input source detection for Java frameworks

Package java - frameworks.go provides Java framework pattern registry All Java framework patterns should be registered here

Index

Constants

This section is empty.

Variables

View Source 
var Definitions = []common.Definition{

	{
		Name:         "request.getParameter()",
		Pattern:      `\.getParameter\s*\(`,
		Language:     "java",
		Labels:       []common.InputLabel{common.LabelHTTPGet, common.LabelHTTPPost, common.LabelUserInput},
		Description:  "HTTP request parameter",
		NodeTypes:    []string{"method_invocation"},
		KeyExtractor: `\.getParameter\s*\(\s*"([^"]+)"`,
	},
	{
		Name:        "request.getParameterValues()",
		Pattern:     `\.getParameterValues\s*\(`,
		Language:    "java",
		Labels:      []common.InputLabel{common.LabelHTTPGet, common.LabelHTTPPost, common.LabelUserInput},
		Description: "HTTP request parameter array",
		NodeTypes:   []string{"method_invocation"},
	},
	{
		Name:        "request.getParameterMap()",
		Pattern:     `\.getParameterMap\s*\(`,
		Language:    "java",
		Labels:      []common.InputLabel{common.LabelHTTPGet, common.LabelHTTPPost, common.LabelUserInput},
		Description: "All HTTP request parameters",
		NodeTypes:   []string{"method_invocation"},
	},
	{
		Name:         "request.getHeader()",
		Pattern:      `\.getHeader\s*\(`,
		Language:     "java",
		Labels:       []common.InputLabel{common.LabelHTTPHeader, common.LabelUserInput},
		Description:  "HTTP request header",
		NodeTypes:    []string{"method_invocation"},
		KeyExtractor: `\.getHeader\s*\(\s*"([^"]+)"`,
	},
	{
		Name:        "request.getHeaders()",
		Pattern:     `\.getHeaders\s*\(`,
		Language:    "java",
		Labels:      []common.InputLabel{common.LabelHTTPHeader, common.LabelUserInput},
		Description: "HTTP request headers",
		NodeTypes:   []string{"method_invocation"},
	},
	{
		Name:        "request.getInputStream()",
		Pattern:     `\.getInputStream\s*\(`,
		Language:    "java",
		Labels:      []common.InputLabel{common.LabelHTTPBody, common.LabelUserInput},
		Description: "HTTP request body stream",
		NodeTypes:   []string{"method_invocation"},
	},
	{
		Name:        "request.getReader()",
		Pattern:     `\.getReader\s*\(`,
		Language:    "java",
		Labels:      []common.InputLabel{common.LabelHTTPBody, common.LabelUserInput},
		Description: "HTTP request body reader",
		NodeTypes:   []string{"method_invocation"},
	},
	{
		Name:        "request.getCookies()",
		Pattern:     `\.getCookies\s*\(`,
		Language:    "java",
		Labels:      []common.InputLabel{common.LabelHTTPCookie, common.LabelUserInput},
		Description: "HTTP cookies",
		NodeTypes:   []string{"method_invocation"},
	},
	{
		Name:        "request.getQueryString()",
		Pattern:     `\.getQueryString\s*\(`,
		Language:    "java",
		Labels:      []common.InputLabel{common.LabelHTTPGet, common.LabelUserInput},
		Description: "HTTP query string",
		NodeTypes:   []string{"method_invocation"},
	},
	{
		Name:        "request.getRequestURI()",
		Pattern:     `\.getRequestURI\s*\(`,
		Language:    "java",
		Labels:      []common.InputLabel{common.LabelHTTPGet, common.LabelUserInput},
		Description: "HTTP request URI",
		NodeTypes:   []string{"method_invocation"},
	},
	{
		Name:        "request.getRequestURL()",
		Pattern:     `\.getRequestURL\s*\(`,
		Language:    "java",
		Labels:      []common.InputLabel{common.LabelHTTPGet, common.LabelUserInput},
		Description: "HTTP request URL",
		NodeTypes:   []string{"method_invocation"},
	},
	{
		Name:        "request.getPathInfo()",
		Pattern:     `\.getPathInfo\s*\(`,
		Language:    "java",
		Labels:      []common.InputLabel{common.LabelHTTPGet, common.LabelUserInput},
		Description: "HTTP path info",
		NodeTypes:   []string{"method_invocation"},
	},
	{
		Name:        "request.getPart()",
		Pattern:     `\.getPart\s*\(`,
		Language:    "java",
		Labels:      []common.InputLabel{common.LabelFile, common.LabelUserInput},
		Description: "Multipart form part",
		NodeTypes:   []string{"method_invocation"},
	},
	{
		Name:        "request.getParts()",
		Pattern:     `\.getParts\s*\(`,
		Language:    "java",
		Labels:      []common.InputLabel{common.LabelFile, common.LabelUserInput},
		Description: "All multipart form parts",
		NodeTypes:   []string{"method_invocation"},
	},

	{
		Name:        "@RequestParam",
		Pattern:     `@RequestParam`,
		Language:    "java",
		Labels:      []common.InputLabel{common.LabelHTTPGet, common.LabelHTTPPost, common.LabelUserInput},
		Description: "Spring request parameter",
		NodeTypes:   []string{"annotation", "marker_annotation"},
	},
	{
		Name:        "@PathVariable",
		Pattern:     `@PathVariable`,
		Language:    "java",
		Labels:      []common.InputLabel{common.LabelHTTPGet, common.LabelUserInput},
		Description: "Spring path variable",
		NodeTypes:   []string{"annotation", "marker_annotation"},
	},
	{
		Name:        "@RequestBody",
		Pattern:     `@RequestBody`,
		Language:    "java",
		Labels:      []common.InputLabel{common.LabelHTTPBody, common.LabelUserInput},
		Description: "Spring request body",
		NodeTypes:   []string{"annotation", "marker_annotation"},
	},
	{
		Name:        "@RequestHeader",
		Pattern:     `@RequestHeader`,
		Language:    "java",
		Labels:      []common.InputLabel{common.LabelHTTPHeader, common.LabelUserInput},
		Description: "Spring request header",
		NodeTypes:   []string{"annotation", "marker_annotation"},
	},
	{
		Name:        "@CookieValue",
		Pattern:     `@CookieValue`,
		Language:    "java",
		Labels:      []common.InputLabel{common.LabelHTTPCookie, common.LabelUserInput},
		Description: "Spring cookie value",
		NodeTypes:   []string{"annotation", "marker_annotation"},
	},

	{
		Name:        "args[]",
		Pattern:     `\bargs\s*\[`,
		Language:    "java",
		Labels:      []common.InputLabel{common.LabelCLI},
		Description: "Command line arguments",
		NodeTypes:   []string{"array_access"},
	},

	{
		Name:         "System.getenv()",
		Pattern:      `System\.getenv\s*\(`,
		Language:     "java",
		Labels:       []common.InputLabel{common.LabelEnvironment},
		Description:  "Environment variable",
		NodeTypes:    []string{"method_invocation"},
		KeyExtractor: `System\.getenv\s*\(\s*"([^"]+)"`,
	},
	{
		Name:         "System.getProperty()",
		Pattern:      `System\.getProperty\s*\(`,
		Language:     "java",
		Labels:       []common.InputLabel{common.LabelEnvironment},
		Description:  "System property",
		NodeTypes:    []string{"method_invocation"},
		KeyExtractor: `System\.getProperty\s*\(\s*"([^"]+)"`,
	},

	{
		Name:        "Scanner.next()",
		Pattern:     `\.next\s*\(\s*\)`,
		Language:    "java",
		Labels:      []common.InputLabel{common.LabelUserInput},
		Description: "Scanner next token",
		NodeTypes:   []string{"method_invocation"},
	},
	{
		Name:        "Scanner.nextLine()",
		Pattern:     `\.nextLine\s*\(\s*\)`,
		Language:    "java",
		Labels:      []common.InputLabel{common.LabelUserInput},
		Description: "Scanner next line",
		NodeTypes:   []string{"method_invocation"},
	},
	{
		Name:        "Scanner.nextInt()",
		Pattern:     `\.nextInt\s*\(\s*\)`,
		Language:    "java",
		Labels:      []common.InputLabel{common.LabelUserInput},
		Description: "Scanner next integer",
		NodeTypes:   []string{"method_invocation"},
	},
	{
		Name:        "BufferedReader.readLine()",
		Pattern:     `\.readLine\s*\(\s*\)`,
		Language:    "java",
		Labels:      []common.InputLabel{common.LabelUserInput, common.LabelFile},
		Description: "Read line from reader",
		NodeTypes:   []string{"method_invocation"},
	},
	{
		Name:        "Console.readLine()",
		Pattern:     `console\.readLine\s*\(`,
		Language:    "java",
		Labels:      []common.InputLabel{common.LabelUserInput},
		Description: "Console read line",
		NodeTypes:   []string{"method_invocation"},
	},
	{
		Name:        "Console.readPassword()",
		Pattern:     `console\.readPassword\s*\(`,
		Language:    "java",
		Labels:      []common.InputLabel{common.LabelUserInput},
		Description: "Console read password",
		NodeTypes:   []string{"method_invocation"},
	},

	{
		Name:        "Files.readAllLines()",
		Pattern:     `Files\.readAllLines\s*\(`,
		Language:    "java",
		Labels:      []common.InputLabel{common.LabelFile},
		Description: "Read all lines from file",
		NodeTypes:   []string{"method_invocation"},
	},
	{
		Name:        "Files.readAllBytes()",
		Pattern:     `Files\.readAllBytes\s*\(`,
		Language:    "java",
		Labels:      []common.InputLabel{common.LabelFile},
		Description: "Read all bytes from file",
		NodeTypes:   []string{"method_invocation"},
	},
	{
		Name:        "Files.readString()",
		Pattern:     `Files\.readString\s*\(`,
		Language:    "java",
		Labels:      []common.InputLabel{common.LabelFile},
		Description: "Read string from file",
		NodeTypes:   []string{"method_invocation"},
	},
	{
		Name:        "FileInputStream",
		Pattern:     `new\s+FileInputStream\s*\(`,
		Language:    "java",
		Labels:      []common.InputLabel{common.LabelFile},
		Description: "File input stream",
		NodeTypes:   []string{"object_creation_expression"},
	},
	{
		Name:        "FileReader",
		Pattern:     `new\s+FileReader\s*\(`,
		Language:    "java",
		Labels:      []common.InputLabel{common.LabelFile},
		Description: "File reader",
		NodeTypes:   []string{"object_creation_expression"},
	},

	{
		Name:        "URL.openStream()",
		Pattern:     `\.openStream\s*\(\s*\)`,
		Language:    "java",
		Labels:      []common.InputLabel{common.LabelNetwork},
		Description: "URL input stream",
		NodeTypes:   []string{"method_invocation"},
	},
	{
		Name:        "HttpURLConnection.getInputStream()",
		Pattern:     `\.getInputStream\s*\(\s*\)`,
		Language:    "java",
		Labels:      []common.InputLabel{common.LabelNetwork},
		Description: "HTTP connection input",
		NodeTypes:   []string{"method_invocation"},
	},

	{
		Name:        "ObjectMapper.readValue()",
		Pattern:     `\.readValue\s*\(`,
		Language:    "java",
		Labels:      []common.InputLabel{common.LabelUserInput},
		Description: "Jackson JSON parsing",
		NodeTypes:   []string{"method_invocation"},
	},
	{
		Name:        "Gson.fromJson()",
		Pattern:     `\.fromJson\s*\(`,
		Language:    "java",
		Labels:      []common.InputLabel{common.LabelUserInput},
		Description: "Gson JSON parsing",
		NodeTypes:   []string{"method_invocation"},
	},
}

Definitions contains the source definitions for Java.

View Source 
var InputAnnotations = map[string]AnnotationMapping{

	"RequestParam": {
		SourceType:  common.SourceHTTPGet,
		Framework:   "spring",
		Description: "Spring request parameter from query string or form",
	},
	"PathVariable": {
		SourceType:  common.SourceHTTPPath,
		Framework:   "spring",
		Description: "Spring URL path variable",
	},
	"RequestBody": {
		SourceType:  common.SourceHTTPBody,
		Framework:   "spring",
		Description: "Spring request body (JSON/XML)",
	},
	"RequestHeader": {
		SourceType:  common.SourceHTTPHeader,
		Framework:   "spring",
		Description: "Spring HTTP header value",
	},
	"CookieValue": {
		SourceType:  common.SourceHTTPCookie,
		Framework:   "spring",
		Description: "Spring cookie value",
	},
	"ModelAttribute": {
		SourceType:  common.SourceHTTPPost,
		Framework:   "spring",
		Description: "Spring model attribute (form binding)",
	},
	"RequestPart": {
		SourceType:  common.SourceHTTPFile,
		Framework:   "spring",
		Description: "Spring multipart request part",
	},
	"MatrixVariable": {
		SourceType:  common.SourceHTTPGet,
		Framework:   "spring",
		Description: "Spring matrix variable from URL",
	},

	"QueryParam": {
		SourceType:  common.SourceHTTPGet,
		Framework:   "jax-rs",
		Description: "JAX-RS query parameter",
	},
	"PathParam": {
		SourceType:  common.SourceHTTPPath,
		Framework:   "jax-rs",
		Description: "JAX-RS URL path parameter",
	},
	"FormParam": {
		SourceType:  common.SourceHTTPPost,
		Framework:   "jax-rs",
		Description: "JAX-RS form parameter",
	},
	"HeaderParam": {
		SourceType:  common.SourceHTTPHeader,
		Framework:   "jax-rs",
		Description: "JAX-RS HTTP header parameter",
	},
	"CookieParam": {
		SourceType:  common.SourceHTTPCookie,
		Framework:   "jax-rs",
		Description: "JAX-RS cookie parameter",
	},
	"BeanParam": {
		SourceType:  common.SourceUserInput,
		Framework:   "jax-rs",
		Description: "JAX-RS bean parameter (aggregates multiple sources)",
	},
	"MatrixParam": {
		SourceType:  common.SourceHTTPGet,
		Framework:   "jax-rs",
		Description: "JAX-RS matrix parameter from URL",
	},

	"QueryValue": {
		SourceType:  common.SourceHTTPGet,
		Framework:   "micronaut",
		Description: "Micronaut query value",
	},
	"PathValue": {
		SourceType:  common.SourceHTTPPath,
		Framework:   "micronaut",
		Description: "Micronaut path value",
	},
	"Body": {
		SourceType:  common.SourceHTTPBody,
		Framework:   "micronaut",
		Description: "Micronaut request body",
	},
	"Header": {
		SourceType:  common.SourceHTTPHeader,
		Framework:   "micronaut",
		Description: "Micronaut HTTP header",
	},

	"Param": {
		SourceType:  common.SourceHTTPGet,
		Framework:   "vertx",
		Description: "Vert.x request parameter",
	},

	"StrutsParameter": {
		SourceType:  common.SourceHTTPGet,
		Framework:   "struts2",
		Description: "Struts 2 action parameter",
	},

	"BodyParser": {
		SourceType:  common.SourceHTTPBody,
		Framework:   "play",
		Description: "Play Framework body parser",
	},

	"Auth": {
		SourceType:  common.SourceHTTPHeader,
		Framework:   "dropwizard",
		Description: "Dropwizard authentication (often from header)",
	},
}

InputAnnotations maps Java annotation names to their source type mappings This is the canonical source for all Java input-related annotations

View Source 
var Registry = common.NewFrameworkPatternRegistry("java")

Registry is the global Java framework pattern registry

Functions

func GetAllAnnotationNames 

func GetAllAnnotationNames() []string

GetAllAnnotationNames returns a list of all known input annotation names

func GetAllFrameworks 

func GetAllFrameworks() []string

GetAllFrameworks returns a list of all frameworks with annotation mappings

func GetAllPatterns 

func GetAllPatterns() []*common.FrameworkPattern

GetAllPatterns returns all registered framework patterns

func GetAnnotationsByFramework 

func GetAnnotationsByFramework(framework string) map[string]AnnotationMapping

GetAnnotationsByFramework returns all annotations for a specific framework

func GetAnnotationsBySourceType 

func GetAnnotationsBySourceType(sourceType common.SourceType) []string

GetAnnotationsBySourceType returns all annotations that map to a specific source type

func GetPatternByID 

func GetPatternByID(id string) *common.FrameworkPattern

GetPatternByID returns a pattern by its ID

func GetPatternsByFramework 

func GetPatternsByFramework(framework string) []*common.FrameworkPattern

GetPatternsByFramework returns patterns for a specific framework

func GetSourceTypeForAnnotation 

func GetSourceTypeForAnnotation(annotation string) common.SourceType

GetSourceTypeForAnnotation returns the SourceType for a given annotation Returns SourceUnknown if the annotation is not found

func IsInputAnnotation 

func IsInputAnnotation(annotation string) bool

IsInputAnnotation returns true if the annotation name indicates user input

Types

type AnnotationMapping 

type AnnotationMapping struct {
	SourceType  common.SourceType
	Framework   string
	Description string
}

AnnotationMapping maps an annotation name to its source type and metadata

func GetAnnotationMapping 

func GetAnnotationMapping(annotation string) *AnnotationMapping

GetAnnotationMapping returns the mapping for a given annotation name Returns nil if the annotation is not found

type Matcher 

type Matcher struct {
	*common.BaseMatcher
}

Matcher matches Java user input sources

func NewMatcher 

func NewMatcher() *Matcher

NewMatcher creates a new Java source matcher

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.