Issue-452 : Add support for annotation based input validation #903
Conversation
There was a problem hiding this comment.
Pull request overview
This PR implements annotation-based input validation support for ESAPI using the Java Bean Validation (JSR 380) API. It introduces 17 custom validation annotations that wrap existing ESAPI validation methods, enabling declarative validation of fields, parameters, and method return values.
Key changes:
- Created 17 custom validation annotations (ValidString, ValidCreditCard, ValidURI, etc.) with corresponding validator implementations
- Added ValidationUtil helper class for centralized error handling
- Comprehensive test suite covering all validation annotations
- Added javax.validation-api (2.0.1.Final) as a compile dependency and Hibernate Validator (6.2.5.Final) as a test dependency
Reviewed changes
Copilot reviewed 36 out of 37 changed files in this pull request and generated 23 comments.
Show a summary per file
| File | Description |
|---|---|
| ValidationAnnotationsTest.java | Comprehensive test suite covering all 17 validation annotations with positive and negative test cases |
| ValidationUtil.java | Utility class for converting ValidationErrorList to constraint violations |
| ValidURIValidator.java / ValidURI.java | URI validation annotation and validator |
| ValidStringValidator.java / ValidString.java | String validation annotation and validator with type and length constraints |
| ValidSafeHTMLValidator.java / ValidSafeHTML.java | Safe HTML validation annotation and validator |
| ValidRedirectLocationValidator.java / ValidRedirectLocation.java | Redirect location validation annotation and validator |
| ValidPrintableValidator.java / ValidPrintableStringValidator.java / ValidPrintable.java | Printable character validation for char arrays and strings |
| ValidNumberValidator.java / ValidNumber.java | Number validation annotation and validator with range constraints |
| ValidListItemValidator.java / ValidListItem.java | List item validation annotation and validator |
| ValidIntegerValidator.java / ValidInteger.java | Integer validation annotation and validator with range constraints |
| ValidHTTPRequestParameterSetValidator.java / ValidHTTPRequestParameterSet.java | HTTP request parameter set validation |
| ValidFileUploadValidator.java / ValidFileUpload.java | File upload validation with size and location constraints |
| ValidFileNameValidator.java / ValidFileName.java | File name validation with extension constraints |
| ValidFileContentValidator.java / ValidFileContent.java | File content validation with size constraints |
| ValidDoubleValidator.java / ValidDouble.java | Double validation annotation and validator with range constraints |
| ValidDirectoryPathValidator.java / ValidDirectoryPath.java | Directory path validation with parent directory constraints |
| ValidDateValidator.java / ValidDate.java | Date validation with format and locale support |
| ValidCreditCardValidator.java / ValidCreditCard.java | Credit card validation using Luhn algorithm |
| DefaultValidator.java | Minor formatting change (trailing whitespace) |
| pom.xml | Added javax.validation-api, hibernate-validator, and javax.el dependencies |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| if (input == null) { | ||
| return true; | ||
| } |
There was a problem hiding this comment.
The null check returns true even when allowNull is false. This means null values will always pass validation regardless of the allowNull setting. The validator should return allowNull when input is null to properly respect the allowNull configuration.
There was a problem hiding this comment.
We need to make a design decision here:
- null values are accepted unless
@NotNullis present. Since the user would already be using annotations, it could make sense to assume that they would leverage an existing, often used constraint.
OR - Require
allowNulleverywhere
I was leaning towards 1 initially but I'm starting to consider 2 more seriously. Thoughts?
| @Override | ||
| public boolean isValid(String input, ConstraintValidatorContext constraintValidatorContext) { | ||
| if (input == null) { | ||
| return true; |
There was a problem hiding this comment.
The null check returns true even when allowNull is false. This means null values will always pass validation regardless of the allowNull setting. The validator should return allowNull when input is null to properly respect the allowNull configuration.
| return true; | |
| return allowNull; |
|
|
||
| public class ValidationUtil { | ||
|
|
||
| private ValidationUtil(){} |
There was a problem hiding this comment.
Missing space after closing brace. The constructor should have a space before the opening brace for consistency with Java formatting conventions.
| if (input == null) { | ||
| return true; | ||
| } |
There was a problem hiding this comment.
The null check returns true even when allowNull is false. This means null values will always pass validation regardless of the allowNull setting. The validator should return allowNull when input is null to properly respect the allowNull configuration.
| @Override | ||
| public boolean isValid(String input, ConstraintValidatorContext constraintValidatorContext) { | ||
| if (input == null) { | ||
| return true; |
There was a problem hiding this comment.
The null check returns true even when allowNull is false. This means null values will always pass validation regardless of the allowNull setting. The validator should return allowNull when input is null to properly respect the allowNull configuration.
| return true; | |
| return allowNull; |
| @Override | ||
| public boolean isValid(String input, ConstraintValidatorContext constraintValidatorContext) { | ||
| if (input == null) { | ||
| return true; |
There was a problem hiding this comment.
The null check returns true even when allowNull is false. This means null values will always pass validation regardless of the allowNull setting. The validator should return allowNull when input is null to properly respect the allowNull configuration.
| return true; | |
| return allowNull; |
| @Override | ||
| public boolean isValid(String input, ConstraintValidatorContext constraintValidatorContext) { | ||
| if (input == null) { | ||
| return true; |
There was a problem hiding this comment.
The null check returns true even when allowNull is false. This means null values will always pass validation regardless of the allowNull setting. The validator should return allowNull when input is null to properly respect the allowNull configuration.
| return true; | |
| return allowNull; |
| @Override | ||
| public boolean isValid(String input, ConstraintValidatorContext constraintValidatorContext) { | ||
| if (input == null) { | ||
| return true; |
There was a problem hiding this comment.
The null check returns true even when allowNull is false. This means null values will always pass validation regardless of the allowNull setting. The validator should return allowNull when input is null to properly respect the allowNull configuration.
| return true; | |
| return allowNull; |
| @Override | ||
| public boolean isValid(String input, ConstraintValidatorContext constraintValidatorContext) { | ||
| if (input == null) { | ||
| return true; |
There was a problem hiding this comment.
The null check returns true even when allowNull is false. This means null values will always pass validation regardless of the allowNull setting. The validator should return allowNull when input is null to properly respect the allowNull configuration.
| return true; | |
| return allowNull; |
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
1 participant
@kwwall please review at your convenience, thanks.