add new script

righettod · righettod · commit 7672478732f7 · 2025-10-23T15:50:04.000+02:00
diff --git a/docs/8-CODEREVIEW_UTILS.md b/docs/8-CODEREVIEW_UTILS.md
@@ -114,14 +114,7 @@ $ semgrep scan --config "p/default" --force-color --text --metrics off --disable
 
 * [Restrictions on values](https://www.w3schools.com/xml/schema_facets.asp).
 
-💻 Useful commands to find type of processing (excludes test related content):
-
-```shell
-# Find if input validation is in place into XSD schemas via regular expressions
-$ grep -F ":pattern" -rn --exclude-dir=test --include=\*.xsd .
-# Find if input validation is in place into XSD schemas via restriction instructions other than regular expressions
-$ grep -E ":(enumeration|fractionDigits|length|maxExclusive|maxInclusive|maxLength|minExclusive|minInclusive|minLength|totalDigits)\s+" -rn --exclude-dir=test --include=\*.xsd .
-```
+💻 Useful script to identify if input validation is in place: See [here](../scripts/identify-input-validation-presence.sh).
 
 ### JavaScript
 
@@ -175,26 +168,7 @@ grep -Frn "@Matches(" --exclude-dir=test --exclude-dir=node_modules .
 * [Apache Commons Lang - Javadoc](https://commons.apache.org/proper/commons-lang/apidocs/index.html).
 * [Java API for XML Processing security guide](https://docs.oracle.com/en/java/javase/21/security/java-api-xml-processing-jaxp-security-guide.html).
 
-💻 Useful commands to find type of processing (excludes test related content):
-
-```shell
-# Find if input validation is in place using beans validation constraints
-$ grep -E "@(Pattern|Size|Digits|Email|Negative|Positive|Length|Range)" -rn --exclude-dir=test --include=\*.java .
-# Find if input validation is in place using regex
-$ grep -F "Pattern" -rn --exclude-dir=test --include=\*.java .
-# Find if input validation is in place using regex and focusing on regular expressions defined
-$ grep -F "Pattern.compile(" -rn --exclude-dir=test --include=\*.java .
-# Find if input validation is in place using Apache Commons-Lang features
-$ grep -E "\.(isAlpha|isNumeric|isDigits|isParsable)" -rn --exclude-dir=test --include=\*.java .
-# Find if input validation is in place but limited to the presence of a value
-$ grep -E "\.(isNull|isEmpty|isBlank|isNotNull|isNotEmpty|isNotBlank|isAllBlank|isAllEmpty|isNoneBlank|isNoneEmpty)" -rn --exclude-dir=test --include=\*.java .
-# Identify XML processing to check for exposure to XXE
-$ grep -E "(DocumentBuilderFactory|XMLInputFactory|TransformerFactory|JAXBContext)" -rn --exclude-dir=test --include=\*.java .
-# Identify cryptography related processing to check for weaknesses in usage/implementation
-$ grep -E "(MessageDigest|Cipher|ParameterSpec|SecretKey|PrivateKey|PublicKey|KeyGenerator)" -rn --exclude-dir=test --include=\*.java .
-# Identify system command execution
-$ grep -F ".exec(" -rn --exclude-dir=test --include=\*.java .
-```
+💻 Useful script to identify if input validation is in place: See [here](../scripts/identify-input-validation-presence.sh).
 
 💻 Useful commands to find type of files (excludes test related content):
 
diff --git a/scripts/identify-input-validation-presence.sh b/scripts/identify-input-validation-presence.sh
@@ -0,0 +1,86 @@
+#!/bin/bash
+####################################################################
+# Script to find if input validation is in place across a codebase.
+# Precisely if content is inspected/constrained.
+####################################################################
+WORK="/tmp/work.tmp"
+
+# Utility functions
+function write_step(){
+    echo "🔎 $1"
+}
+
+function print_current_location(){
+    echo "📁 Current location:"
+	pwd
+}
+
+function apply_for_java(){
+	echo "📦 Count of java files:"
+	find . -name "*.java" | wc -l
+	write_step "Find if input validation is in place using beans validation constraints:"
+	grep --color=always -E "@(Pattern|Size|Digits|Email|Negative|Positive|Length|Range)" -rn --exclude-dir=test --include=\*.java .
+	echo "---"
+	write_step "Find if input validation is in place using regex:"
+	grep --color=always -F "Pattern." -rn --exclude-dir=test --include=\*.java .
+	echo "---"
+	write_step "Find if input validation is in place using Apache Commons-Lang features:"
+	grep --color=always -E "\.(isAlpha|isNumeric|isDigits|isParsable)" -rn --exclude-dir=test --include=\*.java .
+}
+
+function apply_for_xsd(){
+	echo "📦 Count of XSD files:"
+	find . -name "*.xsd" | wc -l
+	write_step "Find if input validation is in place via regular expressions:"
+	grep --color=always -F ":pattern" -rn --exclude-dir=test --include=\*.xsd .
+}
+
+function apply_for_openapi(){
+	echo "📦 Count of OpenAPI descriptor files:"
+	grep -Fr "openapi:" --exclude-dir=test --include=\*.yml . > $WORK
+	wc -l $WORK | cut -d' ' -f1
+	write_step "Find if input validation is in place via regular expressions:"
+	while IFS= read -r line; do
+		filepath=$(echo $line | cut -d':' -f1)
+		openapi_descriptor="$(pwd)/$filepath"
+		found=$(grep -Fc "pattern:" $openapi_descriptor)
+		if [ $found -ne 0 ]
+		then
+			echo "=> $filepath:"
+			grep --color=always -Fn "pattern:" $openapi_descriptor
+		fi
+		
+	done < $WORK
+}
+
+# Entry point
+if [ "$#" -lt 1 ]; then
+	script_name=$(basename "$0")
+	echo "Usage:"
+	echo "   $script_name (java|xsd|openapi)"
+	echo ""
+	echo ""
+	echo "Call example:"
+	echo "    $script_name java"
+	echo "    $script_name xsd"
+	echo "    $script_name openapi"	
+    exit 1
+fi
+technology=$1
+
+print_current_location
+case "$technology" in
+    java) 
+        apply_for_java
+        ;;
+    xsd) 
+        apply_for_xsd		
+        ;;		
+    openapi) 
+        apply_for_openapi
+        ;;		
+    *)
+        echo "❌ Invalid technology specified."
+        exit 2
+        ;;
+esac
