{"id":36422815,"url":"https://github.com/cloud-apim/libinjection-jvm","last_synced_at":"2026-01-14T02:21:30.185Z","repository":{"id":331913871,"uuid":"1126594158","full_name":"cloud-apim/libinjection-jvm","owner":"cloud-apim","description":"Port of libinjection on the JVM","archived":false,"fork":false,"pushed_at":"2026-01-10T13:41:59.000Z","size":95,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-01-11T19:19:24.859Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cloud-apim.png","metadata":{"files":{"readme":"readme.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-01-02T08:11:35.000Z","updated_at":"2026-01-10T13:42:02.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/cloud-apim/libinjection-jvm","commit_stats":null,"previous_names":["cloud-apim/libinjection-jvm"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/cloud-apim/libinjection-jvm","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloud-apim%2Flibinjection-jvm","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloud-apim%2Flibinjection-jvm/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloud-apim%2Flibinjection-jvm/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloud-apim%2Flibinjection-jvm/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cloud-apim","download_url":"https://codeload.github.com/cloud-apim/libinjection-jvm/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloud-apim%2Flibinjection-jvm/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28408711,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T01:52:23.358Z","status":"online","status_checked_at":"2026-01-14T02:00:06.678Z","response_time":107,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-01-11T17:44:47.898Z","updated_at":"2026-01-14T02:21:30.173Z","avatar_url":"https://github.com/cloud-apim.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"# libinjection-jvm\n\n[![License](https://img.shields.io/badge/license-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)\n[![Maven Central](https://img.shields.io/maven-central/v/com.cloud-apim/libinjection-jvm.svg)](https://search.maven.org/artifact/com.cloud-apim/libinjection-jvm)\n\nJava port of [libinjection](https://github.com/client9/libinjection) - SQL / SQLI / XSS tokenizer parser analyzer for detecting injection attacks.\n\nThis is a faithful port of the C implementation to Java, maintaining the same detection capabilities and fingerprinting system.\n\n## Features\n\n- **SQLi Detection**: Detects SQL injection attempts using fingerprinting and pattern matching\n- **XSS Detection**: Detects Cross-Site Scripting (XSS) attacks in HTML5 contexts\n- **Multi-dialect Support**: Handles ANSI SQL and MySQL syntax differences\n- **9352+ Fingerprints**: Comprehensive database of known SQLi attack patterns\n- **Zero Dependencies**: No external runtime dependencies (only JUnit for tests)\n- **Java 8+**: Compatible with Java 8 and above\n\n## Installation\n\n### Maven\n\n```xml\n\u003cdependency\u003e\n    \u003cgroupId\u003ecom.cloud-apim\u003c/groupId\u003e\n    \u003cartifactId\u003elibinjection-jvm\u003c/artifactId\u003e\n    \u003cversion\u003e1.0.0\u003c/version\u003e\n\u003c/dependency\u003e\n```\n\n### Gradle\n\n```gradle\nimplementation 'com.cloud-apim:libinjection-jvm:1.0.0'\n```\n\n## Usage\n\n### SQLi Detection\n\n```java\nimport com.cloud.apim.libinjection.LibInjection;\n\npublic class Example {\n    public static void main(String[] args) {\n        String input = \"-1' and 1=1 union/* foo */select load_file('/etc/passwd')--\";\n        \n        boolean isSqli = LibInjection.isSQLi(input);\n        \n        if (isSqli) {\n            System.out.println(\"SQLi detected!\");\n        }\n    }\n}\n```\n\n### XSS Detection\n\n```java\nimport com.cloud.apim.libinjection.LibInjection;\n\npublic class Example {\n    public static void main(String[] args) {\n        String input = \"\u003cscript\u003ealert('xss')\u003c/script\u003e\";\n        \n        boolean isXss = LibInjection.isXSS(input);\n        \n        if (isXss) {\n            System.out.println(\"XSS detected!\");\n        }\n    }\n}\n```\n\n## How It Works\n\n### SQLi Detection\n\nThe library uses a multi-step approach to detect SQL injection:\n\n1. **Tokenization**: The input is parsed into SQL tokens (keywords, operators, strings, numbers, etc.)\n2. **Folding**: Tokens are reduced and normalized to create a simplified representation\n3. **Fingerprinting**: A fingerprint pattern is generated from the token sequence\n4. **Pattern Matching**: The fingerprint is compared against a database of known SQLi patterns\n5. **Context Testing**: The input is tested in multiple contexts (no quotes, single quotes, double quotes)\n\nExample fingerprints:\n- `s\u00261UE` - String, logic operator, number, UNION, expression\n- `1oc` - Number, operator, comment\n- `1\u00261` - Number, logic operator, number\n\n### XSS Detection\n\nThe XSS detector analyzes HTML5 contexts and identifies potentially dangerous patterns that could lead to script execution.\n\n## Implementation Notes\n\nThis Java port intentionally follows the C implementation closely rather than using idiomatic Java patterns. This design choice:\n\n- Makes it easier to track changes from the upstream C version\n- Facilitates debugging by allowing direct comparison with the C code\n- Maintains the same performance characteristics and behavior\n\n## Building from Source\n\n```bash\n# Clone the repository\ngit clone https://github.com/cloud-apim/libinjection-jvm.git\ncd libinjection-jvm/java\n\n# Build with Maven\nmvn clean install\n\n# Run tests\nmvn test\n\n# Generate sources and javadoc\nmvn source:jar javadoc:jar\n```\n\n## Version Information\n\nThis port follows the versioning of the original libinjection C library.\n\n## Performance Considerations\n\n- **Zero allocation**: The detection process minimizes object allocation\n- **Fast pattern matching**: Uses binary search for keyword lookup\n- **Efficient tokenization**: Single-pass parsing with minimal backtracking\n- **Thread-safe**: All public methods are stateless and thread-safe\n\n## Comparison with C Implementation\n\n| Feature | C Version | Java Version |\n|---------|-----------|--------------|\n| SQLi Detection | ✅ | ✅ |\n| XSS Detection | ✅ | ✅ |\n| Fingerprint Database | 9352 patterns | 9352 patterns |\n| Multi-context Testing | ✅ | ✅ |\n| MySQL/ANSI Support | ✅ | ✅ |\n| Dependencies | None | None (runtime) |\n\n## Contributing\n\nContributions are welcome! Please feel free to submit a Pull Request.\n\nWhen contributing:\n1. Maintain compatibility with the C implementation\n2. Add tests for new features\n3. Follow the existing code style (C-like, not idiomatic Java)\n4. Update documentation as needed\n\n## License\n\nThis project is licensed under the Apache License 2.0 - see the [LICENSE](../COPYING) file for details.\n\nThe original libinjection C library is:\n- Copyright (c) 2012-2016 Nick Galbreath\n- Licensed under BSD 3-Clause License\n\n## Credits\n\n- **Original Author**: [Nick Galbreath](https://github.com/client9) - C implementation\n- **Java Port**: [Mathieu Ancelin](https://github.com/mathieuancelin) - Cloud APIM\n\n## Links\n\n- **Original C Library**: https://github.com/client9/libinjection\n- **Documentation**: https://libinjection.client9.com/\n- **Issue Tracker**: https://github.com/cloud-apim/libinjection-jvm/issues\n- **Maven Central**: https://search.maven.org/artifact/com.cloud-apim/libinjection-jvm\n\n## Related Projects\n\n- [libinjection (C)](https://github.com/client9/libinjection) - Original C implementation\n- [libinjection-php](https://github.com/client9/libinjection/tree/master/php) - PHP extension\n- [libinjection-python](https://github.com/client9/libinjection/tree/master/python) - Python bindings\n- [libinjection-lua](https://github.com/client9/libinjection/tree/master/lua) - Lua bindings\n\n## Support\n\nFor questions, issues, or feature requests, please use the [GitHub Issues](https://github.com/cloud-apim/libinjection-jvm/issues) page.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcloud-apim%2Flibinjection-jvm","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcloud-apim%2Flibinjection-jvm","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcloud-apim%2Flibinjection-jvm/lists"}