This directory contains automated validation scripts that check many items from the error prevention checklists:
# Run with default output (only failures)
.\scripts\validate-500-prevention.ps1
# Run with verbose output (all checks)
.\scripts\validate-500-prevention.ps1 -VerboseThe script automatically validates:
-
Null Pointer Prevention
- Session attribute null checks
- Request parameter validation usage
-
Resource Management
- Try-with-resources usage for PreparedStatement
- Try-with-resources usage for ResultSet
-
Error Handling
- Try-catch blocks in servlet methods
- ErrorAction utility usage
-
SQL Injection Prevention
- PreparedStatement usage
- Detection of dangerous string concatenation
-
Logging Configuration
- Logger declaration patterns
- Static final logger usage
-
Configuration Files
- application.properties existence and required properties
- web.xml error page configuration
-
Build Configuration
- pom.xml Java version settings
- WAR packaging configuration
-
Error Pages
- error.jsp existence
- Stack trace exposure checks
-
Input Validation
- SecurityUtil usage in controllers
- Direct parameter access detection
-
Connection Pool
- ConnectionPool class structure
- Singleton pattern implementation
0- All checks passed (may have warnings)1- Critical issues found
Add to your CI/CD pipeline:
# Example for GitHub Actions
- name: Validate 500 Error Prevention
run: |
pwsh -File scripts/validate-500-prevention.ps1 -Verbose# Example for Jenkins
stage('Validation') {
steps {
powershell script: 'scripts/validate-500-prevention.ps1 -Verbose'
}
}# Run with default output (only failures)
.\scripts\validate-403-404-prevention.ps1
# Run with verbose output (all checks)
.\scripts\validate-403-404-prevention.ps1 -VerboseThe script automatically validates:
-
Authentication Verification
- Session validation in controllers
- Authentication checks in protected endpoints
-
Authorization Checks (403 Prevention)
- Authorization checks in admin controllers
- Role-based access control patterns
- ErrorAction usage for 403 errors
-
Servlet Mappings (404 Prevention)
- web.xml servlet mapping configuration
- @WebServlet annotation usage
- Mapping completeness
-
Path Parameter Validation
- PathInfo null/empty checks
- Path parameter validation patterns
-
Resource Existence Checks
- Null checks after resource retrieval
- 404 error handling for missing resources
-
Error Page Configuration
- 403 and 404 error page configuration
- error.jsp existence
-
CSRF Token Validation
- CSRF validation in state-changing operations
- SecurityUtil.validateCSRFToken usage
-
Redirect Security
- Secure redirect patterns
- Open redirect vulnerability detection
-
Type Safety
- instanceof checks before casting
- Safe session attribute access
0- All checks passed (may have warnings)1- Critical issues found
Add to your CI/CD pipeline:
# Example for GitHub Actions
- name: Validate 403/404 Error Prevention
run: |
pwsh -File scripts/validate-403-404-prevention.ps1 -VerboseFor items that cannot be automatically validated, refer to the error prevention checklists and check them manually during code review and pre-deployment QA:
The automated script checks code patterns and configuration files, but cannot validate:
- Runtime behavior
- Performance characteristics
- Security vulnerabilities (requires specialized tools)
- Manual testing scenarios
- Environment-specific configurations
- Deployment-specific settings
Use this script as a first-pass validation, but always complete the full manual checklist before deployment.