Framework Jersey

for JavaEE environment

Julia will translate the Jersey annotations into its own, keeping trace of which data comes from an untrusted source and of which fields may be injected from the external environment.

Required libraries: jersey-media-multipart.jar and jersey-declarative-linking.jar

Applicability

This specification gets automatically applied when:

  • the framework of the analysis contains the word java (case insensitive)
  • there exists an annotation that starts with org.glassfish.jersey


Implications between annotations

Some annotations of this framework get translated automatically into standard Julia annotations, such that the analysis engine can react accordingly. Namely:

  • if an element is annotated with org.glassfish.jersey.linking.InjectLink, Julia considers it to be annotated also with:
    • com.juliasoft.julia.extraction.Injected
  • if an element is annotated with org.glassfish.jersey.linking.InjectLinks, Julia considers it to be annotated also with:
    • com.juliasoft.julia.extraction.Injected
  • if an element is annotated with org.glassfish.jersey.media.multipart.FormDataParam, Julia considers it to be annotated also with:
    • com.juliasoft.julia.checkers.flows.UntrustedUserInput