HighFile-scopeJava Plug & play

Add input validation for API parameters

Validate presence, format, and ranges for incoming parameters before processing.

Why this matters

Prevents invalid operations and provides clear feedback to clients.

Side-by-side examples engineers can pattern-match during review.

Avoid

process(amount, taxId);

Prefer

if (amount == null || amount.signum() <= 0) return badRequest("amount>0 required");
if (!isValidTaxId(taxId)) return badRequest("invalid taxId");

Bad

Long.parseLong(q.get("n")) // no checks

Good

if(!NUMBER.matcher(n).matches()) return badRequest()

From the same buckets as this rule.

Critical
Check consent and role-based authorization before returning ePHI
Handlers must verify the requester’s role and a valid consent/relationship (e.g., care team assignment) before disclosing ePHI; include Purpose-Of-Use in the decision and audit the outcome.
compliance-hipaasecurity-hardening+2
Critical
Children's data: verify age and parental consent
If data subject is a child/adolescent, require age verification and parental/legal guardian consent prior to processing; deny processing otherwise and do not store the payload.
compliance-lgpdapi-conventions+1
Critical
Disallow public ingress without explicit allowlist
For Ingress/Service of type LoadBalancer, require host/path allowlist and TLS; forbid 0.0.0.0/0 exposure without WAF or Auth.
infra-as-codesecurity-hardening+1