Add Java/Kotlin language support for Android and backend validation

[rudra496]

Summary

Add Java and Kotlin language support — critical for Android development and enterprise backend validation.

Patterns to Detect

Java Security

• Runtime.exec() — command injection
• Statement.executeQuery() with string concatenation — SQL injection
• ObjectInputStream.readObject() — deserialization attacks
• System.getenv() fallback with hardcoded secrets
• new File() with user-controlled path — path traversal
• javax.script.ScriptEngine.eval() — code injection

Kotlin Security

• exec() — command injection
• println() leaking sensitive data
• Hardcoded secrets in companion objects
• !! (non-null assertion) on user input — NPE in production

Hallucinations

• Non-existent Java packages (com.google.ai.magic)
• Invented Spring Boot annotations
• Fake Kotlin extension functions
• Non-existent Android APIs

Logic

• Empty catch blocks
• catch (Exception e) catching everything
• Missing @Override annotations
• Resource leaks (unclosed streams/connections)

Acceptance Criteria

• .java and .kt files auto-detected
• At least 8 Java/Kotlin-specific security patterns
• Hallucination detection for common frameworks (Spring, Android)
• Tests with realistic Java/Kotlin code
• Documentation updated

Difficulty

Intermediate — Java/Kotlin syntax is regular enough for pattern matching.