toxicbishop
diff --git a/‎Student-GUI-with-SQL-version-2-java/pom.xml‎
Lines changed: 88 additions & 0 deletions b/‎Student-GUI-with-SQL-version-2-java/pom.xml‎
Lines changed: 88 additions & 0 deletions
diff --git a/‎Student-GUI-with-SQL-version-2-java/src/main/java/com/studentgui/db/DatabaseHelper.java‎
Lines changed: 149 additions & 0 deletions b/‎Student-GUI-with-SQL-version-2-java/src/main/java/com/studentgui/db/DatabaseHelper.java‎
Lines changed: 149 additions & 0 deletions
diff --git a/‎Student-GUI-with-SQL-version-2-java/src/main/java/com/studentgui/util/InputValidator.java‎
Lines changed: 122 additions & 0 deletions b/‎Student-GUI-with-SQL-version-2-java/src/main/java/com/studentgui/util/InputValidator.java‎
Lines changed: 122 additions & 0 deletions
@@ -0,0 +1,88 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <groupId>com.studentgui</groupId>
+    <artifactId>student-gui-java-v2</artifactId>
+    <version>2.0-SNAPSHOT</version>
+
+    <properties>
+        <maven.compiler.source>21</maven.compiler.source>
+        <maven.compiler.target>21</maven.compiler.target>
+        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+    </properties>
+
+    <dependencies>
+        <!-- MySQL Connector -->
+        <dependency>
+            <groupId>mysql</groupId>
+            <artifactId>mysql-connector-java</artifactId>
+            <version>8.0.33</version>
+        </dependency>
+
+        <!-- Dotenv for env vars -->
+        <dependency>
+            <groupId>io.github.cdimascio</groupId>
+            <artifactId>dotenv-java</artifactId>
+            <version>3.0.0</version>
+        </dependency>
+
+        <!-- FlatLaf for modern UI (includes both Dark and Light) -->
+        <dependency>
+            <groupId>com.formdev</groupId>
+            <artifactId>flatlaf</artifactId>
+            <version>3.4</version>
+        </dependency>
+
+        <!-- JFreeChart for charts -->
+        <dependency>
+            <groupId>org.jfree</groupId>
+            <artifactId>jfreechart</artifactId>
+            <version>1.5.4</version>
+        </dependency>
+
+        <!-- Apache POI for Excel export (.xlsx) -->
+        <dependency>
+            <groupId>org.apache.poi</groupId>
+            <artifactId>poi-ooxml</artifactId>
+            <version>5.3.0</version>
+        </dependency>
+
+        <!-- UUID Creator — provides UUID v7 (time-ordered) -->
+        <dependency>
+            <groupId>com.github.f4b6a3</groupId>
+            <artifactId>uuid-creator</artifactId>
+            <version>6.0.0</version>
+        </dependency>
+
+        <!-- Apache Commons Text — for HTML sanitization -->
+        <dependency>
+            <groupId>org.apache.commons</groupId>
+            <artifactId>commons-text</artifactId>
+            <version>1.12.0</version>
+        </dependency>
+    </dependencies>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-dependency-plugin</artifactId>
+                <version>3.6.1</version>
+                <executions>
+                    <execution>
+                        <id>copy-dependencies</id>
+                        <phase>package</phase>
+                        <goals>
+                            <goal>copy-dependencies</goal>
+                        </goals>
+                        <configuration>
+                            <outputDirectory>${project.build.directory}/lib</outputDirectory>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
+        </plugins>
+    </build>
+</project>
@@ -0,0 +1,149 @@
+package com.studentgui.db;
+
+import com.github.f4b6a3.uuid.UuidCreator;
+import io.github.cdimascio.dotenv.Dotenv;
+
+import java.sql.*;
+import java.util.*;
+
+public class DatabaseHelper {
+
+    private static final String[] SUBJECTS = {"Science", "Social", "Maths", "English", "Hindi", "Kannada"};
+    private static final Map<String, Integer> SUBJ_MAP = new LinkedHashMap<>();
+    static {
+        SUBJ_MAP.put("Science", 101);
+        SUBJ_MAP.put("Social",  102);
+        SUBJ_MAP.put("Maths",   103);
+        SUBJ_MAP.put("English", 104);
+        SUBJ_MAP.put("Hindi",   105);
+        SUBJ_MAP.put("Kannada", 106);
+    }
+
+    private final String url;
+    private final String user;
+    private final String password;
+
+    public DatabaseHelper() {
+        Dotenv dotenv = Dotenv.configure().ignoreIfMissing().load();
+        String host = dotenv.get("DB_HOST", "localhost");
+        String port = dotenv.get("DB_PORT", "3306");
+        String db   = dotenv.get("DB_NAME", "defaultdb");
+        this.user     = dotenv.get("DB_USER", "root");
+        this.password = dotenv.get("DB_PASS", "");
+        this.url = "jdbc:mysql://" + host + ":" + port + "/" + db + "?useSSL=true&serverTimezone=UTC";
+    }
+
+    public Connection connect() throws SQLException {
+        return DriverManager.getConnection(url, user, password);
+    }
+
+    /**
+     * Save student marks. Uses UUID v7 (time-ordered) for the MARKS.ID column.
+     */
+    public void saveStudentMarks(String name, int rollNo, Map<String, Integer> marksMap) throws SQLException {
+        try (Connection conn = connect()) {
+            conn.setAutoCommit(false);
+            try {
+                // Upsert student
+                try (PreparedStatement ps = conn.prepareStatement(
+                        "INSERT INTO STUDENTS (ROLL_NO, NAME) VALUES (?, ?) ON DUPLICATE KEY UPDATE NAME=?")) {
+                    ps.setInt(1, rollNo);
+                    ps.setString(2, name);
+                    ps.setString(3, name);
+                    ps.executeUpdate();
+                }
+
+                // Upsert marks per subject
+                for (Map.Entry<String, Integer> entry : marksMap.entrySet()) {
+                    Integer subjId = SUBJ_MAP.get(entry.getKey());
+                    if (subjId == null) continue;
+
+                    // Delete old mark for this student/subject then insert fresh with UUID v7
+                    try (PreparedStatement del = conn.prepareStatement(
+                            "DELETE FROM MARKS WHERE ROLL_NO=? AND SUBJ_ID=?")) {
+                        del.setInt(1, rollNo);
+                        del.setInt(2, subjId);
+                        del.executeUpdate();
+                    }
+
+                    // UUID v7 — time-ordered, sequential, globally unique
+                    String uuid7 = UuidCreator.getTimeOrderedWithRandom().toString();
+
+                    try (PreparedStatement ins = conn.prepareStatement(
+                            "INSERT INTO MARKS (ID, ROLL_NO, SUBJ_ID, MARKS) VALUES (?, ?, ?, ?)")) {
+                        ins.setString(1, uuid7);
+                        ins.setInt(2, rollNo);
+                        ins.setInt(3, subjId);
+                        ins.setInt(4, entry.getValue());
+                        ins.executeUpdate();
+                    }
+                }
+                conn.commit();
+            } catch (SQLException e) {
+                conn.rollback();
+                throw e;
+            }
+        }
+    }
+
+    /**
+     * Fetch all student records as a pivoted list of maps.
+     * Returns null on connection failure.
+     */
+    public List<Map<String, Object>> getAllRecords() throws SQLException {
+        String query = """
+            SELECT s.ROLL_NO, s.NAME,
+                MAX(CASE WHEN m.SUBJ_ID = 101 THEN m.MARKS END) AS Science,
+                MAX(CASE WHEN m.SUBJ_ID = 102 THEN m.MARKS END) AS Social,
+                MAX(CASE WHEN m.SUBJ_ID = 103 THEN m.MARKS END) AS Maths,
+                MAX(CASE WHEN m.SUBJ_ID = 104 THEN m.MARKS END) AS English,
+                MAX(CASE WHEN m.SUBJ_ID = 105 THEN m.MARKS END) AS Hindi,
+                MAX(CASE WHEN m.SUBJ_ID = 106 THEN m.MARKS END) AS Kannada
+            FROM STUDENTS s
+            LEFT JOIN MARKS m ON s.ROLL_NO = m.ROLL_NO
+            GROUP BY s.ROLL_NO, s.NAME
+            ORDER BY s.ROLL_NO
+            """;
+
+        List<Map<String, Object>> results = new ArrayList<>();
+        try (Connection conn = connect();
+             PreparedStatement ps = conn.prepareStatement(query);
+             ResultSet rs = ps.executeQuery()) {
+
+            ResultSetMetaData meta = rs.getMetaData();
+            int cols = meta.getColumnCount();
+            while (rs.next()) {
+                Map<String, Object> row = new LinkedHashMap<>();
+                for (int i = 1; i <= cols; i++) {
+                    row.put(meta.getColumnLabel(i), rs.getObject(i));
+                }
+                results.add(row);
+            }
+        }
+        return results;
+    }
+
+    public void deleteStudent(int rollNo) throws SQLException {
+        try (Connection conn = connect()) {
+            conn.setAutoCommit(false);
+            try {
+                try (PreparedStatement ps = conn.prepareStatement("DELETE FROM MARKS WHERE ROLL_NO=?")) {
+                    ps.setInt(1, rollNo);
+                    ps.executeUpdate();
+                }
+                try (PreparedStatement ps = conn.prepareStatement("DELETE FROM STUDENTS WHERE ROLL_NO=?")) {
+                    ps.setInt(1, rollNo);
+                    ps.executeUpdate();
+                }
+                conn.commit();
+            } catch (SQLException e) {
+                conn.rollback();
+                throw e;
+            }
+        }
+    }
+
+    public static String[] getSubjects() {
+        return SUBJECTS;
+    }
+}
@@ -0,0 +1,122 @@
+package com.studentgui.util;
+
+import org.apache.commons.text.StringEscapeUtils;
+import java.util.List;
+import java.util.regex.Pattern;
+
+/**
+ * InputValidator v2 — enhanced with SQL injection detection and HTML
+ * sanitization.
+ * Mirrors Python v2's input_validator.py logic.
+ */
+public class InputValidator {
+
+    // ── SQL injection patterns (ported from Python v2) ──────────────────────────
+    private static final List<Pattern> SQL_INJECTION_PATTERNS = List.of(
+            Pattern.compile(
+                    "(\\b(SELECT|INSERT|UPDATE|DELETE|DROP|TRUNCATE|ALTER|CREATE|EXEC|EXECUTE|UNION|GRANT|REVOKE)\\b)",
+                    Pattern.CASE_INSENSITIVE),
+            Pattern.compile("(-{2,})"), // SQL line comments
+            Pattern.compile("(;)"), // Statement terminator
+            Pattern.compile("(/\\*|\\*/)"), // Block comments
+            Pattern.compile("(\\bOR\\b.*=.*)", Pattern.CASE_INSENSITIVE), // OR 1=1
+            Pattern.compile("(\\bAND\\b.*=.*)", Pattern.CASE_INSENSITIVE), // AND 1=1
+            Pattern.compile("('.*--)"), // Quote + comment
+            Pattern.compile("(\\bxp_\\w+)", Pattern.CASE_INSENSITIVE), // Extended stored procs
+            Pattern.compile("(\\bsp_\\w+)", Pattern.CASE_INSENSITIVE) // Stored procs
+    );
+
+    public record ValidationResult(boolean isValid, String errorMessage, Object parsedValue) {
+        public static ValidationResult ok(Object value) {
+            return new ValidationResult(true, "", value);
+        }
+
+        public static ValidationResult err(String msg) {
+            return new ValidationResult(false, msg, null);
+        }
+    }
+
+    // ── SQL injection check ──────────────────────────────────────────────────────
+    public static boolean containsSqlInjection(String value) {
+        if (value == null || value.isEmpty())
+            return false;
+        for (Pattern p : SQL_INJECTION_PATTERNS) {
+            if (p.matcher(value).find())
+                return true;
+        }
+        return false;
+    }
+
+    // ── Sanitize: strip null bytes, trim, HTML-escape ────────────────────────────
+    public static String sanitize(String value) {
+        if (value == null)
+            return "";
+        value = value.replace("\0", "").strip();
+        return StringEscapeUtils.escapeHtml4(value);
+    }
+
+    // ── Name validation ──────────────────────────────────────────────────────────
+    public static ValidationResult validateName(String name) {
+        if (name == null || name.isBlank())
+            return ValidationResult.err("Name cannot be empty");
+        name = name.strip();
+        if (name.length() < 2)
+            return ValidationResult.err("Name must be at least 2 characters");
+        if (name.length() > 100)
+            return ValidationResult.err("Name cannot exceed 100 characters");
+        if (containsSqlInjection(name))
+            return ValidationResult.err("Invalid characters detected in name");
+        if (!name.matches("^[a-zA-Z\\s]+$"))
+            return ValidationResult.err("Name can only contain letters and spaces");
+        return ValidationResult.ok(sanitize(name));
+    }
+
+    // ── Roll number validation ───────────────────────────────────────────────────
+    public static ValidationResult validateRollNumber(String roll) {
+        if (roll == null || roll.isBlank())
+            return ValidationResult.err("Roll Number cannot be empty");
+        roll = roll.strip();
+        if (containsSqlInjection(roll))
+            return ValidationResult.err("Invalid characters in Roll Number");
+        try {
+            int value = Integer.parseInt(roll);
+            if (value <= 0)
+                return ValidationResult.err("Roll Number must be positive");
+            if (value > 999999)
+                return ValidationResult.err("Roll Number cannot exceed 999999");
+            return ValidationResult.ok(value);
+        } catch (NumberFormatException e) {
+            return ValidationResult.err("Roll Number must be a valid integer");
+        }
+    }
+
+    // ── Marks validation ─────────────────────────────────────────────────────────
+    public static ValidationResult validateMarks(String marks, String subjectName) {
+        if (marks == null || marks.isBlank())
+            return ValidationResult.ok(null); // optional
+        marks = marks.strip();
+        if (containsSqlInjection(marks))
+            return ValidationResult.err("Invalid characters in " + subjectName + " marks");
+        try {
+            int value = Integer.parseInt(marks);
+            if (value < 0)
+                return ValidationResult.err(subjectName + " marks cannot be negative");
+            if (value > 100)
+                return ValidationResult.err(subjectName + " marks cannot exceed 100");
+            return ValidationResult.ok(value);
+        } catch (NumberFormatException e) {
+            return ValidationResult.err("Marks for " + subjectName + " must be a valid integer");
+        }
+    }
+
+    // ── Search term validation ───────────────────────────────────────────────────
+    public static ValidationResult validateSearchTerm(String term) {
+        if (term == null || term.isBlank())
+            return ValidationResult.ok(null);
+        if (containsSqlInjection(term))
+            return ValidationResult.err("Invalid characters in search term");
+        if (term.length() > 100)
+            return ValidationResult.err("Search term is too long");
+        return ValidationResult.ok(term);
+    }
+}