zoukankan      html  css  js  c++  java
  • SQL防止注入

    package demo;
    
    import java.io.File;
    import java.io.FileOutputStream;
    import java.io.InputStream;
    import java.util.regex.Matcher;
    import java.util.regex.Pattern;
    
    import org.junit.Test;
    
    import com.aspose.words.Document;
    import com.aspose.words.FontSettings;
    import com.aspose.words.License;
    
    public class Demo {
    
    public static void main(String[] args) {
    
     String str = "../information/../../../../../../../../../../etc/passwd%00.jpg";
     System.out.println(str.indexOf("../"));
    
    }
    
    public static boolean doc2pdf(String inpath, String outpath) {
    
     boolean flag = false;
     if (checkLicense()) {
    
     try {
    
     FontSettings.getDefaultInstance().setFontsFolder("C:\Windows\Fonts", true);
      File file = new File(outpath);
    
     FileOutputStream os = new FileOutputStream(file);
    
     Document doc = new Document(inpath);
    
     doc.save(os, 40);
    
     } catch (Exception var5) {
    
     var5.printStackTrace();
    
     }
    
     flag = true;
    
    
    }
    
    return flag;
    }
    
     
    
    public static boolean checkLicense() {
    
     boolean result = false;
    
     try {
    
     InputStream is = Demo.class.getClassLoader().getResourceAsStream("license.xml");
     
     License aposeLic = new License();
    
     aposeLic.setLicense(is);
    
     result = true;
    
     } catch (Exception var3) {
    
     var3.printStackTrace();
    
    }
    
    return result;
    
    }
    
    public static boolean containsSqlInjection(Object obj){
     Pattern pattern= Pattern.compile("\b(and|exec|insert|select|drop|grant|alter|delete|update|count|chr|mid|master|truncate|char|declare|or)\b|(\*|;|\+|'|%)");
     Matcher matcher=pattern.matcher(obj.toString().toLowerCase());
     return matcher.find();
    }
    
    @Test
    public void testContainsSqlInjection(){
     boolean b1=containsSqlInjection("and nm=1");
     boolean b2=containsSqlInjection("niamsh delete from ");
     boolean b3=containsSqlInjection("stand");
     boolean b4=containsSqlInjection("and");
     boolean b5=containsSqlInjection("niasdm%asjdj");
    }
    
    }
  • 相关阅读:
    1
    最大子串
    线段树
    mybatis分页插件
    springmvc下载文件
    获“领跑衫”感言
    finnal 评论 II
    用户使用报告
    事后诸葛亮会议 (尸体解剖)
    final阶段成员贡献分
  • 原文地址:https://www.cnblogs.com/sjzxs/p/15531958.html
Copyright © 2011-2022 走看看