Java防止路径操控和命令注入,java路径操控注入,public class
分享于 点击 48400 次 点评:236
Java防止路径操控和命令注入,java路径操控注入,public class
public class Test { public static void main(String[] args) { System.out.println(getSafeCommand("abcd&efg")); System.out.println(getSafePath("abcd/efg")); } /** * Get the safe path * @param filePath Enter the path * @return Safe path */ public static String getSafePath(String filePath) { // return safe path StringBuffer safePath = new StringBuffer(); // safe path white list String whiteList = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890-=[];',. ~!@#$%^&*()_+\"{}|:<>?"; char[] safePathChars = filePath.toCharArray(); for (int i = 0, length = safePathChars.length; i < length; i++) { int whiteListIndex = whiteList.indexOf(safePathChars[i]); if (-1 == whiteListIndex) { return safePath.toString(); } safePath.append(whiteList.charAt(whiteListIndex)); } return safePath.toString(); } /** * Get the safe command * @param command Enter the command * @return Safe command */ public static String getSafeCommand(String command) { // return safe command StringBuffer safeCommand = new StringBuffer(); // safe command white list String whiteList = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890-=[]\\',./ ~!@#$%^*()_+\"{}:<>?"; char[] safeCommandChars = command.toCharArray(); for (int i = 0, length = safeCommandChars.length; i < length; i++) { int whiteListIndex = whiteList.indexOf(safeCommandChars[i]); if (-1 == whiteListIndex) { return safeCommand.toString(); } safeCommand.append(whiteList.charAt(whiteListIndex)); } return safeCommand.toString(); } } 输出结果:abcd abcd
防止路径操控:预防路径跨越,路径中不能出现/../,安全字符中不能出现 / \ 字符防止命令注入:预防命令批量执行,命令中不能出现 & |
用户点评