程序博客网 > 此网络受法律保护

sql injection

来源:互联网 发布:此网络受法律保护 编辑:程序博客网 时间:2024/06/05 01:02
package sql_injection.lz;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletRequestWrapper;import org.apache.commons.lang.StringEscapeUtils;/** * http://blog.csdn.net/nio96/article/details/50925455 *  *  * commons-lang-2.5.jar * org.apache.commons.lang.StringEscapeUtils; *  *  * 1: SQL 本身关键词 * 2:数据库用户、权限------------------------------------------------------------web.xml<filter><filter-name>XssSqlFilter</filter-name><filter-class>sql_injection.lz.XssFilter</filter-class></filter><filter-mapping><filter-name>XssSqlFilter</filter-name><url-pattern>/*</url-pattern><dispatcher>REQUEST</dispatcher></filter-mapping>------------------------------------------------------------ * * @author ZengWenFeng */public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper{public XssHttpServletRequestWrapper(HttpServletRequest servletRequest){super(servletRequest);}public String[] getParameterValues(String parameter){String[] values = super.getParameterValues(parameter);if (values == null){return null;}int count = values.length;String[] encodedValues = new String[count];for (int i = 0; i < count; i++){encodedValues[i] = cleanXSS(values[i]);}return encodedValues;}public String getParameter(String parameter){String value = super.getParameter(parameter);if (value == null){return null;}return cleanXSS(value);}public String getHeader(String name){String value = super.getHeader(name);if (value == null)return null;return cleanXSS(value);}private String cleanXSS(String value){//You'll need to remove the spaces from the html entities belowvalue = value.replaceAll("<", "& lt;").replaceAll(">", "& gt;");value = value.replaceAll("\\(", "& #40;").replaceAll("\\)", "& #41;");value = value.replaceAll("'", "& #39;");value = value.replaceAll("eval\\((.*)\\)", "");value = value.replaceAll("[\\\"\\\'][\\s]*javascript:(.*)[\\\"\\\']", "\"\"");value = value.replaceAll("script", "");return value;}/** * commons-lang-2.5.jar *  * @param value * @return */public String cleanSQL(String value){return StringEscapeUtils.escapeSql(value);}}





package sql_injection.lz;import java.io.IOException;import javax.servlet.Filter;import javax.servlet.FilterChain;import javax.servlet.FilterConfig;import javax.servlet.ServletException;import javax.servlet.ServletRequest;import javax.servlet.ServletResponse;import javax.servlet.http.HttpServletRequest;/** * XssHttpServletRequestWrapper.java *  * @author ZengWenFeng */public class XssFilter implements Filter{FilterConfig filterConfig = null;public void init(FilterConfig filterConfig) throws ServletException{this.filterConfig = filterConfig;}public void destroy(){this.filterConfig = null;}public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException{chain.doFilter(new XssHttpServletRequestWrapper((HttpServletRequest) request), response);}}
package sql_injection;import java.util.Enumeration;import java.util.Map;import java.util.Vector;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletRequestWrapper;public class ParameterRequestWrapper extends HttpServletRequestWrapper{private Map params;private HttpServletRequest request;public ParameterRequestWrapper(HttpServletRequest request, Map newParams){super(request);this.params = newParams;this.request = request;}public HttpServletRequest getSuperRequest(){return this.request;}public Map getParameterMap(){return params;}public Enumeration getParameterNames(){Vector l = new Vector(params.keySet());return l.elements();}public String[] getParameterValues(String name){Object v = params.get(name);if (v == null){return super.getParameterValues(name);}else if (v instanceof String[]){return (String[]) v;}else if (v instanceof String){return new String[]{(String) v};}else{return new String[]{v.toString()};}}public String getParameter(String name){Object v = params.get(name);if (v == null){return super.getParameter(name);}else if (v instanceof String[]){String[] strArr = (String[]) v;if (strArr.length > 0){return strArr[0];}else{return null;}}else if (v instanceof String){return (String) v;}else{return v.toString();}}}






 
 
  
  
阅读全文
                                             
        0        0           
	
				
		









 此网络受法律保护
    		此网络受法律保护



原创粉丝点击



		

热门IT博客


apache jar包官方下载apache jar包官方下载




hive sql 函数大全hive sql 函数大全




京东算法工程师待遇




学生女装品牌 知乎




2017windows系统的手机




整站下载html5源码




复杂网络构建的模型




水果音乐制作软件mac




knn分类算法




amd双核cpu优化补丁




sql集群




大象册同类软件




java人机猜拳怎么




js utf16




阿里云华南a和华南b




山东seo工作室




linux系统 便携




什么影视cms好




益思商科留学 知乎




海贼王启航 淘宝号



		

热门问题
    老师的惩罚
    人脸识别
    我在镇武司摸鱼那些年
    重生之率土为王
    我在大康的咸鱼生活
    盘龙之生命进化
    天生仙种
    凡人之先天五行
    春回大明朝
    姑娘不必设防,我是瞎子
    ui语音播放
    ui声调怎么标
    重庆ui设计培训
    索尼爱立信ui
    ui设计师工资
    哈尔滨ui设计培训
    ui在线发音
    拼音ui怎么读
    ui拼音怎么读音
    ui设计培训学校
    重庆ui设计培训哪家好
    ui设计师工资一般多少
    ui真人发音
    ui界面设计
    ui设计师需要学习什么
    北京ui设计培训
    学ui网
    ui设计师培训机构
    自学ui设计
    上海ui设计培训
    ui交互设计
    ui设计需要学什么
    ui设计课程
    ui设计是什么意思
    ui学习网
    ui项目经验怎么写
    ui课程
    ui图片
    ui设计培训班
    ui设计招聘
    ui培训班出来好就业吗
    ui专业
    ui前景
    手机ui界面设计
    ui设计图片
    ur设计
    软件ui设计
    手机ui排行
    网站ui设计
    ui设计师人满为患
    vi设计师


	










程序博客网,程序员的互联网技术博客家园。csdn论坛精品 msdn技术资料都在这里