/**
|
* Copyright (c) 2018 人人开源 All rights reserved.
|
*
|
* https://www.renren.io
|
*
|
* 版权所有,侵权必究!
|
*/
|
|
package com.zt.common.servlet.xss;
|
|
import org.apache.commons.lang3.StringUtils;
|
|
import com.zt.common.exception.ErrorCode;
|
import com.zt.common.exception.RenException;
|
|
/**
|
* SQL过滤
|
* @author Mark sunlightcs@gmail.com
|
*/
|
public class SqlFilter {
|
|
/**
|
* SQL注入过滤
|
* @param str 待验证的字符串
|
*/
|
public static String sqlInject(String str){
|
if(StringUtils.isBlank(str)){
|
return null;
|
}
|
//去掉'|"|;|\字符
|
str = StringUtils.replace(str, "'", "");
|
str = StringUtils.replace(str, "\"", "");
|
str = StringUtils.replace(str, ";", "");
|
str = StringUtils.replace(str, "\\", "");
|
|
//转换成小写
|
str = str.toLowerCase();
|
|
//非法字符
|
String[] keywords = {"master", "truncate", "insert", "select", "deleteLogic", "update", "declare", "alter", "drop"};
|
|
//判断是否包含非法字符
|
for(String keyword : keywords){
|
if(str.indexOf(keyword) != -1){
|
throw new RenException(ErrorCode.INVALID_SYMBOL);
|
}
|
}
|
|
return str;
|
}
|
}
|
