替换敏感词
public class Replace {
public static void main(String[] args){
String s = "< script >";
do{
s = s.replace((char)32,(char)42);
}while (s.indexOf(32) > 0);
System.out.println(s);
}
}
限制文件上传类型
public class Up {
public static void main(String[] args){
String fileName = "image.jpg.exe";
int start = fileName.lastIndexOf(".");
String type = fileName.substring(start);
if(type.equalsIgnoreCase("jpg")){
System.out.println("图片文件");
}else{
System.out.println("其他文件");
}
}
}
过滤文件后缀
public class EndWith {
public static void main(String[] args){
String filename = "image.jpg";
if(filename.endsWith("jpg")){
System.out.println("图片文件");
}else{
System.out.println("其他文件");
}
}
}
设置白名单
public class BaiMD {
public static void main(String[] args){
String filename = "image.gif";
String s = "[a-zA-Z0-9]+.(jpg|bmp|jpeg|png|gif)";
if(filename.matches(s)){
System.out.println("可以上传");
}else{
System.out.println("不能上传");
}
}
}
黑名单
public class EndWith {
public static void main(String[] args){
String filename = "image.jpg";
if(filename.endsWith("jpg")){
System.out.println("图片文件");
}else{
System.out.println("其他文件");
}
}
}
利用替换< >,的方法破坏规则
package com.mtlk.demo;
import java.util.Scanner;
public class Guolv {
public static void main(String[] strings){
System.out.println("注入测试");
String[] reg = {"(?:')|(?:--)|>|<|<>|html|`| |(/\\*(?:.|[\\n\\r])*?\\*/)|(\\b(frame|<frame|iframe|<iframe|img|<img|javascript|<javascript|script|<script|alert|select|update|and|or|delete|insert|trancate|char|into|substr|ascii|declare|exec|count|master|into|drop|execute)\\b)"};
Scanner parm = new Scanner(System.in);
while (true){
String s = parm.nextLine();
s = s.toLowerCase();
for(String p:reg){
s = s.replaceAll(p, "*");
}
System.out.println(s);
}
}
}
Java 实现流加密
public class JM {
public static void main(String[] args){
String mes = "trytoremember";
String key = "try0123456789";
char[] cs = mes.toCharArray();
char[] keys = key.toCharArray();
char[] ms = new char[cs.length];
for(int i = 0; i<cs.length; i++) {
int j = cs[i] ^ keys[i];
ms[i] = (char)j;
}
String m = new String(ms);
System.out.println(m);
}
}