importjava.sql.SQLException;importjava.util.Enumeration;importjava.util.HashMap;importjava.util.Map;importjava.util.Random;importjava.util.UUID;importjava.util.regex.Matcher;importjava.util.regex.Pattern;importjavax.crypto.Cipher;importjavax.crypto.spec.IvParameterSpec;importjavax.crypto.spec.SecretKeySpec;importjavax.servlet.http.HttpServletRequest;importcom.alibaba.druid.proxy.jdbc.ClobProxyImpl;importcom.resafety.core.env.DBEnvironment;importcom.resafety.core.env.PlatformEnvironment;importoracle.sql.CLOB;importorg.apache.commons.codec.binary.Base64;public classUtil {//加密key和盐
private static String KEY = "dufy20170329java";private static String IV = "dufy20170329java";//获取当前数据库类型
public staticString oraOrMssql() {
DBEnvironment dBEnvironment= newDBEnvironment();
String dbtype=dBEnvironment.getType();
String checkDbType= "ORA";switch(dbtype) {case "oracle":
checkDbType= "ORA";break;case "mysql":
checkDbType= "MYSQL";break;case "sqlserver":
checkDbType= "MSSQL";break;case "GAUSSDB":
checkDbType= "GAUSSDB";break;
}returncheckDbType;
}//clob字段druidBUG处理
public staticString oracleClobToString(ClobProxyImpl cp) {
oracle.sql.CLOB clob=(CLOB) cp.getRawClob();try{return (clob == null ? null : clob.getSubString(1, (int) clob.length()));
}catch(SQLException e) {
e.printStackTrace();
}return null;
}public static intgetRandom() {int max = 100;int min = 1;
Random random= newRandom();int s = random.nextInt(max) % (max - min + 1) +min;returns;
}public static voidmain(String[] args) {
System.out.println(getRandom());
}/*@20190916
* 检测字符串中是否包含可能引起sql注入的字符
* 如果检测到包含危险的特殊字符,则返回false。如果不包含(验证通过),则返回true
**/
public static booleancheckAttack(String input) {
input=input.trim();if (input == null || input.equals(""))return false;//检测sql
String reg = "../:sleep:bin:readdirSync:Shellshock:AVAK$:WF'SQL:{ A;}>A[$($())]:http://:echo:and:exec:insert:select:delete:update:count:*:%:chr:mid:master:truncate:declare:../:HTTP/:AVAK$:WF'SQL:or:+:having:1=1:eval:ltrim:||:--";//String reg =//"http:readdirSync:echo:exec:insert:delete:update:count:*:chr:mid:master:truncate:declare:HTTP/:AVAK$:WF'SQL:+:having:1=1:eval:ltrim:";
String regs[] = reg.split(":");for (int i = 0; i < regs.length; i++) {if (input.indexOf(regs[i]) != -1) {//if(input.contains(regs[i])) {
System.out.println("checkAttack: input String [" + input + "]" + "contains " + regs[i] + "!");return false;//}
}
}//System.out.println("checkAttack ["+ input+"] ok!" );
return true;
}/** @20190917 专门用于检测数据库字段长度是否合法
*
* @input:待检测字符串
*
* @validlen:目标长度*/
public static boolean checkStrLen(String input, intvalidLen) {if (input == null || validLen <= 0)return false;if (input.length() >validLen)return false;return true;
}/** 检测一个字符串是否能够准确的转换成数值型数据,即,验证数值数据合法性*/
public static booleancheckStrToNum(String input) {try{
Integer.parseInt(input);return true;
}catch(NumberFormatException e) {return false;
}
}/** 检测字符是否为整数(正)*/
public static boolean isPositiveInteger(String input) {//正整数
if (input == null || input.trim().equals("")) {return false;
}
Pattern pattern= Pattern.compile("^\\+{0,1}[1-9]\\d*");
Matcher isNum=pattern.matcher(input);returnisNum.matches();
}/** 检测字符是否为数字(包含正数、负数、小数)*/
public staticBoolean checkValue(String str) {if (str.matches("^(\\-|\\+)?\\d+(\\.\\d+)?$")) {return true;
}else{return false;
}
}public static booleancheckShellAttack(String input) {//检测Shell
String reg = "../:sleep:bin:readdirSync:Shellshock:AVAK$:WF'SQL:{ A;}>A[$($())]";
String regs[]= reg.split(":");for (int i = 0; i < regs.length; i++) {if (input.indexOf(regs[i]) != -1) {
System.out.println("checkAttack: input String [" + input + "]" + "contains " + regs[i] + "!");return false;
}
}return true;
}public static String desEncrypt(String data) throwsException {try{byte[] encrypted1 = newBase64().decode(data.getBytes());
Cipher cipher= Cipher.getInstance("AES/CBC/NoPadding");
SecretKeySpec keyspec= new SecretKeySpec(KEY.getBytes(), "AES");
IvParameterSpec ivspec= newIvParameterSpec(IV.getBytes());
cipher.init(Cipher.DECRYPT_MODE, keyspec, ivspec);byte[] original =cipher.doFinal(encrypted1);
String originalString= new String(original, "utf-8");returnoriginalString;//return "a";
} catch(Exception e) {
e.printStackTrace();return null;
}
}public staticString getUUID() {return UUID.randomUUID().toString().replace("-", "");
}/*** 获取request中所有的消息头
*
*@paramrequest
*@return
*/
public static MapgetHeadersInfo(HttpServletRequest request) {
Map map = new HashMap();
Enumeration headerNames=request.getHeaderNames();while(headerNames.hasMoreElements()) {
String key=(String) headerNames.nextElement();
String value=request.getHeader(key);
map.put(key, value);
}returnmap;
}//获取当前数据库连接名称
public staticString mysqlDBName(){
DBEnvironment dBEnvironment= newDBEnvironment();
String dbtype=dBEnvironment.getName();returndbtype;
}
}