java sqlutils_sqlUtils.java

于 2021-02-16 18:45:32 发布
阅读量417 收藏
点赞数
文章标签: java sqlutils
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/weixin_42503008/article/details/114236367
版权

importjava.sql.SQLException;importjava.util.Enumeration;importjava.util.HashMap;importjava.util.Map;importjava.util.Random;importjava.util.UUID;importjava.util.regex.Matcher;importjava.util.regex.Pattern;importjavax.crypto.Cipher;importjavax.crypto.spec.IvParameterSpec;importjavax.crypto.spec.SecretKeySpec;importjavax.servlet.http.HttpServletRequest;importcom.alibaba.druid.proxy.jdbc.ClobProxyImpl;importcom.resafety.core.env.DBEnvironment;importcom.resafety.core.env.PlatformEnvironment;importoracle.sql.CLOB;importorg.apache.commons.codec.binary.Base64;public classUtil {//加密key和盐

private static String KEY = "dufy20170329java";private static String IV = "dufy20170329java";//获取当前数据库类型

public staticString oraOrMssql() {

DBEnvironment dBEnvironment= newDBEnvironment();

String dbtype=dBEnvironment.getType();

String checkDbType= "ORA";switch(dbtype) {case "oracle":

checkDbType= "ORA";break;case "mysql":

checkDbType= "MYSQL";break;case "sqlserver":

checkDbType= "MSSQL";break;case "GAUSSDB":

checkDbType= "GAUSSDB";break;

}returncheckDbType;

}//clob字段druidBUG处理

public staticString oracleClobToString(ClobProxyImpl cp) {

oracle.sql.CLOB clob=(CLOB) cp.getRawClob();try{return (clob == null ? null : clob.getSubString(1, (int) clob.length()));

}catch(SQLException e) {

e.printStackTrace();

}return null;

}public static intgetRandom() {int max = 100;int min = 1;

Random random= newRandom();int s = random.nextInt(max) % (max - min + 1) +min;returns;

}public static voidmain(String[] args) {

System.out.println(getRandom());

}/*@20190916

* 检测字符串中是否包含可能引起sql注入的字符

* 如果检测到包含危险的特殊字符,则返回false。如果不包含(验证通过),则返回true

**/

public static booleancheckAttack(String input) {

input=input.trim();if (input == null || input.equals(""))return false;//检测sql

String reg = "../:sleep:bin:readdirSync:Shellshock:AVAK$:WF'SQL:{ A;}>A[$($())]:http://:echo:and:exec:insert:select:delete:update:count:*:%:chr:mid:master:truncate:declare:../:HTTP/:AVAK$:WF'SQL:or:+:having:1=1:eval:ltrim:||:--";//String reg =//"http:readdirSync:echo:exec:insert:delete:update:count:*:chr:mid:master:truncate:declare:HTTP/:AVAK$:WF'SQL:+:having:1=1:eval:ltrim:";

String regs[] = reg.split(":");for (int i = 0; i < regs.length; i++) {if (input.indexOf(regs[i]) != -1) {//if(input.contains(regs[i])) {

System.out.println("checkAttack: input String [" + input + "]" + "contains " + regs[i] + "!");return false;//}

}

}//System.out.println("checkAttack ["+ input+"] ok!" );

return true;

}/** @20190917 专门用于检测数据库字段长度是否合法

*

* @input:待检测字符串

*

* @validlen:目标长度*/

public static boolean checkStrLen(String input, intvalidLen) {if (input == null || validLen <= 0)return false;if (input.length() >validLen)return false;return true;

}/** 检测一个字符串是否能够准确的转换成数值型数据,即,验证数值数据合法性*/

public static booleancheckStrToNum(String input) {try{

Integer.parseInt(input);return true;

}catch(NumberFormatException e) {return false;

}

}/** 检测字符是否为整数(正)*/

public static boolean isPositiveInteger(String input) {//正整数

if (input == null || input.trim().equals("")) {return false;

}

Pattern pattern= Pattern.compile("^\\+{0,1}[1-9]\\d*");

Matcher isNum=pattern.matcher(input);returnisNum.matches();

}/** 检测字符是否为数字(包含正数、负数、小数)*/

public staticBoolean checkValue(String str) {if (str.matches("^(\\-|\\+)?\\d+(\\.\\d+)?$")) {return true;

}else{return false;

}

}public static booleancheckShellAttack(String input) {//检测Shell

String reg = "../:sleep:bin:readdirSync:Shellshock:AVAK$:WF'SQL:{ A;}>A[$($())]";

String regs[]= reg.split(":");for (int i = 0; i < regs.length; i++) {if (input.indexOf(regs[i]) != -1) {

System.out.println("checkAttack: input String [" + input + "]" + "contains " + regs[i] + "!");return false;

}

}return true;

}public static String desEncrypt(String data) throwsException {try{byte[] encrypted1 = newBase64().decode(data.getBytes());

Cipher cipher= Cipher.getInstance("AES/CBC/NoPadding");

SecretKeySpec keyspec= new SecretKeySpec(KEY.getBytes(), "AES");

IvParameterSpec ivspec= newIvParameterSpec(IV.getBytes());

cipher.init(Cipher.DECRYPT_MODE, keyspec, ivspec);byte[] original =cipher.doFinal(encrypted1);

String originalString= new String(original, "utf-8");returnoriginalString;//return "a";

} catch(Exception e) {

e.printStackTrace();return null;

}

}public staticString getUUID() {return UUID.randomUUID().toString().replace("-", "");

}/*** 获取request中所有的消息头

*

*@paramrequest

*@return

*/

public static MapgetHeadersInfo(HttpServletRequest request) {

Map map = new HashMap();

Enumeration headerNames=request.getHeaderNames();while(headerNames.hasMoreElements()) {

String key=(String) headerNames.nextElement();

String value=request.getHeader(key);

map.put(key, value);

}returnmap;

}//获取当前数据库连接名称

public staticString mysqlDBName(){

DBEnvironment dBEnvironment= newDBEnvironment();

String dbtype=dBEnvironment.getName();returndbtype;

}

}

侯稳
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值