package com.securityControl.common.security.utils;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
/**
* 安全验证的工具类
* @author GeYazhong
* @date 2021/11/23 10:54
*/
public class SafeUtil {
/**
* [1] |(竖线符号) [2] & (& 符号) [3];(分号) [4] $(美元符号) [5] %(百分比符号) [6] @(at 符号)
* [7] '(单引号) [8] "(引号) [9] \'(反斜杠转义单引号) [10] \"(反斜杠转义引号) [11] <>(尖括号) [12]
* ()(括号) [13] +(加号) [14] CR(回车符,ASCII 0x0d) [15] LF(换行,ASCII 0x0a) [16]
* ,(逗号) [17] \(反斜杠)
*/
public final static String SAFE_SQL_PATTERN = "(?:')|(?:--)|(/\\*(?:.|[\\n\\r])*?\\*/)|"
+ "(\\b(select|update|delete|insert|trancate|char|into|substr|ascii|declare|exec|count|master|into|drop|execute)\\b)";
/**
* 由于平台中setfilter中使用多个参数时 用到&符号
*/
public final static String SAFE_SCRIPT_PATTERN = "(\\||;|\\$|'|\\'|0x0d|0x0a|\\%27|\\%3B)";
public static final String CHECK_SPECIAL = "^[\u4E00-\u9FA5A-Za-z_][\u4E00-\u9FA5A-Za-z0-9_]{0,}$";// 判断是否为数字
/**
* 验证sql 包含则返回true 不包含返回false
*
* @param mark
* @return
*/
public static boolean checkSafeSql(String mark) {
if (mark != null && !"".equals(mark)) {
return match(SAFE_SQL_PATTERN, mark.toLowerCase().trim());
}
return false;
}
/**
* 验证特殊字符 包含则返回true 不包含返回false
*
* @param mark
* @return
*/
public static boolean checkSpecial(String mark) {
if (mark != null && !"".equals(mark)) {
return match(SAFE_SQL_PATTERN, mark.toLowerCase().trim());
}
return false;
}
/**
* 验证特殊页面脚本字符 包含则返回true 不包含返回false
*
* @param mark
* @return
*/
public static boolean checkScript(String mark) {
if (mark != null && !"".equals(mark)) {
return match(SAFE_SCRIPT_PATTERN, mark.toLowerCase().trim());
}
return false;
}
/**
* 执行正则表达式
*
* @param pattern
* 表达式
* @param str
* 待验证字符串
* @return 返回 true ,否则为 false
*/
private static boolean match(String pattern, String str) {
Pattern p = Pattern.compile(pattern);
Matcher m = p.matcher(str);
return m.find();
}
private static boolean isMatch(String regex, String orginal) {
if (orginal == null || orginal.trim().equals("")) {
return false;
}
Pattern pattern = Pattern.compile(regex);
Matcher isNum = pattern.matcher(orginal);
return isNum.matches();
}
public static boolean isPositiveInteger(String orginal) {
return isMatch("^\\+{0,1}[1-9]\\d*", orginal);
}
public static boolean isNegativeInteger(String orginal) {
return isMatch("^-[1-9]\\d*", orginal);
}
public static boolean isWholeNumber(String orginal) {
return isMatch("[+-]{0,1}0", orginal) || isPositiveInteger(orginal)
|| isNegativeInteger(orginal);
}
public static boolean isPositiveDecimal(String orginal) {
return isMatch("\\+{0,1}[0]\\.[1-9]*|\\+{0,1}[1-9]\\d*\\.\\d*", orginal);
}
public static boolean isNegativeDecimal(String orginal) {
return isMatch("^-[0]\\.[1-9]*|^-[1-9]\\d*\\.\\d*", orginal);
}
public static boolean isDecimal(String orginal) {
return isMatch("[-+]{0,1}\\d+\\.\\d*|[-+]{0,1}\\d*\\.\\d+", orginal);
}
public static boolean isRealNumber(String orginal) {
return isWholeNumber(orginal) || isDecimal(orginal);
}
}