这篇文章介绍了如何在Java中实现字符串路径和命令的安全处理,通过使用白名单过滤法,确保输入仅包含预定义的字符,防止潜在的安全风险。方法包括创建安全路径函数和安全命令处理函数,以提高代码安全性。
public class Test
{
public static void main(String[] args)
{
System.out.println(getSafeCommand("abcd&efg"));
System.out.println(getSafePath("abcd/efg"));
}
/**
* Get the safe path
* @param filePath Enter the path
* @return Safe path
*/
public static String getSafePath(String filePath)
{
// return safe path
StringBuffer safePath = new StringBuffer();
// safe path white list
String whiteList = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890-=[];',. ~!@#$%^&*()_+\"{}|:<>?";
char[] safePathChars = filePath.toCharArray();
for (int i = 0, length = safePathChars.length; i < length; i++)
{
int whiteListIndex = whiteList.indexOf(safePathChars);
if (-1 == whiteListIndex)
{
return safePath.toString();
}
safePath.append(whiteList.charAt(whiteListIndex));
}
return safePath.toString();
}
/**
* Get the safe command
* @param command Enter the command
* @return Safe command
*/
public static String getSafeCommand(String command)
{
// return safe command
StringBuffer safeCommand = new StringBuffer();
// safe command white list
String whiteList = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890-=[]\\',./ ~!@#$%^*()_+\"{}:<>?";
char[] safeCommandChars = command.toCharArray();
for (int i = 0, length = safeCommandChars.length; i < length; i++)
{
int whiteListIndex = whiteList.indexOf(safeCommandChars);
if (-1 == whiteListIndex)
{
return safeCommand.toString();
}
safeCommand.append(whiteList.charAt(whiteListIndex));
}
return safeCommand.toString();
}
}
创意横幅
文章来源:http://www.huiyi8.com/hengfu/chaungyi/
扫一扫
7468
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
