[java]
public class Test
{
public static void main(String[] args)
{
System.out.println(getSafeCommand("abcd&efg"));
System.out.println(getSafePath("abcd/efg"));
}
/**
* Get the safe path
* @param filePath Enter the path
* @return Safe path
*/
public static String getSafePath(String filePath)
{
// return safe path
StringBuffer safePath = new StringBuffer();
// safe path white list
String whiteList = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890-=[];',. ~!@#$%^&*()_+\"{}|:<>?";
char[] safePathChars = filePath.toCharArray();
for (int i = 0, length = safePathChars.length; i < length; i++)
{
int whiteListIndex = whiteList.indexOf(safePathChars[i]);
if (-1 == whiteListIndex)
{
return safePath.toString();
}
safePath.append(whiteList.charAt(whiteListIndex));
}
return safePath.toString();
}
/**
* Get the safe command
* @param command Enter the command
* @return Safe command
*/
public static String getSafeCommand(String command)
{
// return safe command
StringBuffer safeCommand = new StringBuffer();
// safe command white list
String whiteList = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890-=[]\\',./ ~!@#$%^*()_+\"{}:<>?";
char[] safeCommandChars = command.toCharArray();
for (int i = 0, length = safeCommandChars.length; i < length; i++)
{
int whiteListIndex = whiteList.indexOf(safeCommandChars[i]);
if (-1 == whiteListIndex)
{
return safeCommand.toString();
}
safeCommand.append(whiteList.charAt(whiteListIndex));
}
return safeCommand.toString();
}
}
输出结果:
[java]
abcd
abcd
防止路径操控:预防路径跨越,路径中不能出现/../,安全字符中不能出现 / \ 字符
防止命令注入:预防命令批量执行,命令中不能出现 & | ;
