com.jn.langx.security.prevention.injection.SqlInjectionPreventionHandler Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of langx-java Show documentation
Show all versions of langx-java Show documentation
Java lang extensions for java6+, a supplement to , replacement of a Guava, commons-lang.
Core utilities, Collection utilities, IO utilities, Cache, Configuration library ...
package com.jn.langx.security.prevention.injection;
import com.jn.langx.util.collection.Collects;
import java.util.List;
/**
* 目前这个做法,太过暴力,不适合将其运用到所有的参数上。
*/
public class SqlInjectionPreventionHandler extends InjectionPreventionHandler {
private final List DEFAULT_REMOVED_SYMBOLS = Collects.asList(
"--", "/*", "*/", "waitfor delay",
"#", "|", "&", ";", "$", "%", "@", "'", "\"", "<", ">", "(", ")", "+", "\t", "\r", "\f", ",", "\\"
);
@Override
public List getBlacklist() {
List blacklist = super.getBlacklist();
return blacklist == null ? DEFAULT_REMOVED_SYMBOLS : blacklist;
}
}