| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161 |
- using System;
- using System.Collections.Generic;
- using System.Text;
- using System.Text.RegularExpressions;
- namespace Bowin.Common.Security
- {
- internal class Utils
- {
- /// <summary>
- /// 该方法用来检测用户输入是否带有恶意
- /// </summary>
- /// <param name="text">用户输入的文字</param>
- /// <param name="maxlength">最大的长度</param>
- /// <returns>返回验证后的文字</returns>
- public static string InputText(string text, int maxlength)
- {
- text = text.ToLower().Trim();
- if (text == null || text.Length == 0)
- return string.Empty;
- if (text.Length > maxlength)
- text = text.Substring(0, maxlength);
- text = Regex.Replace(text, "[\\s]{2,{", " ");
- text = Regex.Replace(text, "(<[b|B][r|R]/*>)+|(<[p|P](.|\\n)*?>)", "\n"); //<br>
- text = Regex.Replace(text, "(\\s*&[n|N][b|B][s|S][p|P];\\s*)+", " "); //
- text = Regex.Replace(text, "<(.|\\n)*?>", string.Empty); //any other tags
- text = Regex.Replace(text, "=", "");
- text = Regex.Replace(text, "%", "");
- text = Regex.Replace(text, "'", "");
- text = Regex.Replace(text, "select ", "");
- text = Regex.Replace(text, "insert ", "");
- text = Regex.Replace(text, "delete ", "");
- text = Regex.Replace(text, "or ", "");
- text = Regex.Replace(text, "-- ", "");
- text = Regex.Replace(text, "and ", "");
- text = Regex.Replace(text, "where ", "");
- text = Regex.Replace(text, "update ", "");
- text = Regex.Replace(text, "script ", "");
- text = Regex.Replace(text, "iframe ", "");
- text = Regex.Replace(text, "master ", "");
- text = Regex.Replace(text, "exec ", "");
- text = Regex.Replace(text, "<", "");
- text = Regex.Replace(text, ">", "");
- text = Regex.Replace(text, "\r\n", "");
- return text;
- }
- public static List<string> scriptwords()
- {
- List<string> lw = new List<string>();
- lw.Add("|");
- lw.Add("&");
- lw.Add(";");
- lw.Add("$");
- lw.Add("%");
- lw.Add("@");
- lw.Add(Chr(34));
- lw.Add("\'");
- lw.Add("\\" + Chr(34));
- lw.Add("<");
- lw.Add(">");
- lw.Add("(");
- lw.Add(")");
- lw.Add("+");
- lw.Add(Chr(13));
- lw.Add(Chr(10));
- lw.Add(",");
- lw.Add("\\");
- return lw;
- }
- public static string Chr(int asciiCode)
- {
- if (asciiCode >= 0 && asciiCode <= 255)
- {
- System.Text.ASCIIEncoding asciiEncoding = new System.Text.ASCIIEncoding();
- byte[] byteArray = new byte[] { (byte)asciiCode };
- string strCharacter = asciiEncoding.GetString(byteArray);
- return (strCharacter);
- }
- else
- {
- return "";
- }
- }
- public static List<string> sqlwords()
- {
- List<string> lw = new List<string>();
- lw.Add("select ");
- lw.Add("insert ");
- lw.Add("delete ");
- lw.Add("or ");
- lw.Add("exec ");
- lw.Add("-- ");
- lw.Add("and ");
- lw.Add("where ");
- lw.Add("update ");
- lw.Add("master ");
- lw.Add("script ");
- lw.Add("iframe ");
- lw.Add("declare ");
- lw.Add("char(");
- lw.Add("javascript:");
- lw.Add("truncate ");
- lw.Add("script>");
- lw.Add("/**/");
- return lw;
- }
- /// <summary>
- /// 判断是否包含sql注入关键字
- /// </summary>
- /// <param name="text"></param>
- /// <returns></returns>
- public static bool isSqlWord(string text)
- {
- bool result = false;
- foreach (string w in sqlwords())
- {
- if (text.ToLower().Contains(w))
- {
- result = true;
- break;
- }
- }
- return result;
- }
- /// <summary>
- /// 判断是否包含script危险字符
- /// </summary>
- /// <param name="text"></param>
- /// <returns></returns>
- public static bool isscriptword(string text)
- {
- bool result = false;
- foreach (string w in scriptwords())
- {
- if (text.Contains(w))
- {
- result = true;
- break;
- }
- }
- return result;
- }
- }
- }
|
