網站監測是否提交惡意字串的工具類
阿新 • • 發佈:2018-11-02
using System.Text.RegularExpressions; using System.Web; namespace CNKI.TPI.Web.Base { public class safe_360 { private const string StrRegex = "['\"]+|"+ @"\b(alert|confirm|prompt)\b|^\+/v(8|9)|\b(and|or)\b.{1,6}?(=|>|<|\bin\b|\blike\b)|/\*.+?\*/|<\s*script\b|<\s*img\b|\bEXEC\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\s+(TABLE|DATABASE)"; /// <summary> /// /// </summary> /// <returns></returns> public static bool PostData() { bool result = false; for (int i = 0; i < HttpContext.Current.Request.Form.Count; i++) { result = CheckData(HttpContext.Current.Request.Form[i].ToString()); if (result) { break; } } return result; } /// <summary> /// /// </summary> /// <returns></returns> public static bool GetData() { bool result = false; for (int i = 0; i < HttpContext.Current.Request.QueryString.Count; i++) { result = CheckData(HttpContext.Current.Request.QueryString[i].ToString()); if (result) { break; } } return result; } /// <summary> /// /// </summary> /// <returns></returns> public static bool CookieData() { bool result = false; for (int i = 0; i < HttpContext.Current.Request.Cookies.Count; i++) { result = CheckData(HttpContext.Current.Request.Cookies[i].Value.ToLower()); if (result) { break; } } return result; } /// <summary> /// /// </summary> /// <returns></returns> public static bool referer() { bool result = false; return result = CheckData(HttpContext.Current.Request.UrlReferrer.ToString()); } /// <summary> /// /// </summary> /// <param name="inputData"></param> /// <returns></returns> public static bool CheckData(string inputData) { if (Regex.IsMatch(inputData, StrRegex)) { return true; } else { return false; } } } }
1,原理是通過正則表示式遍歷get和form表單,看是否有非法提交。