sqlUtils.java

sqlUtils.java

import java.sql.SQLException;import java.util.Enumeration;import java.util.HashMap;import java.util.Map;import java.util.Random;import java.util.UUID;import java.util.regex.Matcher;import java.util.regex.Pattern;import javax.crypto.Cipher;import javax.crypto.spec.IvParameterSpec;import javax.crypto.spec.SecretKeySpec;import javax.servlet.com.alibaba.druid.proxy.jdbc.ClobProxyImpl;import com.resafety.core.env.DBEnvironment;import com.resafety.core.env.PlatformEnvironment;import oracle.sql.CLOB;import org.apache.commons.codec.binary.Base64;public class Util { // 加密key和盐 private static String KEY = "dufy20170329java"; private static String IV = "dufy20170329java"; // 获取当前数据库类型 public static String oraOrMssql() { DBEnvironment dBEnvironment = new DBEnvironment(); String dbtype = dBEnvironment.getType(); String checkDbType = "ORA"; switch (dbtype) { case "oracle": checkDbType = "ORA"; break; case "mysql": checkDbType = "MYSQL"; break; case "sqlserver": checkDbType = "MSSQL"; break; case "GAUSSDB": checkDbType = "GAUSSDB"; break; } return checkDbType; } // clob字段druidBUG处理 public static String oracleClobToString(ClobProxyImpl cp) { oracle.sql.CLOB clob = (CLOB) cp.getRawClob(); try { return (clob == null ? null : clob.getSubString(1, (int) clob.length())); } catch (SQLException e) { e.printStackTrace(); } return null; } public static int getRandom() { int max = 100; int min = 1; Random random = new Random(); int s = random.nextInt(max) % (max - min + 1) + min; return s; } public static void main(String[] args) { System.out.println(getRandom()); } /*@20190916 * 检测字符串中是否包含可能引起sql注入的字符 * 如果检测到包含危险的特殊字符，则返回false。如果不包含（验证通过），则返回true * */ public static boolean checkAttack(String input) { input = input.trim(); if (input == null || input.equals("")) return false; // 检测sql String reg = "../:sleep:bin:readdirSync:Shellshock:AVAK$:WF'SQL:{ A;}>A[$($())]: // String reg = // " String regs[] = reg.split(":"); for (int i = 0; i < regs.length; i++) { if (input.indexOf(regs[i]) != -1) { // if(input.contains(regs[i])) { System.out.println("checkAttack: input String [" + input + "]" + "contains " + regs[i] + "!"); return false; // } } } // System.out.println("checkAttack ["+ input+"] ok!" ); return true; } /* * @20190917 专门用于检测数据库字段长度是否合法 * * @input:待检测字符串 * * @validlen：目标长度 */ public static boolean checkStrLen(String input, int validLen) { if (input == null || validLen <= 0) return false; if (input.length() > validLen) return false; return true; } /* * 检测一个字符串是否能够准确的转换成数值型数据，即，验证数值数据合法性 */ public static boolean checkStrToNum(String input) { try { Integer.parseInt(input); return true; } catch (NumberFormatException e) { return false; } } /* * 检测字符是否为整数（正） */ public static boolean isPositiveInteger(String input) {// 正整数 if (input == null || input.trim().equals("")) { return false; } Pattern pattern = Pattern.compile("^\\+{0,1}[1-9]\\d*"); Matcher isNum = pattern.matcher(input); return isNum.matches(); } /* * 检测字符是否为数字（包含正数、负数、小数） */ public static Boolean checkValue(String str) { if (str.matches("^(\\-|\\+)?\\d+(\\.\\d+)?$")) { return true; } else { return false; } } public static boolean checkShellAttack(String input) { // 检测Shell String reg = "../:sleep:bin:readdirSync:Shellshock:AVAK$:WF'SQL:{ A;}>A[$($())]"; String regs[] = reg.split(":"); for (int i = 0; i < regs.length; i++) { if (input.indexOf(regs[i]) != -1) { System.out.println("checkAttack: input String [" + input + "]" + "contains " + regs[i] + "!"); return false; } } return true; } public static String desEncrypt(String data) throws Exception { try { byte[] encrypted1 = new Base64().decode(data.getBytes()); Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding"); SecretKeySpec keyspec = new SecretKeySpec(KEY.getBytes(), "AES"); IvParameterSpec ivspec = new IvParameterSpec(IV.getBytes()); cipher.init(Cipher.DECRYPT_MODE, keyspec, ivspec); byte[] original = cipher.doFinal(encrypted1); String originalString = new String(original, "utf-8"); return originalString; // return "a"; } catch (Exception e) { e.printStackTrace(); return null; } } public static String getUUID() { return UUID.randomUUID().toString().replace("-", ""); } /** * 获取request中所有的消息头 * * @param request * @return */ public static Map getHeadersInfo(HttpServletRequest request) { Map map = new HashMap(); Enumeration headerNames = request.getHeaderNames(); while (headerNames.hasMoreElements()) { String key = (String) headerNames.nextElement(); String value = request.getHeader(key); map.put(key, value); } return map; } //获取当前数据库连接名称 public static String mysqlDBName(){ DBEnvironment dBEnvironment = new DBEnvironment(); String dbtype = dBEnvironment.getName(); return dbtype; }}

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。