package com.zy.platform.epidemic.monitor.utils;
import com.zy.platform.epidemic.monitor.exception.CustomException;
import java.util.Iterator;
import java.util.Map;
import java.util.regex.Pattern;
public class XssUtils {
static String reg = "(?:')|(?:--)|(/\*(?:.|[\n\r])*?\*/)|"
+ "(\b(select|update|and|or|delete|insert|trancate|char|into|substr|ascii|declare|exec|count|master|into|drop|execute)\b)";
static Pattern sqlPattern = Pattern.compile(reg, Pattern.CASE_INSENSITIVE);
public static void checkMap(Map map)
{
Iterator it = map.entrySet().iterator() ;
while (it.hasNext()){
Map.Entry entry = (Map.Entry) it.next() ;
String value = entry.getValue()+"";
if (sqlPattern.matcher(value).find()) {
throw new CustomException("请求中含有非法字符");
}
}
}
}
