使用正则表达式查找关键字
Using REGEX to find keywords
嘿,我有以下坏词,我想检查它们是否在我传递的字符串中:
Private Function injectionCheck(queryString As String) As Integer
Dim badWords() As String = {"EXEC", "EXECUTE", ";", "-", "*", "--", "@",
"UNION", "DROP", "DELETE", "UPDATE", "INSERT", "MASTER",
"TABLE", "XP_CMDSHELL", "CREATE", "XP_FIXEDDRIVES",
"SYSCOLUMNS", "SYSOBJECTS"}
Dim pattern As String = "\b(" + Regex.Escape(badWords(0))
For Each key In badWords.Skip(1)
pattern += "|" + Regex.Escape(key)
Next
pattern += ")\b"
Return Regex.Matches(queryString, pattern, RegexOptions.IgnoreCase).Count
End Function
对于模式,我得到以下信息:
\b(EXEC|EXECUTE|;|-|\*|--|@|UNION|DROP|DELETE|UPDATE|INSERT|MASTER|TABLE|XP_CMDSHELL|
CREATE|XP_FIXEDDRIVES|SYSCOLUMNS|SYSOBJECTS)\b
这对我来说是正确的。但每次我调用它时,我都会得到 0 作为对此的回应:
Dim blah As Integer = injectionCheck("select * from bob where something = 'you'")
所以我遗漏了什么需要在那里因为上面不应该 return 0 - 它应该 return 2 因为同时使用了 * 和 ',所以不应使用。
如果您打算将单词作为整个单词进行匹配,但关键字可能 start/end 包含非单词字符,您可能会遇到类似的麻烦。单词边界的含义取决于上下文:\b--\b 将在 X--X 中匹配,但不会在 , --,.
中匹配
您需要明确的边界匹配。使用环视 (?<!\w) 作为前导和 (?!\w) 作为尾随词边界。
按如下所示实施更改:
Dim pattern As String = "(?<!\w)(" + Regex.Escape(badWords(0)) ' <== HERE
For Each key In badWords.Skip(1)
pattern += "|" + Regex.Escape(key)
Next
pattern += ")(?!\w)" ' <== AND HERE
嘿,我有以下坏词,我想检查它们是否在我传递的字符串中:
Private Function injectionCheck(queryString As String) As Integer
Dim badWords() As String = {"EXEC", "EXECUTE", ";", "-", "*", "--", "@",
"UNION", "DROP", "DELETE", "UPDATE", "INSERT", "MASTER",
"TABLE", "XP_CMDSHELL", "CREATE", "XP_FIXEDDRIVES",
"SYSCOLUMNS", "SYSOBJECTS"}
Dim pattern As String = "\b(" + Regex.Escape(badWords(0))
For Each key In badWords.Skip(1)
pattern += "|" + Regex.Escape(key)
Next
pattern += ")\b"
Return Regex.Matches(queryString, pattern, RegexOptions.IgnoreCase).Count
End Function
对于模式,我得到以下信息:
\b(EXEC|EXECUTE|;|-|\*|--|@|UNION|DROP|DELETE|UPDATE|INSERT|MASTER|TABLE|XP_CMDSHELL|
CREATE|XP_FIXEDDRIVES|SYSCOLUMNS|SYSOBJECTS)\b
这对我来说是正确的。但每次我调用它时,我都会得到 0 作为对此的回应:
Dim blah As Integer = injectionCheck("select * from bob where something = 'you'")
所以我遗漏了什么需要在那里因为上面不应该 return 0 - 它应该 return 2 因为同时使用了 * 和 ',所以不应使用。
如果您打算将单词作为整个单词进行匹配,但关键字可能 start/end 包含非单词字符,您可能会遇到类似的麻烦。单词边界的含义取决于上下文:\b--\b 将在 X--X 中匹配,但不会在 , --,.
您需要明确的边界匹配。使用环视 (?<!\w) 作为前导和 (?!\w) 作为尾随词边界。
按如下所示实施更改:
Dim pattern As String = "(?<!\w)(" + Regex.Escape(badWords(0)) ' <== HERE
For Each key In badWords.Skip(1)
pattern += "|" + Regex.Escape(key)
Next
pattern += ")(?!\w)" ' <== AND HERE