IT评测·应用市场-qidao123.com技术社区

标题: 2024年大智慧教你学Java 没有绝对安全的体系，数据结构与算法面试题 [打印本页]

---

作者: 滴水恩情    时间: 2024-7-23 01:09
标题: 2024年大智慧教你学Java 没有绝对安全的体系，数据结构与算法面试题
给各人的福利

零底子入门
对于从来没有打仗过网络安全的同学，我们帮你预备了详细的学习成长路线图。可以说是最科学最体系的学习路线，各人跟着这个大的方向学习准没问题。

同时每个成长路线对应的板块都有配套的视频提供：

因篇幅有限，仅展示部分资料
网络安全面试题

绿盟护网举措

另有各人最喜欢的黑客技能

网络安全源码合集+工具包

全部资料共282G，朋侪们假如有必要全套《网络安全入门+黑客进阶学习资源包》，可以扫描下方二维码领取（如遇扫码问题，可以在批评区留言领取哦）~
网上学习资料一大堆，但假如学到的知识不成体系，遇到问题时只是浅尝辄止，不再深入研究，那么很难做到真正的技能提升。
必要这份体系化资料的朋侪，可以点击这里获取
一个人可以走的很快，但一群人才气走的更远！岂论你是正从事IT行业的老鸟或是对IT行业感爱好的新人，都欢迎加入我们的的圈子（技能交换、学习资源、职场吐槽、大厂内推、面试辅导），让我们一起学习成长！

1. /\*\* regex flag union representing /si modifiers in php \*\*/
2. private static final int REGEX_FLAGS_SI = Pattern.CASE_INSENSITIVE | Pattern.DOTALL;
3. private static final Pattern P_COMMENTS = Pattern.compile("<!--(.\*?)-->", Pattern.DOTALL);
4. private static final Pattern P_COMMENT = Pattern.compile("^!--(.\*)--$", REGEX_FLAGS_SI);
5. private static final Pattern P_TAGS = Pattern.compile("<(.\*?)>", Pattern.DOTALL);
6. private static final Pattern P_END_TAG = Pattern.compile("^/([a-z0-9]+)", REGEX_FLAGS_SI);
7. private static final Pattern P_START_TAG = Pattern.compile("^([a-z0-9]+)(.\*?)(/?)$", REGEX_FLAGS_SI);
8. private static final Pattern P_QUOTED_ATTRIBUTES = Pattern.compile("([a-z0-9]+)=(["'])(.\*?)\\2", REGEX_FLAGS_SI);
9. private static final Pattern P_UNQUOTED_ATTRIBUTES = Pattern.compile("([a-z0-9]+)(=)([^"\\s']+)", REGEX_FLAGS_SI);
10. private static final Pattern P_PROTOCOL = Pattern.compile("^([^:]+):", REGEX_FLAGS_SI);
11. private static final Pattern P_ENTITY = Pattern.compile("&#(\\d+);?");
12. private static final Pattern P_ENTITY_UNICODE = Pattern.compile("&#x([0-9a-f]+);?");
13. private static final Pattern P_ENCODE = Pattern.compile("%([0-9a-f]{2});?");
14. private static final Pattern P_VALID_ENTITIES = Pattern.compile("&([^&;]\*)(?=(;|&|$))");
15. private static final Pattern P_VALID_QUOTES = Pattern.compile("(>|^)([^<]+?)(<|$)", Pattern.DOTALL);
16. private static final Pattern P_END_ARROW = Pattern.compile("^>");
17. private static final Pattern P_BODY_TO_END = Pattern.compile("<([^>]\*?)(?=<|$)");
18. private static final Pattern P_XML_CONTENT = Pattern.compile("(^|>)([^<]\*?)(?=>)");
19. private static final Pattern P_STRAY_LEFT_ARROW = Pattern.compile("<([^>]\*?)(?=<|$)");
20. private static final Pattern P_STRAY_RIGHT_ARROW = Pattern.compile("(^|>)([^<]\*?)(?=>)");
21. private static final Pattern P_AMP = Pattern.compile("&");
22. private static final Pattern P_QUOTE = Pattern.compile("<");
23. private static final Pattern P_LEFT_ARROW = Pattern.compile("<");
24. private static final Pattern P_RIGHT_ARROW = Pattern.compile(">");
25. private static final Pattern P_BOTH_ARROWS = Pattern.compile("<>");
27. // @xxx could grow large... maybe use sesat's ReferenceMap
28. private static final ConcurrentMap<String,Pattern> P_REMOVE_PAIR_BLANKS = new ConcurrentHashMap<String, Pattern>();
29. private static final ConcurrentMap<String,Pattern> P_REMOVE_SELF_BLANKS = new ConcurrentHashMap<String, Pattern>();
31. /\*\* set of allowed html elements, along with allowed attributes for each element \*\*/
32. private final Map<String, List<String>> vAllowed;
33. /\*\* counts of open tags for each (allowable) html element \*\*/
34. private final Map<String, Integer> vTagCounts = new HashMap<String, Integer>();
36. /\*\* html elements which must always be self-closing (e.g. "<img />") \*\*/
37. private final String[] vSelfClosingTags;
38. /\*\* html elements which must always have separate opening and closing tags (e.g. "<b></b>") \*\*/
39. private final String[] vNeedClosingTags;
40. /\*\* set of disallowed html elements \*\*/
41. private final String[] vDisallowed;
42. /\*\* attributes which should be checked for valid protocols \*\*/
43. private final String[] vProtocolAtts;
44. /\*\* allowed protocols \*\*/
45. private final String[] vAllowedProtocols;
46. /\*\* tags which should be removed if they contain no content (e.g. "<b></b>" or "<b />") \*\*/
47. private final String[] vRemoveBlanks;
48. /\*\* entities allowed within html markup \*\*/
49. private final String[] vAllowedEntities;
50. /\*\* flag determining whether comments are allowed in input String. \*/
51. private final boolean stripComment;
52. private final boolean encodeQuotes;
53. private boolean vDebug = false;
54. /\*\*

复制代码

* flag determining whether to try to make tags when presented with “unbalanced”
* angle brackets (e.g. “<b text ” becomes “ text ”). If set to false,
* unbalanced angle brackets will be html escaped.
*/
private final boolean alwaysMakeTags;

1. /\*\* Default constructor.

复制代码

*
*/
public HTMLFilter() {
vAllowed = new HashMap<>();

1.     final ArrayList<String> a_atts = new ArrayList<String>();
2.     a_atts.add("href");
3.     a_atts.add("target");
4.     vAllowed.put("a", a_atts);
6.     final ArrayList<String> img_atts = new ArrayList<String>();
7.     img_atts.add("src");
8.     img_atts.add("width");
9.     img_atts.add("height");
10.     img_atts.add("alt");
11.     vAllowed.put("img", img_atts);
13.     final ArrayList<String> no_atts = new ArrayList<String>();
14.     vAllowed.put("b", no_atts);
15.     vAllowed.put("strong", no_atts);
16.     vAllowed.put("i", no_atts);
17.     vAllowed.put("em", no_atts);
19.     vSelfClosingTags = new String[]{"img"};
20.     vNeedClosingTags = new String[]{"a", "b", "strong", "i", "em"};
21.     vDisallowed = new String[]{};
22.     vAllowedProtocols = new String[]{"http", "mailto", "https"}; // no ftp.
23.     vProtocolAtts = new String[]{"src", "href"};
24.     vRemoveBlanks = new String[]{"a", "b", "strong", "i", "em"};
25.     vAllowedEntities = new String[]{"amp", "gt", "lt", "quot"};
26.     stripComment = true;
27.     encodeQuotes = true;
28.     alwaysMakeTags = true;
29. }
31. /\*\* Set debug flag to true. Otherwise use default settings. See the default constructor.

复制代码

*
* @param debug turn debug on with a true argument
*/
public HTMLFilter(final boolean debug) {
this();
vDebug = debug;

1. }
3. /\*\* Map-parameter configurable constructor.

复制代码

*
* @param conf map containing configuration. keys match field names.
*/
public HTMLFilter(final Map<String,Object> conf) {

1.     assert conf.containsKey("vAllowed") : "configuration requires vAllowed";
2.     assert conf.containsKey("vSelfClosingTags") : "configuration requires vSelfClosingTags";
3.     assert conf.containsKey("vNeedClosingTags") : "configuration requires vNeedClosingTags";
4.     assert conf.containsKey("vDisallowed") : "configuration requires vDisallowed";
5.     assert conf.containsKey("vAllowedProtocols") : "configuration requires vAllowedProtocols";
6.     assert conf.containsKey("vProtocolAtts") : "configuration requires vProtocolAtts";
7.     assert conf.containsKey("vRemoveBlanks") : "configuration requires vRemoveBlanks";
8.     assert conf.containsKey("vAllowedEntities") : "configuration requires vAllowedEntities";
10.     vAllowed = Collections.unmodifiableMap((HashMap<String, List<String>>) conf.get("vAllowed"));
11.     vSelfClosingTags = (String[]) conf.get("vSelfClosingTags");
12.     vNeedClosingTags = (String[]) conf.get("vNeedClosingTags");
13.     vDisallowed = (String[]) conf.get("vDisallowed");
14.     vAllowedProtocols = (String[]) conf.get("vAllowedProtocols");
15.     vProtocolAtts = (String[]) conf.get("vProtocolAtts");
16.     vRemoveBlanks = (String[]) conf.get("vRemoveBlanks");
17.     vAllowedEntities = (String[]) conf.get("vAllowedEntities");
18.     stripComment =  conf.containsKey("stripComment") ? (Boolean) conf.get("stripComment") : true;
19.     encodeQuotes = conf.containsKey("encodeQuotes") ? (Boolean) conf.get("encodeQuotes") : true;
20.     alwaysMakeTags = conf.containsKey("alwaysMakeTags") ? (Boolean) conf.get("alwaysMakeTags") : true;
21. }
23. private void reset() {
24.     vTagCounts.clear();
25. }
27. private void debug(final String msg) {
28.     if (vDebug) {
29.         Logger.getAnonymousLogger().info(msg);
30.     }
31. }
33. //---------------------------------------------------------------
34. // my versions of some PHP library functions
35. public static String chr(final int decimal) {
36.     return String.valueOf((char) decimal);
37. }
39. public static String htmlSpecialChars(final String s) {
40.     String result = s;
41.     result = regexReplace(P_AMP, "&amp;", result);
42.     result = regexReplace(P_QUOTE, "&quot;", result);
43.     result = regexReplace(P_LEFT_ARROW, "&lt;", result);
44.     result = regexReplace(P_RIGHT_ARROW, "&gt;", result);
45.     return result;
46. }
48. //---------------------------------------------------------------
49. /\*\*

复制代码

* given a user submitted input String, filter out any invalid or restricted
* html.
*
* @param input text (i.e. submitted by a user) than may contain html
* @return “clean” version of input, with only valid, whitelisted html elements allowed
*/
public String filter(final String input) {
reset();
String s = input;

1.     debug("\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*");
2.     debug(" INPUT: " + input);
4.     s = escapeComments(s);
5.     debug(" escapeComments: " + s);
7.     s = balanceHTML(s);
8.     debug(" balanceHTML: " + s);
10.     s = checkTags(s);
11.     debug(" checkTags: " + s);
13.     s = processRemoveBlanks(s);
14.     debug("processRemoveBlanks: " + s);
16.     s = validateEntities(s);
17.     debug(" validateEntites: " + s);
19.     debug("\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\n\n");
20.     return s;
21. }
23. public boolean isAlwaysMakeTags(){
24.     return alwaysMakeTags;
25. }
27. public boolean isStripComments(){
28.     return stripComment;
29. }
31. private String escapeComments(final String s) {
32.     final Matcher m = P_COMMENTS.matcher(s);
33.     final StringBuffer buf = new StringBuffer();
34.     if (m.find()) {
35.         final String match = m.group(1); //(.\*?)
36.         m.appendReplacement(buf, Matcher.quoteReplacement("<!--" + htmlSpecialChars(match) + "-->"));
37.     }
38.     m.appendTail(buf);
40.     return buf.toString();
41. }
43. private String balanceHTML(String s) {
44.     if (alwaysMakeTags) {
45.         //
46.         // try and form html
47.         //
48.         s = regexReplace(P_END_ARROW, "", s);
49.         s = regexReplace(P_BODY_TO_END, "<$1>", s);
50.         s = regexReplace(P_XML_CONTENT, "$1<$2", s);
52.     } else {
53.         //
54.         // escape stray brackets
55.         //
56.         s = regexReplace(P_STRAY_LEFT_ARROW, "&lt;$1", s);
57.         s = regexReplace(P_STRAY_RIGHT_ARROW, "$1$2&gt;<", s);
59.         //
60.         // the last regexp causes '<>' entities to appear
61.         // (we need to do a lookahead assertion so that the last bracket can
62.         // be used in the next pass of the regexp)
63.         //
64.         s = regexReplace(P_BOTH_ARROWS, "", s);
65.     }
67.     return s;
68. }
70. private String checkTags(String s) {
71.     Matcher m = P_TAGS.matcher(s);
73.     final StringBuffer buf = new StringBuffer();
74.     while (m.find()) {
75.         String replaceStr = m.group(1);
76.         replaceStr = processTag(replaceStr);
77.         m.appendReplacement(buf, Matcher.quoteReplacement(replaceStr));
78.     }
79.     m.appendTail(buf);
81.     s = buf.toString();
83.     // these get tallied in processTag
84.     // (remember to reset before subsequent calls to filter method)
85.     for (String key : vTagCounts.keySet()) {
86.         for (int ii = 0; ii < vTagCounts.get(key); ii++) {
87.             s += "</" + key + ">";
88.         }
89.     }
91.     return s;
92. }
94. private String processRemoveBlanks(final String s) {
95.     String result = s;
96.     for (String tag : vRemoveBlanks) {
97.         if(!P_REMOVE_PAIR_BLANKS.containsKey(tag)){
98.             P_REMOVE_PAIR_BLANKS.putIfAbsent(tag, Pattern.compile("<" + tag + "(\\s[^>]\*)?></" + tag + ">"));
99.         }
100.         result = regexReplace(P_REMOVE_PAIR_BLANKS.get(tag), "", result);
101.         if(!P_REMOVE_SELF_BLANKS.containsKey(tag)){
102.             P_REMOVE_SELF_BLANKS.putIfAbsent(tag, Pattern.compile("<" + tag + "(\\s[^>]\*)?/>"));
103.         }
104.         result = regexReplace(P_REMOVE_SELF_BLANKS.get(tag), "", result);
105.     }
107.     return result;
108. }
110. private static String regexReplace(final Pattern regex_pattern, final String replacement, final String s) {
111.     Matcher m = regex_pattern.matcher(s);
112.     return m.replaceAll(replacement);
113. }
115. private String processTag(final String s) {
116.     // ending tags
117.     Matcher m = P_END_TAG.matcher(s);
118.     if (m.find()) {
119.         final String name = m.group(1).toLowerCase();
120.         if (allowed(name)) {
121.             if (!inArray(name, vSelfClosingTags)) {
122.                 if (vTagCounts.containsKey(name)) {
123.                     vTagCounts.put(name, vTagCounts.get(name) - 1);
124.                     return "</" + name + ">";
125.                 }
126.             }
127.         }
128.     }
130.     // starting tags
131.     m = P_START_TAG.matcher(s);
132.     if (m.find()) {
133.         final String name = m.group(1).toLowerCase();
134.         final String body = m.group(2);
135.         String ending = m.group(3);
136.         if (allowed(name)) {
137.             String params = "";
139.             final Matcher m2 = P_QUOTED_ATTRIBUTES.matcher(body);
140.             final Matcher m3 = P_UNQUOTED_ATTRIBUTES.matcher(body);
141.             final List<String> paramNames = new ArrayList<String>();
142.             final List<String> paramValues = new ArrayList<String>();
143.             while (m2.find()) {
144.                 paramNames.add(m2.group(1)); //([a-z0-9]+)
145.                 paramValues.add(m2.group(3)); //(.\*?)
146.             }
147.             while (m3.find()) {
148.                 paramNames.add(m3.group(1)); //([a-z0-9]+)
149.                 paramValues.add(m3.group(3)); //([^"\\s']+)
150.             }
152.             String paramName, paramValue;
153.             for (int ii = 0; ii < paramNames.size(); ii++) {
154.                 paramName = paramNames.get(ii).toLowerCase();
155.                 paramValue = paramValues.get(ii);
156.                 if (allowedAttribute(name, paramName)) {
157.                     if (inArray(paramName, vProtocolAtts)) {
158.                         paramValue = processParamProtocol(paramValue);
159.                     }
160.                     params += " " + paramName + "="" + paramValue + """;
161.                 }
162.             }
164.             if (inArray(name, vSelfClosingTags)) {
165.                 ending = " /";
166.             }
168.             if (inArray(name, vNeedClosingTags)) {
169.                 ending = "";
170.             }
172.             if (ending == null || ending.length() < 1) {
173.                 if (vTagCounts.containsKey(name)) {
174.                     vTagCounts.put(name, vTagCounts.get(name) + 1);
175.                 } else {
176.                     vTagCounts.put(name, 1);
177.                 }
178.             } else {
179.                 ending = " /";
180.             }
181.             return "<" + name + params + ending + ">";
182.         } else {
183.             return "";
184.         }
185.     }
187.     // comments
188.     m = P_COMMENT.matcher(s);
189.     if (!stripComment && m.find()) {
190.         return  "<" + m.group() + ">";
191.     }
193.     return "";
194. }
196. private String processParamProtocol(String s) {
197.     s = decodeEntities(s);
198.     final Matcher m = P_PROTOCOL.matcher(s);
199.     if (m.find()) {
200.         final String protocol = m.group(1);
201.         if (!inArray(protocol, vAllowedProtocols)) {
202.             // bad protocol, turn into local anchor link instead
203.             s = "#" + s.substring(protocol.length() + 1, s.length());
204.             if (s.startsWith("#//")) {
205.                 s = "#" + s.substring(3, s.length());
206.             }
207.         }
208.     }
210.     return s;
211. }
213. private String decodeEntities(String s) {
214.     StringBuffer buf = new StringBuffer();
216.     Matcher m = P_ENTITY.matcher(s);
217.     while (m.find()) {
218.         final String match = m.group(1);
219.         final int decimal = Integer.decode(match).intValue();
220.         m.appendReplacement(buf, Matcher.quoteReplacement(chr(decimal)));
221.     }
222.     m.appendTail(buf);
223.     s = buf.toString();
225.     buf = new StringBuffer();
226.     m = P_ENTITY_UNICODE.matcher(s);
227.     while (m.find()) {
228.         final String match = m.group(1);
229.         final int decimal = Integer.valueOf(match, 16).intValue();
230.         m.appendReplacement(buf, Matcher.quoteReplacement(chr(decimal)));
231.     }
232.     m.appendTail(buf);
233.     s = buf.toString();
235.     buf = new StringBuffer();
236.     m = P_ENCODE.matcher(s);
237.     while (m.find()) {
238.         final String match = m.group(1);
239.         final int decimal = Integer.valueOf(match, 16).intValue();
240.         m.appendReplacement(buf, Matcher.quoteReplacement(chr(decimal)));
241.     }
242.     m.appendTail(buf);
243.     s = buf.toString();
245.     s = validateEntities(s);
246.     return s;
247. }
249. private String validateEntities(final String s) {
250.     StringBuffer buf = new StringBuffer();
252.     // validate entities throughout the string
253.     Matcher m = P_VALID_ENTITIES.matcher(s);
254.     while (m.find()) {
255.         final String one = m.group(1); //([^&;]\*)
256.         final String two = m.group(2); //(?=(;|&|$))
257.         m.appendReplacement(buf, Matcher.quoteReplacement(checkEntity(one, two)));
258.     }
259.     m.appendTail(buf);
261.     return encodeQuotes(buf.toString());
262. }
264. private String encodeQuotes(final String s){
265.     if(encodeQuotes){
266.         StringBuffer buf = new StringBuffer();
267.         Matcher m = P_VALID_QUOTES.matcher(s);
268.         while (m.find()) {
269.             final String one = m.group(1); //(>|^)
270.             final String two = m.group(2); //([^<]+?)
271.             final String three = m.group(3); //(<|$)
272.             m.appendReplacement(buf, Matcher.quoteReplacement(one + regexReplace(P_QUOTE, "&quot;", two) + three));
273.         }
274.         m.appendTail(buf);
275.         return buf.toString();
276.     }else{
277.         return s;
278.     }
279. }
281. private String checkEntity(final String preamble, final String term) {
283.     return ";".equals(term) && isValidEntity(preamble)
284.             ? '&' + preamble
285.             : "&amp;" + preamble;
286. }
288. private boolean isValidEntity(final String entity) {
289.     return inArray(entity, vAllowedEntities);
290. }
292. private static boolean inArray(final String s, final String[] array) {
293.     for (String item : array) {
294.         if (item != null && item.equals(s)) {
295.             return true;
296.         }
297.     }
298.     return false;
299. }
301. private boolean allowed(final String name) {
302.     return (vAllowed.isEmpty() || vAllowed.containsKey(name)) && !inArray(name, vDisallowed);
303. }
305. private boolean allowedAttribute(final String name, final String paramName) {
306.     return allowed(name) && (vAllowed.isEmpty() || vAllowed.get(name).contains(paramName));
307. }

复制代码

}

1. [/code] import javax.servlet.*;
2. import javax.servlet.http.HttpServletRequest;
3. import java.io.IOException;
4. /**
5. * XSS过滤
6. *
7. */
8. public class XssFilter implements Filter {
9. [code]@Override
10. public void init(FilterConfig config) throws ServletException {
11. }
13. public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
14.         throws IOException, ServletException {
15.         XssHttpServletRequestWrapper xssRequest = new XssHttpServletRequestWrapper((HttpServletRequest) request);
16.         chain.doFilter(xssRequest, response);
17. }
19. @Override
20. public void destroy() {
21. }

复制代码

}
[code][/code] import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.util.Arrays;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import javax.servlet.ReadListener;
import javax.servlet.ServletInputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.StringUtils;
import org.springframework.http.MediaType;
/**
* XSS过滤处置惩罚
给各人的福利

零底子入门
对于从来没有打仗过网络安全的同学，我们帮你预备了详细的学习成长路线图。可以说是最科学最体系的学习路线，各人跟着这个大的方向学习准没问题。

同时每个成长路线对应的板块都有配套的视频提供：

因篇幅有限，仅展示部分资料
网上学习资料一大堆，但假如学到的知识不成体系，遇到问题时只是浅尝辄止，不再深入研究，那么很难做到真正的技能提升。
必要这份体系化资料的朋侪，可以点击这里获取
一个人可以走的很快，但一群人才气走的更远！岂论你是正从事IT行业的老鸟或是对IT行业感爱好的新人，都欢迎加入我们的的圈子（技能交换、学习资源、职场吐槽、大厂内推、面试辅导），让我们一起学习成长！

免责声明：如果侵犯了您的权益，请联系站长，我们会及时删除侵权内容，谢谢合作！更多信息从访问主页：qidao123.com:ToB企服之家，中国第一个企服评测及商务社交产业平台。

---

欢迎光临 IT评测·应用市场-qidao123.com技术社区 (https://dis.qidao123.com/)

Powered by Discuz! X3.4