forked from bit4woo/java-sec-code
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathSecurity.java
More file actions
59 lines (51 loc) · 1.66 KB
/
Security.java
File metadata and controls
59 lines (51 loc) · 1.66 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
package org.joychou.utils;
import com.google.common.net.InternetDomainName;
import javax.imageio.ImageIO;
import java.awt.image.BufferedImage;
import java.io.File;
import java.io.IOException;
import java.net.URI;
import java.net.URL;
public class Security {
/**
* @param url
* @return 安全url返回true,危险url返回false
*/
public static Boolean checkSafeUrl(String url, String[] urlwhitelist) {
try {
URL u = new URL(url);
URI uri = new URI(url);
// 判断是否是http(s)协议
if (!u.getProtocol().startsWith("http") && !u.getProtocol().startsWith("https")) {
System.out.println("The protocol of url is not http or https.");
return false;
}
// 使用uri获取host
String host = uri.getHost().toLowerCase();
// 如果非顶级域名后缀会报错
String rootDomain = InternetDomainName.from(host).topPrivateDomain().toString();
for (String whiteurl : urlwhitelist) {
if (rootDomain.equals(whiteurl)) {
return true;
}
}
System.out.println("Url is not safe.");
return false;
} catch (Exception e) {
System.out.println(e.toString());
e.printStackTrace();
return false;
}
}
/**
* @param file
* @desc 判断文件内容是否是图片
*/
public static boolean isImage(File file) throws IOException {
BufferedImage bi = ImageIO.read(file);
if (bi == null) {
return false;
}
return true;
}
}