-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
714ada7
commit b7162f8
Showing
18 changed files
with
1,015 additions
and
0 deletions.
There are no files selected for viewing
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,81 @@ | ||
|
|
||
| import java.io.File; | ||
| import java.io.FileReader; | ||
| import java.io.InputStream; | ||
| import java.io.InputStreamReader; | ||
| import java.net.ServerSocket; | ||
| import java.net.Socket; | ||
| import java.io.BufferedReader; | ||
| import java.io.OutputStream; | ||
| /* | ||
| * 这是一个专门用于处理API的线程, | ||
| * 大概了原理类似于聊天软件的通信服务方式, | ||
| * 服务端会将获取的数据发送给这个API处理端口,然后应用程序可以通过socket来长链接获取数据 | ||
| */ | ||
| import java.io.PrintWriter; | ||
|
|
||
| public class API extends Thread { | ||
| public static void APIServer() throws Exception | ||
| { | ||
| ServerSocket serverSocket = new ServerSocket(config.API_Port()); | ||
| try | ||
| { | ||
| while (true){ | ||
| Socket socket1 = serverSocket.accept(); | ||
| OutputStream outputStream = socket1.getOutputStream(); | ||
| InputStream inputStream = socket1.getInputStream(); | ||
| PrintWriter printWriter = new PrintWriter(outputStream); | ||
| BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(inputStream)); | ||
|
|
||
| String getMES = bufferedReader.readLine(); | ||
| int mes_title = getMES.indexOf("GET_SERVER_URL='"); | ||
| int last_mes = getMES.lastIndexOf("'"); | ||
|
|
||
| int client_title = getMES.indexOf("CLIENT='"); | ||
|
|
||
| if (mes_title != -1) { | ||
| getMES = getMES.substring(mes_title + "GET_SERVER_URL='".length(), last_mes); | ||
| } | ||
| else{ | ||
| printWriter.println("MESSAGE SEND ERROR"); | ||
| printWriter.flush(); | ||
| socket1.close(); | ||
| } | ||
| System.out.println(getMES); | ||
| socket1.close(); | ||
| } | ||
| }catch (Exception e){ | ||
| e.printStackTrace(); | ||
| } | ||
| } | ||
| public static String API_Config(String api_do) | ||
| { | ||
| try | ||
| { | ||
| File file = new File("../config/Server.cfg"); | ||
| FileReader fileReader = new FileReader(file); | ||
| BufferedReader bufferedReader = new BufferedReader(fileReader); | ||
| String line; | ||
| String api_config=""; | ||
| while ((line=bufferedReader.readLine())!=null) | ||
| { | ||
| int config = line.indexOf(api_do); | ||
| if (config != -1) | ||
| { | ||
| api_config = line.substring(config+api_do.length(),line.indexOf(";")); | ||
| api_config = api_config.replace(" ",""); | ||
| break; | ||
| }else{ | ||
| api_config = null; | ||
| } | ||
| } | ||
| bufferedReader.close(); | ||
| return api_config; | ||
| } | ||
| catch (Exception e) | ||
| { | ||
| e.printStackTrace(); | ||
| return null; | ||
| } | ||
| } | ||
| } |
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,116 @@ | ||
| import java.io.BufferedReader; | ||
| import java.io.File; | ||
| import java.io.InputStream; | ||
| import java.io.InputStreamReader; | ||
| import java.net.Socket; | ||
|
|
||
|
|
||
| public class Client { | ||
| public static String GetURL(Socket socket) throws Exception | ||
| { | ||
| InputStream inputStream = socket.getInputStream(); | ||
| BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(inputStream)); | ||
| return bufferedReader.readLine(); | ||
| } | ||
| public static String GetType(Socket socket, String ExplorerPath) throws Exception | ||
| { | ||
|
|
||
| String tmp = " "; | ||
| File file = new File(ExplorerPath); | ||
| if (!file.exists()) | ||
| { | ||
| // file is not exists | ||
| return "text/html"; | ||
| } | ||
| if (file.exists()&&file.isFile()) | ||
| { | ||
| String Lastname = Client.GetLastName(ExplorerPath); | ||
| //System.out.println(Lastname); | ||
| if (Lastname.equals(".png")) { | ||
| //image pn | ||
| return "image/png"; | ||
| } | ||
| if (Lastname.equals(".jpeg")||Lastname.equals(".jpg")) { | ||
| return "image/jpeg"; | ||
| } | ||
| if (Lastname.equals(".svg")||Lastname.equals(".bmp")||Lastname.equals(".ico")) { | ||
| return "image/"+Lastname.replace(".",""); | ||
| } | ||
| if (Lastname.equals(".gif")) { | ||
| return "image/gif"; | ||
| } | ||
| if (Lastname.equals(".xml")){ | ||
| return "text/xml"; | ||
| } | ||
| if (Lastname.equals(".txt")) { | ||
| return "text"; | ||
| } | ||
| if (Lastname.equals(".js")){ | ||
| return "application/javascript"; | ||
| } | ||
| if (Lastname.equals(".css")){ | ||
| return "text/css"; | ||
| } | ||
| if (Lastname.equals(".json")) { | ||
| return "application/json"; | ||
| } | ||
| if (Lastname.equals(".html")||Lastname.equals(".htm")){ | ||
| return "text/html"; | ||
| } | ||
| if (Lastname.equals(".pdf")){ | ||
| return "application/pdf"; | ||
| } | ||
| if (Lastname.equals("")) { | ||
| return "application/octet-stream"; | ||
| } | ||
| if (Lastname.equals(".mp3")||Lastname.equals(".wav")){ | ||
| return "audio/"+Lastname.replace(".",""); | ||
| } | ||
| if (Lastname.equals(".mp4")){ | ||
| return "video/mp4"; | ||
| } | ||
| else{ | ||
| return "application/octet-stream"; | ||
| } | ||
| } | ||
| if (file.exists()&&file.isDirectory()) | ||
| { | ||
| return "text/html"; | ||
| } | ||
| else | ||
| { | ||
| return "application/octet-stream"; | ||
| } | ||
| } | ||
| public static String GetLastName(String ExplorerPath) throws Exception | ||
| { | ||
| int i = 0 ; | ||
| File file = new File(ExplorerPath); | ||
| String filename = file.getName(); | ||
| filename = filename.toLowerCase(); | ||
| String lastname; | ||
| if (filename.lastIndexOf(".")!=-1) | ||
| { | ||
| lastname = filename.substring(filename.lastIndexOf("."),filename.length()); | ||
| }else{ | ||
| lastname = ""; | ||
| } | ||
| return lastname; | ||
| } | ||
| public static String GetSystem(BufferedReader bufferedReader) throws Exception | ||
| { | ||
| String tmp = " "; | ||
| for (int i = 1 ; i <= 6 ; i++) | ||
| { | ||
| tmp = bufferedReader.readLine(); | ||
| } | ||
| tmp = tmp.replace("sec-ch-ua-platform: \"", ""); | ||
| tmp = tmp.substring(0, tmp.indexOf("\"")); | ||
| return tmp; | ||
| } | ||
| public static String GetContentType(BufferedReader bufferedReader) | ||
| throws Exception | ||
| { | ||
| return null; | ||
| } | ||
| } |
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,2 @@ | ||
| Manifest-Version: 1.0 | ||
| Main-Class: main |
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,58 @@ | ||
|
|
||
|
|
||
| import java.io.BufferedReader; | ||
| import java.io.File; | ||
| import java.io.FileReader; | ||
| import java.io.InputStream; | ||
| import java.io.InputStreamReader; | ||
| import java.io.OutputStream; | ||
| import java.io.PrintWriter; | ||
| import java.net.Socket; | ||
|
|
||
| import javax.swing.text.html.HTML; | ||
|
|
||
| public class URL_Http { | ||
| public static void URL_Return(Socket socket,String url) | ||
| { | ||
| try | ||
| { | ||
| OutputStream outputStream = socket.getOutputStream(); | ||
| InputStream inputStream = socket.getInputStream(); | ||
| BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(inputStream)); | ||
| PrintWriter printWriter = new PrintWriter(outputStream); | ||
|
|
||
| File file = new File("../rules/URL_Return.cfg"); | ||
| FileReader fileReader = new FileReader(file); | ||
| BufferedReader config_br = new BufferedReader(fileReader); | ||
|
|
||
| String line; | ||
| String configURL = ""; | ||
| String configPath = ""; | ||
|
|
||
| while ((line=config_br.readLine())!=null) | ||
| { | ||
| // get config url | ||
| String tmp = line; | ||
| configURL = tmp.substring(tmp.indexOf("URL: ")+5,tmp.indexOf(";")); | ||
| if (configURL.equals(url)) | ||
| { | ||
| configPath = tmp.substring(tmp.indexOf("Return: ")+8,tmp.lastIndexOf(";")); | ||
| File server = new File(configPath); | ||
| if (server.exists()) | ||
| { | ||
| main.SocketDIR(bufferedReader,outputStream,url,printWriter,server,socket); | ||
| break; | ||
| }else{ | ||
| main.Page404(printWriter, url,outputStream,socket); | ||
| } | ||
| } | ||
| } | ||
| socket.close(); | ||
| return; | ||
|
|
||
| }catch (Exception e) | ||
| { | ||
| e.printStackTrace(); | ||
| } | ||
| } | ||
| } |
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,52 @@ | ||
| import java.io.OutputStream; | ||
| import java.io.PrintWriter; | ||
| import java.net.Socket; | ||
|
|
||
|
|
||
| public class WebSafety { | ||
|
|
||
| public static void SQL_Security(String HttpURL, PrintWriter printWriter, OutputStream outputStream, Socket socket) | ||
| { | ||
| try | ||
| { | ||
| if (config.getSafe("SQL_Protection: ")) | ||
| { | ||
| // sql防护服务处于打开状态 | ||
| //检查是否存在 SQL语句 | ||
|
|
||
| HttpURL=HttpURL.toUpperCase();//测试用sql语句 | ||
| //System.out.println(HttpURL); | ||
| String column="(\\w+\\s*(\\w+\\s*){0,1})";//一列的正则表达式 匹配如 product p | ||
| String columns=column+"(,\\s*"+column+")*"; //多列正则表达式 匹配如 product p,category c,warehouse w | ||
| String ownerenable="((\\w+\\.){0,1}\\w+\\s*(\\w+\\s*){0,1})";//一列的正则表达式 匹配如 a.product p | ||
| String ownerenables=ownerenable+"(,\\s*"+ownerenable+")*";//多列正则表达式 匹配如 a.product p,a.category c,b.warehouse w | ||
| String from="FROM\\s+"+columns; | ||
| String condition="(\\w+\\.){0,1}\\w+\\s*(=|LIKE|IS)\\s*'?(\\w+\\.){0,1}[\\w%]+'?";//条件的正则表达式 匹配如 a=b 或 a is b.. | ||
| String conditions=condition+"(\\s+(AND|OR)\\s*"+condition+"\\s*)*";//多个条件 匹配如 a=b and c like 'r%' or d is null | ||
| String where="(WHERE\\s+"+conditions+"){0,1}"; | ||
| String pattern="SELECT\\s+(\\*|"+ownerenables+"\\s+"+from+")\\s+"+where+"\\s*"; //匹配最终sql的正则表达式 | ||
| if (HttpURL.matches(pattern)) | ||
| { | ||
| main.Page405(printWriter,socket,outputStream); | ||
| return; | ||
| } | ||
| } | ||
| }catch (Exception e) | ||
| { | ||
| e.printStackTrace(); | ||
| } | ||
| } | ||
| public static void XSS_Security(String HttpURL,PrintWriter printWriter,OutputStream outputStream,Socket socket) | ||
| throws Exception | ||
| { | ||
| if (config.getSafe("XSS_Protection: ")) | ||
| { | ||
| HttpURL = HttpURL.replace(" ",""); | ||
| if (HttpURL.indexOf("<script")!=-1||HttpURL.indexOf("</")!=-1||HttpURL.indexOf("<link")!=-1||HttpURL.indexOf("/>")!=-1||HttpURL.indexOf("%2")!=-1) | ||
| { | ||
| main.Page405(printWriter,socket,outputStream); | ||
| return; | ||
| } | ||
| } | ||
| } | ||
| } |
Binary file not shown.
Oops, something went wrong.