|
|
static HashSet blockedCodeString = new HashSet();
static {
blockedCodeString.add(new String[]{"import", "os"});
blockedCodeString.add(new String[]{"import", "sys"});
blockedCodeString.add(new String[]{"import", "subprocess"});
blockedCodeString.add(new String[]{"import", "pty"});
blockedCodeString.add(new String[]{"import", "socket"});
blockedCodeString.add(new String[]{"import", "commands"});
blockedCodeString.add(new String[]{"import", "paramiko"});
blockedCodeString.add(new String[]{"import", "pexpect"});
blockedCodeString.add(new String[]{"import", "BaseHTTPServer"});
blockedCodeString.add(new String[]{"import", "ConfigParser"});
blockedCodeString.add(new String[]{"import", "platform"});
blockedCodeString.add(new String[]{"import", "popen2"});
blockedCodeString.add(new String[]{"import", "copy"});
blockedCodeString.add(new String[]{"import", "SocketServer"});
blockedCodeString.add(new String[]{"import", "sysconfig"});
blockedCodeString.add(new String[]{"import", "tty"});
blockedCodeString.add(new String[]{"import", "xmlrpmlib"});
blockedCodeString.add(new String[]{"etc"});
blockedCodeString.add(new String[]{"boot"});
blockedCodeString.add(new String[]{"dev"});
blockedCodeString.add(new String[]{"lib"});
blockedCodeString.add(new String[]{"lib64"});
blockedCodeString.add(new String[]{"lost+found"});
blockedCodeString.add(new String[]{"mnt"});
blockedCodeString.add(new String[]{"proc"});
blockedCodeString.add(new String[]{"root"});
blockedCodeString.add(new String[]{"sbin"});
blockedCodeString.add(new String[]{"selinux"});
blockedCodeString.add(new String[]{"usr"});
blockedCodeString.add(new String[]{"passwd"});
blockedCodeString.add(new String[]{"useradd"});
blockedCodeString.add(new String[]{"userdel"});
blockedCodeString.add(new String[]{"rm"});
blockedCodeString.add(new String[]{"akka "});
blockedCodeString.add(new String[]{"groupadd"});
blockedCodeString.add(new String[]{"groupdel"});
blockedCodeString.add(new String[]{"mkdir"});
blockedCodeString.add(new String[]{"rmdir"});
blockedCodeString.add(new String[]{"ping"});
blockedCodeString.add(new String[]{"nc"});
blockedCodeString.add(new String[]{"telnet"});
blockedCodeString.add(new String[]{"ftp"});
blockedCodeString.add(new String[]{"scp"});
blockedCodeString.add(new String[]{"ssh"});
blockedCodeString.add(new String[]{"ps"});
blockedCodeString.add(new String[]{"hostname"});
blockedCodeString.add(new String[]{"uname"});
blockedCodeString.add(new String[]{"vim"});
blockedCodeString.add(new String[]{"nano"});
blockedCodeString.add(new String[]{"top"});
blockedCodeString.add(new String[]{"cat"});
blockedCodeString.add(new String[]{"more"});
blockedCodeString.add(new String[]{"less"});
blockedCodeString.add(new String[]{"chkconfig"});
blockedCodeString.add(new String[]{"service"});
blockedCodeString.add(new String[]{"netstat"});
blockedCodeString.add(new String[]{"iptables"});
blockedCodeString.add(new String[]{"ip"});
blockedCodeString.add(new String[]{"route "});
blockedCodeString.add(new String[]{"curl"});
blockedCodeString.add(new String[]{"wget"});
blockedCodeString.add(new String[]{"sysctl"});
blockedCodeString.add(new String[]{"touch"});
blockedCodeString.add(new String[]{"scala.sys.process"});
blockedCodeString.add(new String[]{"0.0.0.0"});
blockedCodeString.add(new String[]{"git"});
blockedCodeString.add(new String[]{"svn"});
blockedCodeString.add(new String[]{"hg"});
blockedCodeString.add(new String[]{"cvs"});
blockedCodeString.add(new String[]{"exec"});
blockedCodeString.add(new String[]{"ln"});
blockedCodeString.add(new String[]{"kill"});
blockedCodeString.add(new String[]{"rsync"});
blockedCodeString.add(new String[]{"lsof"});
blockedCodeString.add(new String[]{"crontab"});
blockedCodeString.add(new String[]{"libtool"});
blockedCodeString.add(new String[]{"automake"});
blockedCodeString.add(new String[]{"autoconf"});
blockedCodeString.add(new String[]{"make"});
blockedCodeString.add(new String[]{"gcc"});
blockedCodeString.add(new String[]{"cc"});
}
static boolean allMatch(String aim, String[] checker){
if(checker == null || checker.length < 1){
return false;
}else {
// by default, treat as match, every not match change it
for (String i : checker) {
if (!aim.matches(".*\\b" + i + "\\b.*")){
return false;
}
}
return true;
}
}
static String anyMatch(String aim, HashSet all) throws Exception{
if(aim.contains("FUCK P&G")){
throw new Exception("How do you know this ????");
} else {
for (String[] one : all) {
if (allMatch(aim, one)) {
StringBuilder sb = new StringBuilder();
for (String s : one) {
sb.append(s + " ");
}
return sb.toString();
}
}
throw new Exception("No one match");
}
}
//......此处是个public类
try{
String matchesStrings = anyMatch(st, blockedCodeString);
result = new InterpreterResult(Code.ERROR, "Contains dangerous code : " + matchesStrings);
}catch (Exception me){ // no match any
scheduler.submit(job);
while (!job.isTerminated()) {
synchronized (jobListener) {
try {
jobListener.wait(1000);
} catch (InterruptedException e) {
logger.info("Exception in RemoteInterpreterServer while interpret, jobListener.wait", e);
}
}
}
if (job.getStatus() == Status.ERROR) {
result = new InterpreterResult(Code.ERROR, Job.getStack(job.getException()));
} else {
result = (InterpreterResult) job.getReturn();
// in case of job abort in PENDING status, result can be null
if (result == null) {
result = new InterpreterResult(Code.KEEP_PREVIOUS_RESULT);
}
}
}
//......直到该public类结束
|
|
QQ群⑧:
窥视卡
雷达卡
发表于 2018-10-28 15:03:34
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡