Regex 使用正则表达式查找关键字
嘿,我有以下坏词,我想检查它们是否在我传递的字符串中:Regex 使用正则表达式查找关键字,regex,vb.net,keyword,Regex,Vb.net,Keyword,嘿,我有以下坏词,我想检查它们是否在我传递的字符串中: Private Function injectionCheck(queryString As String) As Integer Dim badWords() As String = {"EXEC", "EXECUTE", ";", "-", "*", "--", "@", "UNION", "DROP", "DELETE", "UPDATE", "INSERT",
Private Function injectionCheck(queryString As String) As Integer
Dim badWords() As String = {"EXEC", "EXECUTE", ";", "-", "*", "--", "@",
"UNION", "DROP", "DELETE", "UPDATE", "INSERT", "MASTER",
"TABLE", "XP_CMDSHELL", "CREATE", "XP_FIXEDDRIVES",
"SYSCOLUMNS", "SYSOBJECTS"}
Dim pattern As String = "\b(" + Regex.Escape(badWords(0))
For Each key In badWords.Skip(1)
pattern += "|" + Regex.Escape(key)
Next
pattern += ")\b"
Return Regex.Matches(queryString, pattern, RegexOptions.IgnoreCase).Count
End Function
对于该模式,我得到以下结果:
\b(EXEC|EXECUTE|;|-|\*|--|@|UNION|DROP|DELETE|UPDATE|INSERT|MASTER|TABLE|XP_CMDSHELL|
CREATE|XP_FIXEDDRIVES|SYSCOLUMNS|SYSOBJECTS)\b
在我看来这是正确的。但每次我叫它时,我都得到0作为对此的响应:
Dim blah As Integer = injectionCheck("select * from bob where something = 'you'")
既然上面的不应该返回0,那么我应该忽略什么呢?它应该返回2,因为*和“都是不应该使用的。如果您计划将单词作为整个单词进行匹配,但关键字可能以非单词字符开始/结束,您可能会遇到类似的问题。单词边界的含义取决于上下文:
\b--\b
将在X--X
中匹配,但在,-,
中不匹配
您需要一个明确的边界匹配。使用lookarounds(?作为前导词,(?!\w)
作为尾随词边界
实施如下所示的更改:
Dim pattern As String = "(?<!\w)(" + Regex.Escape(badWords(0)) ' <== HERE
For Each key In badWords.Skip(1)
pattern += "|" + Regex.Escape(key)
Next
pattern += ")(?!\w)" ' <== AND HERE
Dim pattern As String=“(?字符串与模式不匹配。问题出在\b
上。很好,Wiktor。谢谢!