Let me make my question Simple what I want is I am using white list Regex pattern to avoid xss and sql injection so as my allowed character in string is [A-Za-z0-9,()[]{}\"\:./_\s] and I want to restrict occurrence of -- in any coming request from client but it should allow - or jjdfasd-dsfads-12321 string
In short it below test cases should run successfully
import java.util.regex.Pattern;
public class RegExTest {
private static Pattern xssAttackPattern;
private static final String XSS_ATTACK_REGULAR_EXPRESSION1 = "-?[A-Za-z0-9,\\(\\)\\[\\]\\{\\}\"\\:./_\\s]*";
public static Pattern getXSSAttackPattern1() {
xssAttackPattern = Pattern.compile(XSS_ATTACK_REGULAR_EXPRESSION1);
return xssAttackPattern;
}
public static boolean hasXSSAttackOrSQLInjection1(String value) {
if (getXSSAttackPattern1().matcher(value).matches()) {
return true;
}
return false;
}
public static void main(String arg[]) {
System.out.println(" :::::: Regular Expression ::::::");
regexTest();
}
private static void regexTest() {
String str1 = "-dsfdsfddsfd2112212s";
String str2 = "--dsfdsfddsfd2112212s";
String str3 = "-dsfdsfdd-sfd2112212s";
String str4="http://rss.cnn.com/rss/edition_business.rss?id=121132511$@#$@$@#%242444+gfghgfhg";
String str5="(.:[]{}";
String str6="--";
String str7="-";
System.out.println("String::" + str1 + "::Result::"
+ hasXSSAttackOrSQLInjection1(str1));
System.out.println("String::" + str2 + "::Result::"
+ hasXSSAttackOrSQLInjection1(str2));
System.out.println("String::" + str3 + "::Result::"
+ hasXSSAttackOrSQLInjection1(str3));
System.out.println("String::" + str4 + "::Result::"
+ hasXSSAttackOrSQLInjection1(str4));
System.out.println("String::" + str5 + "::Result::"
+ hasXSSAttackOrSQLInjection1(str5));
System.out.println("String::" + str6 + "::Result::"
+ hasXSSAttackOrSQLInjection1(str6));
System.out.println("String::" + str7 + "::Result::"
+ hasXSSAttackOrSQLInjection1(str7));
}
}
