ParameterVerifyMiddleware参数安全验证

ParameterVerifyMiddleware.cs

  /// <summary>
        /// 参数验证
        /// </summary>
        /// <param name="input">The input.</param>
        /// <returns><c>true</c> if XXXX, <c>false</c> otherwise.</returns>
        private bool VerifyDangerousChar(string input)
        {
            input = input.ToLower();
            //|--  |(?:--)

            //_configuration

            var badStr = @"(?: ')|(/\*(?:.|[\n\r])*?\*/)|(\b(select|update|and|or|delete|script|iframe|<|>|alter|insert|trancate|create|char|into|to_char|to_date|substr|mid|ascii|substring|declare|exec|truncate|count|master|into|drop|execute|xp_|xp_cmdshell|restore|backup|net +user|net +localgroup +administrators)\b)";

            string rule = _configuration.GetValue<string>("parameterVerify:rule");
            if (rule == "false") return true;

            if (!string.IsNullOrEmpty(rule)) badStr = rule;

            var Regex = new Regex(badStr, RegexOptions.IgnoreCase);
            return Regex.IsMatch(input);
        }