# Input valuidation ---- ## PHP ### whitelist $xx = pregreplace( "/[^a-zA-Z0-9]/", "", $POST['x'] ); if (!strlen($xx)){ die("username is blank!"); } ### Blacklist if (pregmatch("/[;]/", $host)) { die("blacklisted\n"); } ### File upload $allowed = array('gif', 'png', 'jpg'); $filename = $FILES['videofile']['name']; $ext = pathinfo($filename, PATHINFOEXTENSION); if (!inarray($ext, $allowed)) { echo 'error'; } ------------ ## Python ### Whitelist import re result = re.sub('[^a-zA-Z0-9]', '', x) ### Blacklist import re match = re.match('[;]', x) if match: exit(1337) ### File upload def allowedfile(filename): return '.' in filename and \ filename.rsplit('.', 1)[1].lower() in ALLOWEDEXTENSIONS ### Shell validation cmd = 'ping -c 1 ' + shlex.quote(domain.replace(' ', '')) + '\n' ------------ ## Go-lang import ( "fmt" "regexp" "log" ) pattern := "\?" r, := regexp.Compile(pattern) str1 = r.ReplaceAllString(str1, " ") ### Whitelist package main import ( "fmt" "regexp" "log" ) func main() { str1 := "how much for the maple syrup? $20.99? That's ridiculous!!!" re, err := regexp.Compile(`[^\w]`) if err != nil { log.Fatal(err) } str1 = re.ReplaceAllString(str1, " ") fmt.Println(str1) } ### Blacklist import ( "fmt" "regexp" ) func main() { str1 := "how much for the maple syrup? $20.99? That's ridiculous!!!" pattern := "\\?" r, := regexp.Compile(pattern) str1 = r.ReplaceAllString(str1, " ") fmt.Println(str1) } ### File extension package main import ( "fmt" "path/filepath" ) func main() { path := "/media/godfather.mp4" fileExtension := filepath.Ext(path) fmt.Println("File extension ", fileExtension) strings := []string{".go" , ".mp4" , ".ext"} for i, s := range strings { fmt.Println(i, s) if fileExtension == s { fmt.Println("Passed") } } } ------ ## Java ### Blacklist Pattern pattern = Pattern.compile("[/,:<>!~@#$%^&()+=?()\"|!\\[#$-]"); Matcher patternMatcher = pattern.matcher(field.subSequence(0,field.length())); if(patternMatcher.find()==true){ msg = specCharError(fieldName,line); } --- --- ## Shellscript ### Whitelist key="test0099"; echo $key cleanSpecialChars= echo $key | sed 's/[^a-zA-Z0-9]//g' echo $cleanSpecialChars ### Blacklist if ! [[ $key =~ ^[a-zA-Z0-9]+$ ]]; then echo 'Wrong key. Only a-zA-Z characters are allowed' >&2 #write to stderr exit fi ### File extension fullfile="/media/godfather.mp5"; filename=$(basename -- "$fullfile") ext="${filename##.}" filename="${filename%.}" extensions=("go" "mp4" "ext") result="Failed" for extension in ${extensions[@]}; do echo $extension; if [[ "$ext" == "$extension" ]]; then result="Passed" fi done echo $result ---