Class EmailSecurity

java.lang.Object
cloud.opencode.base.email.security.EmailSecurity
public final class EmailSecurity extends Object
Email Security Utility Class 邮件安全工具类

Provides security utilities for email operations.

提供邮件操作的安全工具。

Features | 主要功能:

  • Header injection prevention - 邮件头注入防护
  • Email address validation - 邮箱地址验证
  • Attachment security validation - 附件安全验证
  • Content sanitization - 内容清理

Security | 安全性:

  • Thread-safe: Yes - 线程安全: 是
Since:
JDK 25, opencode-base-email V1.0.0
Author:
Leon Soo www.LeonSoo.com
See Also:

  • Method Details

    • sanitizeHeader

      public static String sanitizeHeader(String value)
      Sanitize email header content to prevent injection attacks 清理邮件头内容以防止注入攻击

      Examples | 示例:

      sanitizeHeader("Test\r\nBcc: hacker@evil.com") = "TestBcc: hacker@evil.com"
sanitizeHeader("Normal Subject")               = "Normal Subject"
      Parameters:
      value - the header value | 邮件头值
      Returns:
      the sanitized value | 清理后的值

    • isValidEmail

      public static boolean isValidEmail(String email)
      Validate email address format 验证邮箱地址格式

      Examples | 示例:

      isValidEmail("user@example.com")           = true
isValidEmail("user.name+tag@example.co.uk") = true
isValidEmail("invalid")                    = false
isValidEmail("user@")                      = false
      Parameters:
      email - the email address | 邮箱地址
      Returns:
      true if valid | 有效返回true

    • validateAttachment

      public static void validateAttachment(Attachment attachment)
      Validate attachment security 验证附件安全性
      Parameters:
      attachment - the attachment | 附件
      Throws:
      EmailSecurityException - if validation fails | 验证失败时抛出

    • validateAttachment

      public static void validateAttachment(Attachment attachment, Set<String> allowedExtensions, long maxSize)
      Validate attachment security with custom settings 使用自定义设置验证附件安全性
      Parameters:
      attachment - the attachment | 附件
      allowedExtensions - allowed file extensions | 允许的文件扩展名
      maxSize - max file size in bytes | 最大文件大小(字节)
      Throws:
      EmailSecurityException - if validation fails | 验证失败时抛出

    • isAllowedExtension

      public static boolean isAllowedExtension(String fileName)
      Check if attachment extension is allowed 检查附件扩展名是否允许
      Parameters:
      fileName - the file name | 文件名
      Returns:
      true if allowed | 允许返回true

    • isDangerousExtension

      public static boolean isDangerousExtension(String fileName)
      Check if attachment extension is dangerous 检查附件扩展名是否危险
      Parameters:
      fileName - the file name | 文件名
      Returns:
      true if dangerous | 危险返回true

    • getExtension

      public static String getExtension(String fileName)
      Get file extension 获取文件扩展名
      Parameters:
      fileName - the file name | 文件名
      Returns:
      the extension without dot | 不带点的扩展名

    • getDefaultAllowedExtensions

      public static Set<String> getDefaultAllowedExtensions()
      Get default allowed extensions 获取默认允许的扩展名
      Returns:
      the allowed extensions | 允许的扩展名

    • getDangerousExtensions

      public static Set<String> getDangerousExtensions()
      Get dangerous extensions 获取危险扩展名
      Returns:
      the dangerous extensions | 危险扩展名

    • getDefaultMaxAttachmentSize

      public static long getDefaultMaxAttachmentSize()
      Get default max attachment size 获取默认最大附件大小
      Returns:
      the max size in bytes | 最大字节大小