a. libdejector , blackhat 2005, Hanson && Pattresn, 给出了以下观点
"Input validataion needs to be done with a mechanism strong enough to recognize the language"
HTTP与SQL属于CFG(Context-Free Grammars),正则表达式属于FSM(Finite-state machine)描述语言,用正则来
描述规则总会有误报与漏报
b. libinjection, blackhat 2012 , Nick Galbreath 词法分析
c. sqlchop, blackhat 2014, 词法+语法分析
)/i