package org.jeecg.modules.jmreport.common.util;

import cn.hutool.crypto.SecureUtil;
import javax.servlet.http.HttpServletRequest;
import org.jeecg.modules.jmreport.common.expetion.JimuReportException;
import org.jeecg.modules.jmreport.desreport.b.b;
import org.jeecg.modules.jmreport.desreport.b.d;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/jeecg/modules/jmreport/common/util/SqlInjectionUtil.class */
public class SqlInjectionUtil {
    private static final Logger log = LoggerFactory.getLogger(SqlInjectionUtil.class);
    private static final String TABLE_DICT_SIGN_SALT = "20200501";
    private static final String xssStr = "'|and |exec |insert |select |delete |update |drop |count |chr |mid |master |truncate |char |declare |;|or |+";

    public static void checkDictTableSign(String str, String str2, HttpServletRequest httpServletRequest) {
        String md5 = SecureUtil.md5(str + TABLE_DICT_SIGN_SALT + httpServletRequest.getHeader(b.p));
        if (md5.equals(str2)) {
            log.info(" 表字典，SQL注入漏洞签名校验成功！sign=" + str2 + ",dictCode=" + str);
        } else {
            log.error("表字典，SQL注入漏洞签名校验失败 ：" + str2 + d.m + md5 + ",dictCode=" + str);
            throw new JimuReportException("无权限访问！");
        }
    }

    public static void filterContent(String str) {
        if (str == null || "".equals(str)) {
            return;
        }
        String lowerCase = str.toLowerCase();
        String[] split = xssStr.split("\\|");
        for (int i = 0; i < split.length; i++) {
            if (lowerCase.indexOf(split[i]) > -1) {
                log.error("请注意，存在SQL注入关键词---> {}", split[i]);
                log.error("请注意，值可能存在SQL注入风险!---> {}", lowerCase);
                throw new RuntimeException("请注意，值可能存在SQL注入风险!--->" + lowerCase);
            }
        }
    }

    public static void filterContent(String[] strArr) {
        String str;
        String[] split = xssStr.split("\\|");
        int length = strArr.length;
        for (int i = 0; i < length && (str = strArr[i]) != null && !"".equals(str); i++) {
            String lowerCase = str.toLowerCase();
            for (int i2 = 0; i2 < split.length; i2++) {
                if (lowerCase.indexOf(split[i2]) > -1) {
                    log.error("请注意，存在SQL注入关键词---> {}", split[i2]);
                    log.error("请注意，值可能存在SQL注入风险!---> {}", lowerCase);
                    throw new RuntimeException("请注意，值可能存在SQL注入风险!--->" + lowerCase);
                }
            }
        }
    }

    @Deprecated
    public static void specialFilterContent(String str) {
        String[] split = " exec | insert | select | delete | update | drop | count | chr | mid | master | truncate | char | declare |;|+|".split("\\|");
        if (str == null || "".equals(str)) {
            return;
        }
        String lowerCase = str.toLowerCase();
        for (int i = 0; i < split.length; i++) {
            if (lowerCase.indexOf(split[i]) > -1 || lowerCase.startsWith(split[i].trim())) {
                log.error("请注意，存在SQL注入关键词---> {}", split[i]);
                log.error("请注意，值可能存在SQL注入风险!---> {}", lowerCase);
                throw new RuntimeException("请注意，值可能存在SQL注入风险!--->" + lowerCase);
            }
        }
    }

    @Deprecated
    public static void specialFilterContentForOnlineReport(String str) {
        String[] split = " exec | insert | delete | update | drop | chr | mid | master | truncate | char | declare |".split("\\|");
        if (str == null || "".equals(str)) {
            return;
        }
        String lowerCase = str.toLowerCase();
        for (int i = 0; i < split.length; i++) {
            if (lowerCase.indexOf(split[i]) > -1 || lowerCase.startsWith(split[i].trim())) {
                log.error("请注意，存在SQL注入关键词---> {}", split[i]);
                log.error("请注意，值可能存在SQL注入风险!---> {}", lowerCase);
                throw new RuntimeException("请注意，值可能存在SQL注入风险!--->" + lowerCase);
            }
        }
    }
}
