package org.jeecg.modules.drag.util;

import cn.hutool.core.util.ReUtil;
import java.util.ArrayList;
import java.util.List;
import java.util.regex.Pattern;
import org.jeecg.common.exception.JeecgSqlInjectionException;
import org.jeecg.common.util.oConvertUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* compiled from: SqlInjectionUtil.java */
/* loaded from: input_file:org/jeecg/modules/drag/util/k.class */
public class k {
    private static final String c = "and |exec |peformance_schema|information_schema|extractvalue|updatexml|geohash|gtid_subset|gtid_subtract|insert |select |delete |update |drop |count |chr |mid |master |truncate |char |declare |;|or |+|--";
    private static final String[] g;
    private static final Pattern h;
    private static final String i = "--";
    private static final String j = "请注意，存在SQL注入关键词---> {}";
    private static final String k = "请注意，值可能存在SQL注入风险!--->";
    private static final String l = "请注意，值可能存在SQL注入风险!---> {}";
    private static Pattern m;
    static final Pattern a;
    private static final Logger b = LoggerFactory.getLogger(k.class);
    private static String d = "exec |peformance_schema|information_schema|extractvalue|updatexml|geohash|gtid_subset|gtid_subtract|insert |alter |delete |grant |update |drop |master |truncate |declare |--";
    private static String e = "exec |peformance_schema|information_schema|extractvalue|updatexml|geohash|gtid_subset|gtid_subtract|insert |select |delete |update |drop |count |chr |mid |master |truncate |char |declare |;|+|--";
    private static List<String> f = new ArrayList();

    public static void a(String... strArr) {
        a(strArr, (String) null);
    }

    public static void a(String str, String str2) {
        if (str == null || org.jeecg.modules.drag.a.c.q.equals(str)) {
            return;
        }
        c(str);
        String trim = str.toLowerCase().trim();
        String[] split = c.split("\\|");
        for (int i2 = 0; i2 < split.length; i2++) {
            if (trim.indexOf(split[i2]) > -1) {
                b.error(j, split[i2]);
                b.error(l, trim);
                throw new JeecgSqlInjectionException(k + trim);
            }
        }
        if (str2 != null) {
            String[] split2 = str2.split("\\|");
            for (int i3 = 0; i3 < split2.length; i3++) {
                if (trim.indexOf(split2[i3]) > -1) {
                    b.error(j, split2[i3]);
                    b.error(l, trim);
                    throw new JeecgSqlInjectionException(k + trim);
                }
            }
        }
        for (String str3 : g) {
            if (Pattern.matches(".*" + str3 + ".*", trim)) {
                b.error(j, str3);
                b.error(l, trim);
                throw new JeecgSqlInjectionException(k + trim);
            }
        }
    }

    private static boolean b(String str, String str2) {
        if (str.startsWith(str2.trim())) {
            return true;
        }
        if (!str.contains(str2)) {
            return false;
        }
        String str3 = " " + str2;
        if (f.contains(str2)) {
            str3 = str2;
        }
        if (str.contains(str3)) {
            return true;
        }
        for (String str4 : (List) ReUtil.findAll("\\s+\\S+" + str2, str, 0, new ArrayList())) {
            b.info("isExistSqlInjectKeyword —- 匹配到的SQL注入关键词：{}", str4);
            if (str4.contains("%") || str4.contains("+") || str4.contains(org.jeecg.modules.drag.a.c.E) || str4.contains("/") || str4.contains(")")) {
                return true;
            }
        }
        return false;
    }

    public static void a(String[] strArr, String str) {
        for (String str2 : strArr) {
            if (oConvertUtils.isEmpty(str2)) {
                return;
            }
            a(str2, str);
        }
    }

    public static void a(String str) {
        String[] split = e.split("\\|");
        if (str == null || org.jeecg.modules.drag.a.c.q.equals(str)) {
            return;
        }
        c(str);
        String trim = str.toLowerCase().trim();
        for (int i2 = 0; i2 < split.length; i2++) {
            if (b(trim, split[i2])) {
                b.error(j, split[i2]);
                b.error(l, trim);
                throw new JeecgSqlInjectionException(k + trim);
            }
        }
        for (String str2 : g) {
            if (Pattern.matches(".*" + str2 + ".*", trim)) {
                b.error(j, str2);
                b.error(l, trim);
                throw new JeecgSqlInjectionException(k + trim);
            }
        }
    }

    public static void b(String str) {
        String[] split = d.split("\\|");
        if (str == null || org.jeecg.modules.drag.a.c.q.equals(str)) {
            return;
        }
        c(str);
        String trim = str.toLowerCase().trim();
        for (int i2 = 0; i2 < split.length; i2++) {
            if (b(trim, split[i2])) {
                b.error(j, split[i2]);
                b.error(l, trim);
                throw new JeecgSqlInjectionException(k + trim);
            }
        }
        for (String str2 : g) {
            if (Pattern.matches(".*" + str2 + ".*", trim)) {
                b.error(j, str2);
                b.error(l, trim);
                throw new JeecgSqlInjectionException(k + trim);
            }
        }
    }

    public static void c(String str) {
        if (str.contains(i)) {
            b.error("请注意，SQL中不允许含注释，有安全风险！");
            throw new RuntimeException("请注意，SQL中不允许含注释，有安全风险！");
        }
        if (h.matcher(str).find()) {
            b.error("请注意，值可能存在SQL注入风险---> \\*.*\\");
            throw new JeecgSqlInjectionException("请注意，值可能存在SQL注入风险---> \\*.*\\");
        }
    }

    public static String d(String str) {
        if (oConvertUtils.isEmpty(str)) {
            return str;
        }
        String trim = str.trim();
        if (m.matcher(trim).matches()) {
            a(trim);
            return trim;
        }
        String str2 = "表名不合法，存在SQL注入风险!--->" + trim;
        b.error(str2);
        throw new JeecgSqlInjectionException(str2);
    }

    public static String e(String str) {
        if (oConvertUtils.isEmpty(str)) {
            return str;
        }
        String trim = str.trim();
        if (trim.contains(",")) {
            return b(trim.split(","));
        }
        if (a.matcher(trim).matches()) {
            a(trim);
            return trim;
        }
        String str2 = "字段不合法，存在SQL注入风险!--->" + trim;
        b.error(str2);
        throw new JeecgSqlInjectionException(str2);
    }

    public static String b(String... strArr) {
        for (String str : strArr) {
            e(str);
        }
        return String.join(",", strArr);
    }

    public static String f(String str) {
        return e(oConvertUtils.camelToUnderline(str));
    }

    public static List c(String... strArr) {
        ArrayList arrayList = new ArrayList();
        for (String str : strArr) {
            arrayList.add(f(str));
        }
        return arrayList;
    }

    public static String g(String str) {
        if (str == null) {
            return null;
        }
        return org.jeecg.modules.drag.a.c.aa.equalsIgnoreCase(str.trim()) ? org.jeecg.modules.drag.a.c.aa : org.jeecg.modules.drag.a.c.Z;
    }

    static {
        f.add(";");
        f.add("+");
        f.add(i);
        g = new String[]{"chr\\s*\\(", "mid\\s*\\(", " char\\s*\\(", "sleep\\s*\\(", "user\\s*\\(", "show\\s+tables", "user[\\s]*\\([\\s]*\\)", "show\\s+databases", "sleep\\(\\d*\\)", "sleep\\(.*\\)"};
        h = Pattern.compile("/\\*[\\s\\S]*\\*/");
        m = Pattern.compile("^[a-zA-Z][a-zA-Z0-9_\\$]{0,63}$");
        a = Pattern.compile("^[a-zA-Z0-9_]+$");
    }
}
