package net.mingsoft.basic.util;

import java.util.regex.Matcher;
import java.util.regex.Pattern;
import net.mingsoft.base.util.BundleUtil;
import net.mingsoft.basic.constant.Const;
import net.mingsoft.basic.exception.BusinessException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpStatus;

/* loaded from: input_file:net/mingsoft/basic/util/SqlInjectionUtil.class */
public class SqlInjectionUtil {
    private static final String xssStr = "'|and |exec |insert |select |delete |update |drop |count |chr |mid |master |truncate |char |declare |;|or |+|,";
    private static Logger LOG = LoggerFactory.getLogger(SqlInjectionUtil.class);
    private static final String reg = "(?:')|(?:--)|(/\\*(?:.|[\\n\\r])*?\\*/)|(\\b(select|update|and|or|delete|insert|trancate|char|into|substr|ascii|declare|exec|count|master|into|drop|execute)\\b)";
    private static final Pattern sqlPattern = Pattern.compile(reg, 2);

    public static void filterContent(String str) {
        if (str == null || "".equals(str)) {
            return;
        }
        String lowerCase = str.toLowerCase();
        String[] split = xssStr.split("\\|");
        for (int i = 0; i < split.length; i++) {
            if (lowerCase.indexOf(split[i]) > -1) {
                LOG.info("请注意，存在SQL注入关键词---> {}", split[i]);
                LOG.info("请注意，值可能存在SQL注入风险!---> {}", lowerCase);
                throw new BusinessException(HttpStatus.NOT_ACCEPTABLE, BundleUtil.getLocaleString("sql.param.illegal", Const.RESOURCES));
            }
        }
    }

    public static void filterContent(String[] strArr) {
        String[] split = xssStr.split("\\|");
        for (String str : strArr) {
            if (str != null && !"".equals(str)) {
                String lowerCase = str.toLowerCase();
                for (int i = 0; i < split.length; i++) {
                    if (lowerCase.indexOf(split[i]) > -1) {
                        LOG.info("请注意，存在SQL注入关键词---> {}", split[i]);
                        LOG.info("请注意，值可能存在SQL注入风险!---> {}", lowerCase);
                        throw new BusinessException(HttpStatus.NOT_ACCEPTABLE, BundleUtil.getLocaleString("sql.param.illegal", Const.RESOURCES));
                    }
                }
            }
        }
    }

    public static boolean isSqlValid(String str) {
        Matcher matcher = sqlPattern.matcher(str);
        if (!matcher.find()) {
            return true;
        }
        LOG.info("参数存在非法字符，请确认：" + matcher.group());
        return false;
    }
}
