package cn.bootx.platform.common.core.util;

import cn.bootx.platform.common.core.exception.DangerSqlException;
import java.util.regex.Pattern;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:cn/bootx/platform/common/core/util/SqlInjectionUtil.class */
public final class SqlInjectionUtil {
    private static final String XSS_STR = "and |extractvalue|updatexml|geohash|gtid_subset|gtid_subtract|exec |insert |select |delete |update |drop |count |chr |mid |master |truncate |char |declare |;|or |+|user()";
    private static final String REGULAR_EXPRE_USER = "user[\\s]*\\([\\s]*\\)";
    private static final String SHOW_TABLES = "show\\s+tables";
    private static final Logger log = LoggerFactory.getLogger(SqlInjectionUtil.class);
    private static final Pattern SQL_ANNOTATION = Pattern.compile("/\\*[\\s\\S]*\\*/");

    public static void filterContent(String str) {
        filterContent(str, (String) null);
    }

    public static void filterContent(String str, String str2) {
        if (str == null || "".equals(str)) {
            return;
        }
        checkSqlAnnotation(str);
        String lowerCase = str.toLowerCase();
        for (String str3 : XSS_STR.split("\\|")) {
            if (lowerCase.contains(str3)) {
                log.error("请注意，存在SQL注入关键词---> {}", str3);
                log.error("请注意，值可能存在SQL注入风险!---> {}", lowerCase);
                throw new DangerSqlException("请注意，值可能存在SQL注入风险!--->" + lowerCase);
            }
        }
        if (str2 != null) {
            for (String str4 : str2.split("\\|")) {
                if (lowerCase.contains(str4)) {
                    log.error("请注意，存在SQL注入关键词---> {}", str4);
                    log.error("请注意，值可能存在SQL注入风险!---> {}", lowerCase);
                    throw new DangerSqlException("请注意，值可能存在SQL注入风险!--->" + lowerCase);
                }
            }
        }
        if (Pattern.matches(SHOW_TABLES, lowerCase) || Pattern.matches(REGULAR_EXPRE_USER, lowerCase)) {
            throw new DangerSqlException("请注意，值可能存在SQL注入风险!--->" + lowerCase);
        }
    }

    public static void filterContent(String[] strArr) {
        filterContent(strArr, (String) null);
    }

    public static void filterContent(String[] strArr, String str) {
        String str2;
        String[] split = XSS_STR.split("\\|");
        int length = strArr.length;
        for (int i = 0; i < length && (str2 = strArr[i]) != null && !"".equals(str2); i++) {
            checkSqlAnnotation(str2);
            String lowerCase = str2.toLowerCase();
            for (String str3 : split) {
                if (lowerCase.contains(str3)) {
                    log.error("请注意，存在SQL注入关键词---> {}", str3);
                    log.error("请注意，值可能存在SQL注入风险!---> {}", lowerCase);
                    throw new DangerSqlException("请注意，值可能存在SQL注入风险!--->" + lowerCase);
                }
            }
            if (str != null) {
                for (String str4 : str.split("\\|")) {
                    if (lowerCase.contains(str4)) {
                        log.error("请注意，存在SQL注入关键词---> {}", str4);
                        log.error("请注意，值可能存在SQL注入风险!---> {}", lowerCase);
                        throw new DangerSqlException("请注意，值可能存在SQL注入风险!--->" + lowerCase);
                    }
                }
            }
            if (Pattern.matches(SHOW_TABLES, lowerCase) || Pattern.matches(REGULAR_EXPRE_USER, lowerCase)) {
                throw new DangerSqlException("请注意，值可能存在SQL注入风险!--->" + lowerCase);
            }
        }
    }

    public static void checkSqlAnnotation(String str) {
        if (SQL_ANNOTATION.matcher(str).find()) {
            log.error("请注意，值可能存在SQL注入风险---> \\*.*\\");
            throw new DangerSqlException("请注意，值可能存在SQL注入风险---> \\*.*\\");
        }
    }

    private SqlInjectionUtil() {
        throw new UnsupportedOperationException("This is a utility class and cannot be instantiated");
    }
}
