package cn.antcore.resources.db.select;

import cn.antcore.resources.utils.ArrayUtils;

/* loaded from: input_file:cn/antcore/resources/db/select/Select.class */
public final class Select {
    private StringBuilder builder = new StringBuilder();

    /* loaded from: input_file:cn/antcore/resources/db/select/Select$SelectColumn.class */
    public static class SelectColumn {
        private final StringBuilder builder;

        public SelectColumn(StringBuilder sb) {
            this.builder = sb;
        }

        public SelectColumn column(String... strArr) {
            this.builder.insert(7, ArrayUtils.toString(strArr));
            return this;
        }

        public SelectColumn columnAll() {
            this.builder.insert(7, "*");
            return this;
        }

        public String toString() {
            return this.builder.toString();
        }
    }

    public Select() {
        this.builder.append("select  ");
    }

    public SelectColumn table(String str) {
        if (judgeXSS(str)) {
            throw new IllegalArgumentException("Table name error.");
        }
        this.builder.append("from ").append(str);
        return new SelectColumn(this.builder);
    }

    public String toString() {
        return this.builder.toString();
    }

    public boolean judgeXSS(String str) {
        if (str == null || "".equals(str)) {
            return false;
        }
        for (String str2 : "'|and|exec|execute|insert|select|delete|update|count|drop|*|%|chr|mid|master|truncate|char|declare|sitename|net user|xp_cmdshell|;|or|-|+|,|like'|and|exec|execute|insert|create|drop|table|from|grant|use|group_concat|column_name|information_schema.columns|table_schema|union|where|select|delete|update|order|by|count|*|chr|mid|master|truncate|char|declare|or|;|-|--|+|,|like|//|/|%|#".split("\\|")) {
            if (str.indexOf(str2) > -1) {
                return true;
            }
        }
        return false;
    }
}
