package cn.herodotus.engine.assistant.core.utils.protect;

import cn.herodotus.stirrup.kernel.engine.json.gson.GsonUtils;
import com.google.gson.JsonArray;
import com.google.gson.JsonElement;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.regex.Pattern;
import java.util.stream.Stream;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang3.ObjectUtils;
import org.dromara.hutool.core.net.url.UrlDecoder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:cn/herodotus/engine/assistant/core/utils/protect/SqlInjectionUtils.class */
public class SqlInjectionUtils {
    private static final Logger log = LoggerFactory.getLogger(SqlInjectionUtils.class);
    private static final String SQL_REGEX = "\\b(and|or)\\b.{1,6}?(=|>|<|\\bin\\b|\\blike\\b)|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";
    private static final Pattern SQL_PATTERN = Pattern.compile(SQL_REGEX, 2);

    /* JADX INFO: Access modifiers changed from: private */
    public static boolean matching(String str, String str2) {
        if (!SQL_PATTERN.matcher(str2).find()) {
            return false;
        }
        log.error("[Herodotus] |- The parameter contains keywords {} that do not allow SQL!", str);
        return true;
    }

    private static String toLowerCase(Object obj) {
        return (String) Optional.ofNullable(obj).map((v0) -> {
            return v0.toString();
        }).map((v0) -> {
            return v0.toLowerCase();
        }).orElse("");
    }

    private static boolean checking(Object obj) {
        String lowerCase = toLowerCase(obj);
        return matching(lowerCase, lowerCase);
    }

    public static boolean checkForGet(String str) {
        String lowerCase = UrlDecoder.decode(str, StandardCharsets.UTF_8).toLowerCase();
        return ((Stream) Stream.of((Object[]) lowerCase.split("\\&")).map(str2 -> {
            return str2.substring(str2.indexOf("=") + 1);
        }).parallel()).anyMatch(str3 -> {
            return matching(lowerCase, str3);
        });
    }

    public static boolean checkForPost(String str) {
        ArrayList arrayList = new ArrayList();
        iterator(GsonUtils.toJsonElement(str), arrayList);
        return CollectionUtils.isNotEmpty(arrayList);
    }

    private static void iterator(JsonElement jsonElement, List<JsonElement> list) {
        if (jsonElement.isJsonNull()) {
            return;
        }
        if (jsonElement.isJsonPrimitive()) {
            if (checking(jsonElement.toString())) {
                list.add(jsonElement);
            }
        } else {
            if (!jsonElement.isJsonArray()) {
                if (jsonElement.isJsonObject()) {
                    Iterator it = jsonElement.getAsJsonObject().entrySet().iterator();
                    while (it.hasNext()) {
                        iterator((JsonElement) ((Map.Entry) it.next()).getValue(), list);
                    }
                    return;
                }
                return;
            }
            JsonArray asJsonArray = jsonElement.getAsJsonArray();
            if (ObjectUtils.isNotEmpty(asJsonArray)) {
                Iterator it2 = asJsonArray.iterator();
                while (it2.hasNext()) {
                    iterator((JsonElement) it2.next(), list);
                }
            }
        }
    }
}
