package org.jeecg.modules.jmreport.common.b;

import java.util.regex.Pattern;
import org.jeecg.modules.jmreport.common.expetion.JimuReportException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* compiled from: SqlInjectionUtil.java */
/* loaded from: input_file:org/jeecg/modules/jmreport/common/b/j.class */
public class j {
    private static final String c = " exec |peformance_schema|information_schema|extractvalue|updatexml|geohash|gtid_subset|gtid_subtract|insert |alter |delete | grant |update |drop | chr | mid | master |truncate | char | declare |user()|";
    private static final String d = "and |extractvalue|updatexml|geohash|gtid_subset|gtid_subtract|exec |insert |select |delete |update |drop |count |chr |mid |master |truncate |char |declare |;|or |+|user()|sleep(";
    private static final String e = "show\\s+tables";
    private static final String f = "user[\\s]*\\([\\s]*\\)";
    private static final Logger b = LoggerFactory.getLogger(j.class);
    private static final Pattern g = Pattern.compile("/\\*[\\s\\S]*\\*/");
    private static final Pattern h = Pattern.compile("sleep\\(\\d*\\)");
    private static Pattern i = Pattern.compile("^[a-zA-Z][a-zA-Z0-9_]{0,63}$");
    static final Pattern a = Pattern.compile("^[a-zA-Z0-9_]+$");

    public static void a(String str) {
        String[] split = c.split(org.jeecg.modules.jmreport.common.constant.d.ar);
        if (str == null || "".equals(str)) {
            return;
        }
        b(str);
        String lowerCase = str.toLowerCase();
        c(lowerCase);
        String replaceAll = lowerCase.replaceAll("/\\*.*\\*/", "");
        for (int i2 = 0; i2 < split.length; i2++) {
            if (replaceAll.indexOf(split[i2]) > -1 || replaceAll.startsWith(split[i2].trim())) {
                b.error("请注意，存在SQL注入关键词---> {}", split[i2]);
                b.error("请注意，值可能存在SQL注入风险!---> {}", replaceAll);
                throw new JimuReportException(1001, "请注意，值可能存在SQL注入风险!--->" + replaceAll);
            }
        }
        if (Pattern.matches(e, replaceAll) || Pattern.matches(f, replaceAll)) {
            throw new RuntimeException("请注意，值可能存在SQL注入风险!--->" + replaceAll);
        }
        if (!h.d((Object) replaceAll) || replaceAll.toLowerCase().trim().startsWith("call ")) {
            return;
        }
        b.debug("基于SQL语法分析方式，开始检查SQL注入风险---> {}", replaceAll);
    }

    public static void b(String str) {
        if (g.matcher(str).find()) {
            b.error("请注意，值可能存在SQL注入风险---> \\*.*\\");
            throw new RuntimeException("请注意，值可能存在SQL注入风险---> \\*.*\\");
        }
    }

    public static void c(String str) {
        if (h.matcher(str).find()) {
            b.error("请注意，值可能存在SQL注入风险---> \\*.*\\");
            throw new RuntimeException("请注意，值可能存在SQL注入风险---> \\*.*\\");
        }
    }

    public static String d(String str) {
        String trim = str.trim();
        if (i.matcher(trim).matches()) {
            b(trim);
            return trim;
        }
        String str2 = "表名不合法，存在SQL注入风险!--->" + trim;
        b.error(str2);
        throw new JimuReportException(str2);
    }

    public static String e(String str) {
        String trim = str.trim();
        if (trim.contains(org.jeecg.modules.jmreport.common.constant.d.bL)) {
            return a(trim.split(org.jeecg.modules.jmreport.common.constant.d.bL));
        }
        if (a.matcher(trim).matches()) {
            b(trim);
            return trim;
        }
        String str2 = "字段不合法，存在SQL注入风险!--->" + trim;
        b.error(str2);
        throw new JimuReportException(str2);
    }

    public static String a(String... strArr) {
        for (String str : strArr) {
            e(str);
        }
        return String.join(org.jeecg.modules.jmreport.common.constant.d.bL, strArr);
    }

    public static void b(String... strArr) {
        a(strArr, null);
    }

    public static void a(String[] strArr, String str) {
        String str2;
        String[] split = d.split(org.jeecg.modules.jmreport.common.constant.d.ar);
        int length = strArr.length;
        for (int i2 = 0; i2 < length && (str2 = strArr[i2]) != null && !"".equals(str2); i2++) {
            b(str2);
            String lowerCase = str2.toLowerCase();
            c(lowerCase);
            for (int i3 = 0; i3 < split.length; i3++) {
                if (lowerCase.indexOf(split[i3]) > -1) {
                    b.error("请注意，存在SQL注入关键词---> {}", split[i3]);
                    b.error("请注意，值可能存在SQL注入风险!---> {}", lowerCase);
                    throw new JimuReportException("请注意，值可能存在SQL注入风险!--->" + lowerCase);
                }
            }
            if (str != null) {
                String[] split2 = str.split(org.jeecg.modules.jmreport.common.constant.d.ar);
                for (int i4 = 0; i4 < split2.length; i4++) {
                    if (lowerCase.indexOf(split2[i4]) > -1) {
                        b.error("请注意，存在SQL注入关键词---> {}", split2[i4]);
                        b.error("请注意，值可能存在SQL注入风险!---> {}", lowerCase);
                        throw new JimuReportException("请注意，值可能存在SQL注入风险!--->" + lowerCase);
                    }
                }
            }
            if (Pattern.matches(e, lowerCase) || Pattern.matches(f, lowerCase)) {
                throw new JimuReportException("请注意，值可能存在SQL注入风险!--->" + lowerCase);
            }
            b.info("开始检查SQL注入风险---> {}", lowerCase);
        }
    }
}
