package org.hy.common.db;

import com.greenpineyu.fel.FelEngine;
import com.greenpineyu.fel.FelEngineImpl;
import java.util.regex.Pattern;
import org.hy.common.Date;
import org.hy.common.StringHelp;
import org.hy.common.xml.log.Logger;

/* loaded from: input_file:org/hy/common/db/DBSQLSafe.class */
public final class DBSQLSafe {
    private static final String $Comment = "--";
    private static final String $StringLimit = "'";
    private static final Logger $Logger = new Logger(DBSQLSafe.class, true);
    private static final String[] $Relation = {" AND ", " OR "};
    private static final String[] $Compares = {"!=", "<=", "<", ">=", ">", "="};
    private static final String[] $Compares_Fel = {"!=", "<=", "<", ">=", ">", "=="};
    private static final String[][] $SQLKeys = {new String[]{" UNION ", "SELECT ", " FROM "}, new String[]{"EXEC "}, new String[]{"SELECT ", " FROM "}, new String[]{"INSERT ", " INTO "}, new String[]{"MERGE ", " INTO "}, new String[]{"UPDATE ", " SET "}, new String[]{"DELETE "}, new String[]{"TRUNCATE ", " TABLE "}};
    private static final Pattern[] $Patterns = new Pattern[$SQLKeys.length + 1];
    private static final FelEngine $Fel = new FelEngineImpl();

    public static final boolean isSafe(String str) {
        String upperCase = str.toUpperCase();
        for (String str2 : $Relation) {
            if (!isSafe_Relations(upperCase, str2)) {
                $Logger.error(sqlAttackLog(str));
                return false;
            }
        }
        for (int i = 0; i < $SQLKeys.length; i++) {
            if (StringHelp.isContains(upperCase, true, true, $SQLKeys[i]) && $Patterns[i].matcher(upperCase).find()) {
                $Logger.error(sqlAttackLog(str));
                return false;
            }
        }
        return true;
    }

    public static final boolean isSafe_Relations(String str, String str2) {
        int indexOf = str.indexOf(str2);
        if (indexOf < 0) {
            return true;
        }
        String substring = str.substring(indexOf + str2.length());
        for (int i = 0; i < $Compares.length; i++) {
            String[] split = substring.split($Compares[i]);
            if (split.length >= 2) {
                if (i == 0) {
                    return true;
                }
                try {
                    if (((Boolean) $Fel.eval(split[0] + " " + $Compares_Fel[i] + " " + split[1])).booleanValue()) {
                        return false;
                    }
                } catch (Exception e) {
                    return true;
                }
            }
        }
        return true;
    }

    public static final boolean isSafe_SQLComment(String str) {
        int indexOf = str.indexOf($Comment);
        while (true) {
            int i = indexOf;
            if (i < 0) {
                return true;
            }
            String trim = str.substring(0, i).trim();
            if (trim.endsWith("'") && StringHelp.getCount(trim, '\'') % 2 == 0) {
                return false;
            }
            indexOf = str.indexOf($Comment, i + 2);
        }
    }

    public static final String sqlAttackLog(String str) {
        return "\n\n" + Date.getNowTime().getFull() + " SQL attack: " + str + "\n\n";
    }

    private DBSQLSafe() {
    }

    /* JADX WARN: Type inference failed for: r0v8, types: [java.lang.String[], java.lang.String[][]] */
    static {
        for (int i = 0; i < $SQLKeys.length; i++) {
            $Patterns[i] = Pattern.compile("(.+)\\s" + $SQLKeys[i][0].trim() + "\\s(.+)");
        }
    }
}
