package cn.xphsc.web.boot.sqlInjection.utils;

import cn.xphsc.web.utils.StringUtils;
import java.util.HashSet;
import java.util.Set;

/* loaded from: input_file:cn/xphsc/web/boot/sqlInjection/utils/SqlInjectionUtils.class */
public class SqlInjectionUtils {
    private static Set<String> NOT_ALLOEWD_KEYWORDS = new HashSet(23);
    private static String SQL_KEYWORD = "select|update|and|or|delete|insert|trancate|char|into|substr|ascii|declare|exec|count|master|drop|execute|from|version|user|database|extractvalue|concat|system_user|updatexml";
    private static String STRING_REGEX = "\\s*( |\\t|\\r|\\n|\\()\\s*";

    public static boolean checkSqlKeyWords(String str) {
        if (StringUtils.isEmpty(str)) {
            return true;
        }
        for (String str2 : str.split(STRING_REGEX)) {
            if (NOT_ALLOEWD_KEYWORDS.contains(str2.toLowerCase())) {
                return false;
            }
        }
        return true;
    }

    public static String cleanSqlKeyWords(String str) {
        String str2 = str;
        for (String str3 : str2.split(STRING_REGEX)) {
            if (NOT_ALLOEWD_KEYWORDS.contains(str3.toLowerCase())) {
                str2 = StringUtils.replace(str2, str3, StringUtils.EMPTY);
            }
        }
        return str2;
    }

    static {
        for (String str : SQL_KEYWORD.split("\\|")) {
            NOT_ALLOEWD_KEYWORDS.add(str);
        }
    }
}
