package org.kawanfw.sql.api.server;

import java.util.ArrayList;
import java.util.Date;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Objects;
import java.util.Scanner;
import java.util.Set;
import java.util.StringTokenizer;
import org.apache.commons.lang3.StringUtils;
import org.kawanfw.sql.util.FrameworkDebug;
import org.kawanfw.sql.util.parser.SqlCommentsDetector;
import org.kawanfw.sql.util.parser.SqlStringTokenizer;

/* loaded from: input_file:org/kawanfw/sql/api/server/BasicSqlInjectionAnalyser.class */
public class BasicSqlInjectionAnalyser {
    private static boolean DEBUG = FrameworkDebug.isSet(BasicSqlInjectionAnalyser.class);
    private String sql;
    private boolean detectLineBreaks = true;
    private boolean detectComments = true;
    private boolean detectSeparators = true;
    private boolean detectTabs = true;
    private boolean detectDoubleQuotes = true;
    private boolean detectNoSpaces = true;
    private Set<String> forbiddenKeywordList = new LinkedHashSet();
    private boolean withLineBreaks;
    private boolean withComments;
    private boolean withSeparators;
    private boolean withTabs;
    private boolean withDoubleQuotes;
    private boolean withNoSpaces;
    private boolean withForbiddenKeywords;
    private boolean withOddQuotesNumber;
    private String keywordDetected;
    private boolean withNestedComments;
    private boolean withEqualValuesAroundEqual;
    private String anomalyDetected;

    public BasicSqlInjectionAnalyser(String str) {
        Objects.requireNonNull(str, "sql cannot be null!");
        this.sql = str;
    }

    public void setDetectTabs(boolean z) {
        this.detectTabs = z;
    }

    public void setDetectSeparators(boolean z) {
        this.detectSeparators = z;
    }

    public void setDetectLineBreaks(boolean z) {
        this.detectLineBreaks = z;
    }

    public void setDetectComments(boolean z) {
        this.detectComments = z;
    }

    public void setDetectDoubleQuotes(boolean z) {
        this.detectDoubleQuotes = z;
    }

    public void setDetectNoSpaces(boolean z) {
        this.detectNoSpaces = z;
    }

    public void setForbiddenKeywordList(Set<String> set) {
        Objects.requireNonNull(set, "forbiddenKeywordList cannot be null!");
        this.forbiddenKeywordList = set;
    }

    public String getAnomalyDetected() {
        return this.anomalyDetected;
    }

    public boolean isWithNestedComments() {
        return this.withNestedComments;
    }

    public boolean isWithLineBreaks() {
        return this.withLineBreaks;
    }

    public boolean isWithComments() {
        return this.withComments;
    }

    public boolean isWithSeparators() {
        return this.withSeparators;
    }

    public boolean isWithForbiddenKeywords() {
        return this.withForbiddenKeywords;
    }

    public boolean isWithEqualValuesAroundEqual() {
        return this.withEqualValuesAroundEqual;
    }

    public boolean isSqlInjectionSuspect() {
        if (this.withEqualValuesAroundEqual) {
            return true;
        }
        if (this.detectComments && this.withComments) {
            return true;
        }
        if (this.detectLineBreaks && this.withLineBreaks) {
            return true;
        }
        if (this.detectSeparators && this.withSeparators) {
            return true;
        }
        if ((this.detectTabs && this.withTabs) || this.withForbiddenKeywords) {
            return true;
        }
        if (this.detectDoubleQuotes && this.withDoubleQuotes) {
            return true;
        }
        return this.detectNoSpaces && this.withNoSpaces;
    }

    public void analyse() {
        initResults();
        if (this.detectNoSpaces && !this.sql.trim().contains(" ")) {
            this.withNoSpaces = true;
            this.anomalyDetected = "SqlWithNoSpaces";
        }
        this.withNestedComments = containsNestedComments(this.sql);
        if (this.withNestedComments) {
            this.anomalyDetected = "SqlWithNestedComments";
            return;
        }
        if (this.detectLineBreaks && checkIfStringContainsNewLineCharacters(this.sql)) {
            this.anomalyDetected = "SqlWithLineBreaks";
            this.withLineBreaks = true;
            return;
        }
        SqlCommentsDetector sqlCommentsDetector = new SqlCommentsDetector(this.sql);
        this.sql = sqlCommentsDetector.removeComments();
        this.withComments = sqlCommentsDetector.isWithComments();
        if (this.detectComments && this.withComments) {
            this.anomalyDetected = "SqlWithComments";
            return;
        }
        debug("sql after remove comments: " + this.sql);
        debug("this.withComments        : " + this.withComments);
        if (StringUtils.countMatches(this.sql, "'") % 2 != 0) {
            this.withOddQuotesNumber = true;
            this.anomalyDetected = "SqlWithOddQuotesNumber";
            return;
        }
        if (hasEqualValuesAroundEqual(this.sql)) {
            this.withEqualValuesAroundEqual = true;
            this.anomalyDetected = "SqlWithEqualValuesAroundEqual";
            return;
        }
        List<String> tokensSplitOnSinglesQuotes = SqlStringTokenizer.getTokensSplitOnSinglesQuotes(this.sql);
        debug("Split on quotes - display 2:");
        for (int i = 0; i < tokensSplitOnSinglesQuotes.size(); i++) {
            debug(String.valueOf(i) + ": " + tokensSplitOnSinglesQuotes.get(i));
            if (i % 2 == 0 && analyseDeep(tokensSplitOnSinglesQuotes.get(i))) {
                return;
            }
        }
    }

    private void initResults() {
        this.withLineBreaks = false;
        this.withComments = false;
        this.withSeparators = false;
        this.withTabs = false;
        this.withForbiddenKeywords = false;
        this.withOddQuotesNumber = false;
        this.keywordDetected = null;
        this.withNestedComments = false;
        this.withEqualValuesAroundEqual = false;
        this.withDoubleQuotes = false;
        this.withNoSpaces = false;
        this.anomalyDetected = null;
    }

    public boolean isWithOddQuotesNumber() {
        return this.withOddQuotesNumber;
    }

    private boolean analyseDeep(String str) {
        if (this.detectComments && (str.contains("--") || str.contains("#"))) {
            this.withComments = true;
            this.anomalyDetected = "SqlWithComments";
            return true;
        }
        if (this.detectSeparators && str.contains(";")) {
            this.withSeparators = true;
            this.anomalyDetected = "SqlWithSeparators";
            return true;
        }
        if (this.detectTabs && str.contains("\t")) {
            this.withTabs = true;
            this.anomalyDetected = "SqlWithTabs";
            return true;
        }
        if (this.detectDoubleQuotes && str.contains("\"")) {
            this.withDoubleQuotes = true;
            this.anomalyDetected = "SqlWithDoubleQuotes";
            return true;
        }
        if (!containsForbiddenKeywords(str)) {
            return false;
        }
        this.withForbiddenKeywords = true;
        this.anomalyDetected = "SqlWithForbiddenKeywords. Keyword detected: " + this.keywordDetected;
        return true;
    }

    public static boolean hasEqualValuesAroundEqual(String str) {
        String str2;
        String str3 = str;
        while (true) {
            str2 = str3;
            if (!str2.contains("= ")) {
                break;
            }
            str3 = StringUtils.replace(str2, "= ", "=");
        }
        while (str2.contains(" =")) {
            str2 = StringUtils.replace(str2, " =", "=");
        }
        List<String> tokensSplitOnEquals = getTokensSplitOnEquals(str2);
        boolean z = false;
        for (int i = 0; i < tokensSplitOnEquals.size(); i++) {
            debug("hasEqualValuesAroundEqual " + i + ": " + tokensSplitOnEquals.get(i));
            if (i != 0) {
                String trim = StringUtils.substringBefore(tokensSplitOnEquals.get(i), " ").trim();
                String trim2 = StringUtils.substringAfterLast(tokensSplitOnEquals.get(i - 1).trim(), " ").trim();
                if (trim.equals(trim2)) {
                    debug("Injection on: " + trim2 + "=" + trim);
                    z = true;
                }
            }
        }
        return z;
    }

    private static List<String> getTokensSplitOnEquals(String str) {
        Objects.requireNonNull(str, "sql cannot be null!");
        ArrayList arrayList = new ArrayList();
        StringTokenizer stringTokenizer = new StringTokenizer(str, "=", false);
        while (stringTokenizer.hasMoreElements()) {
            arrayList.add(stringTokenizer.nextToken());
        }
        return arrayList;
    }

    public static boolean containsNestedComments(String str) {
        Objects.requireNonNull(str, "sql cannot be null!");
        for (String str2 : str.split("/\\*")) {
            debug("Split on /*: " + str2);
            if (StringUtils.countMatches(str2, "*/") > 1 && (!str2.contains("'") || str2.indexOf("'") <= StringUtils.lastIndexOf(str2, "*/"))) {
                debug("Contains > 1 */");
                return true;
            }
        }
        return false;
    }

    private boolean containsForbiddenKeywords(String str) {
        String lowerCase = str.trim().toLowerCase();
        if (StringUtils.lastIndexOf(lowerCase, "#") > StringUtils.lastIndexOf(lowerCase, "'")) {
            lowerCase = StringUtils.substringBeforeLast(lowerCase, "#");
        }
        if (StringUtils.lastIndexOf(lowerCase, "--") > StringUtils.lastIndexOf(lowerCase, "'")) {
            lowerCase = StringUtils.substringBeforeLast(lowerCase, "--");
        }
        for (String str2 : this.forbiddenKeywordList) {
            if (lowerCase.contains(str2.toLowerCase())) {
                this.keywordDetected = str2;
                return true;
            }
        }
        return false;
    }

    private static boolean checkIfStringContainsNewLineCharacters(String str) {
        if (StringUtils.isEmpty(str)) {
            return false;
        }
        Scanner scanner = new Scanner(str);
        scanner.nextLine();
        boolean hasNextLine = scanner.hasNextLine();
        scanner.close();
        return hasNextLine;
    }

    private static void debug(String str) {
        if (DEBUG) {
            System.out.println(new Date() + " " + str);
        }
    }
}
