package com.feingto.cloud.gateway.filters.pre;

import com.feingto.cloud.core.http.client.HttpResult;
import com.feingto.cloud.gateway.filters.support.GwFilterConstants;
import com.feingto.cloud.gateway.filters.support.RequestHelper;
import com.netflix.zuul.ZuulFilter;
import com.netflix.zuul.context.RequestContext;
import java.util.Enumeration;
import javax.servlet.http.HttpServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/feingto/cloud/gateway/filters/pre/SqlFilter.class */
public class SqlFilter extends ZuulFilter {
    private static final Logger log = LoggerFactory.getLogger(SqlFilter.class);
    private final RequestHelper helper = new RequestHelper();

    public String filterType() {
        return "pre";
    }

    public int filterOrder() {
        return 0;
    }

    public boolean shouldFilter() {
        RequestContext currentContext = RequestContext.getCurrentContext();
        return currentContext.getThrowable() == null && currentContext.get(GwFilterConstants.API_KEY) != null;
    }

    public Object run() {
        HttpServletRequest request = RequestContext.getCurrentContext().getRequest();
        log.info("{} >>> {}", request.getMethod(), request.getRequestURL());
        Enumeration parameterNames = request.getParameterNames();
        while (parameterNames.hasMoreElements()) {
            try {
                String obj = parameterNames.nextElement().toString();
                for (String str : request.getParameterValues(obj)) {
                    if (hasSQLKeyword(str)) {
                        log.error("发现非法参数!", new Throwable("SQL注入攻击。参数名:" + obj + "，参数值:" + str));
                        this.helper.setResponse(HttpResult.error("数据传输过程中检测到非法参数！"));
                    }
                }
            } catch (Throwable th) {
                log.error(th.getMessage(), th);
                this.helper.setErrorResponse(th);
                return null;
            }
        }
        return null;
    }

    private boolean hasSQLKeyword(String str) {
        for (String str2 : "and|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare|or".split("\\|")) {
            if (str.equals(str2)) {
                return true;
            }
        }
        return false;
    }
}
