package org.treeleafj.xmax.safe;

import java.util.Arrays;
import java.util.regex.Pattern;
import org.apache.commons.collections.CollectionUtils;

/* loaded from: input_file:org/treeleafj/xmax/safe/SqlUtils.class */
public class SqlUtils {
    private static final Pattern SQL_PATTERN_ANNOTATION = Pattern.compile("^.*/\\*.*?\\*/$");
    private static String[] badStrs;

    public static boolean isSqlInject(String str) {
        return SQL_PATTERN_ANNOTATION.matcher(str).find() || sqlValidate(str);
    }

    private static boolean sqlValidate(String str) {
        return CollectionUtils.containsAny(Arrays.asList(str.toLowerCase().split("\\s")), Arrays.asList(badStrs));
    }

    static {
        badStrs = null;
        badStrs = "and|exec|execute|insert|select|delete|update|count|drop|chr|mid|master|truncate|char|declare|sitename|net user|xp_cmdshell|or|create|table|from|grant|group_concat|column_name|information_schema.columns|table_schema|union|where|like|//|/|%|#".split("\\|");
    }
}
