package testcode.sqli.stringbuilder;

import javax.persistence.EntityManager;
import testcode.sqli.UserEntity;

/* loaded from: input_file:testcode/sqli/stringbuilder/StringBuilderSuspicious.class */
public abstract class StringBuilderSuspicious {
    EntityManager em;

    public UserEntity queryTaintedValueInConstructor(String str, boolean z) {
        StringBuilder sb = new StringBuilder("select * from Users where name = '" + str + "'");
        if (z) {
            sb.append(" and active = true");
        }
        return (UserEntity) this.em.createQuery(sb.toString(), UserEntity.class).setParameter("usernameParam", str).getSingleResult();
    }

    public UserEntity queryTaintedValueInAppendMethod1(String str, String str2) {
        StringBuilder sb = new StringBuilder("select * from Users where name = usernameParam");
        if (!"".equals(str2)) {
            sb.append(" and active = " + str2);
        }
        return (UserEntity) this.em.createQuery(sb.toString(), UserEntity.class).setParameter("usernameParam", str).getSingleResult();
    }

    public UserEntity queryTaintedValueInAppendMethod2(String str, String str2) {
        StringBuilder sb = new StringBuilder("select * from Users where name = usernameParam");
        sb.append(" ");
        sb.append(" and active = " + str2);
        sb.append(" ");
        return (UserEntity) this.em.createQuery(sb.toString(), UserEntity.class).setParameter("usernameParam", str).getSingleResult();
    }

    public abstract StringBuilder getSomeStringBuilder();

    public UserEntity queryUnknownSource1(String str, String str2) {
        StringBuilder someStringBuilder = getSomeStringBuilder();
        someStringBuilder.append(" and active = true");
        someStringBuilder.append(" and super = true");
        someStringBuilder.append(" and magic = true");
        return (UserEntity) this.em.createQuery(someStringBuilder.toString(), UserEntity.class).setParameter("usernameParam", str).getSingleResult();
    }

    public abstract String getSomeExtraCondition(String str);

    public UserEntity queryUnknownSource2(String str, String str2) {
        return (UserEntity) this.em.createQuery("select * from Users where name = usernameParam and active = true" + getSomeExtraCondition(str) + " and magic = true", UserEntity.class).setParameter("usernameParam", str).getSingleResult();
    }

    public abstract void modifyMe(StringBuilder sb);

    public UserEntity queryUnknownTransformation(String str, String str2) {
        StringBuilder sb = new StringBuilder("select * from Users where name = usernameParam");
        sb.append(" and active = true");
        modifyMe(sb);
        return (UserEntity) this.em.createQuery(sb.toString(), UserEntity.class).setParameter("usernameParam", str).getSingleResult();
    }
}
