package net.mingsoft.base.util;

import java.sql.SQLException;
import java.util.Iterator;
import java.util.Map;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.jdbc.BadSqlGrammarException;

/* loaded from: input_file:net/mingsoft/base/util/SqlInjectionUtil.class */
public class SqlInjectionUtil {
    private static final String XSS_STR = "'|and |exec |insert |select |delete |update |drop |count |chr |mid |master |truncate |char |declare |;|or |+|,";
    private static final Logger LOG = LoggerFactory.getLogger(SqlInjectionUtil.class);
    private static final String REG = "(?:')|(?:--)|(/\\*(?:.|[\\n\\r])*?\\*/)| (\\b(select |update |and |or |delete |insert |trancate |char| into |substr |ascii |declare |exec |count |master|drop |execute )\\b)";
    private static final Pattern sqlPattern = Pattern.compile(REG, 2);

    public static void filterContent(String... strArr) {
        String[] split = XSS_STR.split("\\|");
        for (String str : strArr) {
            if (str != null && !"".equals(str)) {
                String lowerCase = str.toLowerCase();
                for (int i = 0; i < split.length; i++) {
                    if (lowerCase.indexOf(split[i]) > -1) {
                        LOG.info("请注意，存在SQL注入关键词---> {}", split[i]);
                        LOG.info("请注意，值可能存在SQL注入风险!---> {}", lowerCase);
                        throw new BadSqlGrammarException("", "bad sql" + lowerCase, new SQLException("当前操作存在SQL非法注入"));
                    }
                }
            }
        }
    }

    public static void filterContent(Map<String, String> map) {
        Iterator<String> it = map.keySet().iterator();
        while (it.hasNext()) {
            String obj = it.next().toString();
            String str = map.get(obj);
            filterContent(obj);
            filterContent(str);
        }
    }

    public static boolean isSqlValid(String str) {
        Matcher matcher = sqlPattern.matcher(str);
        if (!matcher.find() || !StringUtils.isNotBlank(matcher.group())) {
            return true;
        }
        LOG.info("参数存在非法字符，请确认：" + matcher.group());
        return false;
    }
}
