package top.jpower.jpower.module.common.utils;

import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:top/jpower/jpower/module/common/utils/SqlInjectionUtil.class */
public class SqlInjectionUtil {
    private static final Logger logger = LoggerFactory.getLogger(SqlInjectionUtil.class);
    private static final String[] SENSITIVE_CHAR = {"'", "--", "|", "<", ">", " or ", " xor ", " and ", "&lt;", "&gt;", "&#34", "&#349", "%27"};
    public static final String[] SQL_CHAR = {"delete", "drop", "create", "select", "truncate", "update", "insert", "alter", "declare", "xp_cmdshell", "exec", "execute"};
    private static final String[] JS_CHAR = {"<img", "%3cimg", "<script", "%3cscript", "alert", "console", "document.location", "window.location", "javascript"};

    public static String filter(String str) {
        if (StringUtils.isBlank(str)) {
            return "";
        }
        for (String str2 : SENSITIVE_CHAR) {
            if (str.toLowerCase().contains(str2)) {
                str = str.replaceAll("(?i)" + str2, "");
            }
        }
        for (String str3 : SQL_CHAR) {
            if (str.toLowerCase().contains(str3 + " ")) {
                str = str.replaceAll("(?i)" + str3, "");
            }
        }
        for (String str4 : JS_CHAR) {
            if (str.toLowerCase().replaceAll("\\s", "").contains(str4)) {
                str = str.replaceAll("(?i)" + str4, "");
            }
        }
        if (!str.equals(str)) {
            logger.warn("检测到非法字符并已过滤。\n请求地址：{}\n原字符：{} \n新字符：{}", new Object[]{WebUtil.getRequest().getServletPath(), str, str});
        }
        return str;
    }

    public static Map<String, Object> filterMap(Map<String, Object> map, boolean z) {
        HashMap hashMap = new HashMap();
        for (Map.Entry<String, Object> entry : map.entrySet()) {
            if (z) {
                if (null != entry.getKey() && null != entry.getValue()) {
                    hashMap.put(filter(entry.getKey()), filter(entry.getValue().toString()));
                } else if (null != entry.getKey()) {
                    hashMap.put(filter(entry.getKey()), null);
                }
            } else if (null != entry.getValue()) {
                hashMap.put(entry.getKey(), filter(entry.getValue().toString()));
            } else {
                hashMap.put(entry.getKey(), null);
            }
        }
        return hashMap;
    }

    public static String filterParameters(String str, Map<String, String[]> map) {
        String str2;
        String str3 = "";
        Iterator<Map.Entry<String, String[]>> it = map.entrySet().iterator();
        while (it.hasNext()) {
            String[] value = it.next().getValue();
            if (null == value) {
                str2 = "";
            } else if (value.length > 1) {
                for (String str4 : value) {
                    str3 = str4 + ",";
                }
                str2 = str3.substring(0, str3.length() - 1);
            } else {
                str2 = value[0];
            }
            str3 = str2;
            str = str.replace(str3, filter(str3));
        }
        return str;
    }
}
