package org.jeecg.modules.jmreport.common.util;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.regex.Pattern;
import org.jeecg.modules.jmreport.common.constant.JmConst;
import org.jeecg.modules.jmreport.common.expetion.JimuReportException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* compiled from: SqlInjectionUtil.java */
/* loaded from: input_file:org/jeecg/modules/jmreport/common/util/l.class */
public class l {
    private static final String c = "exec |peformance_schema|information_schema|extractvalue|updatexml|geohash|gtid_subset|gtid_subtract|insert |alter |delete |grant |update |drop |master |truncate |declare |--|";
    private static final String[] e;
    private static final Pattern f;
    private static final String g = "--";
    private static final String h = "请注意，存在SQL注入关键词---> {}";
    private static final String i = "请注意，值可能存在SQL注入风险!--->";
    private static final String j = "请注意，值可能存在SQL注入风险!---> {}";
    private static Pattern k;
    static final Pattern a;
    private static final Logger b = LoggerFactory.getLogger(l.class);
    private static List<String> d = new ArrayList();

    public static void a(String str) {
        String[] split = c.split(JmConst.JSON_CELL_TXT_SORT_SUFFIX);
        if (str == null || JmConst.STRING_EMPTY.equals(str)) {
            return;
        }
        b(str);
        String lowerCase = str.toLowerCase();
        if (e(lowerCase)) {
            return;
        }
        String replaceAll = lowerCase.replaceAll("/\\*.*\\*/", JmConst.STRING_EMPTY);
        for (int i2 = 0; i2 < split.length; i2++) {
            if (a(replaceAll, split[i2])) {
                b.error(h, split[i2]);
                b.error(j, replaceAll);
                throw new JimuReportException(1001, "请注意，值可能存在SQL注入风险!--->" + replaceAll);
            }
        }
        for (String str2 : e) {
            if (Pattern.matches(".*" + str2 + ".*", replaceAll)) {
                b.error(h, str2);
                b.error(j, replaceAll);
                throw new RuntimeException("请注意，值可能存在SQL注入风险!--->" + replaceAll);
            }
        }
    }

    private static boolean e(String str) {
        return Arrays.stream(org.jeecg.modules.jmreport.dyndb.util.b.getAllSql()).anyMatch(str2 -> {
            return str2.toLowerCase().equals(str);
        });
    }

    public static void b(String str) {
        if (str.contains(g)) {
            b.error("请注意，SQL中不允许含注释，有安全风险！");
            throw new RuntimeException("请注意，SQL中不允许含注释，有安全风险！");
        }
        if (f.matcher(str).find()) {
            b.error("请注意，SQL中不允许含注释，有安全风险！");
            throw new RuntimeException("请注意，SQL中不允许含注释，有安全风险！");
        }
    }

    public static String c(String str) {
        String trim = str.trim();
        if (k.matcher(trim).matches()) {
            a(trim);
            return trim;
        }
        String str2 = "表名不合法，存在SQL注入风险!--->" + trim;
        b.error(str2);
        throw new JimuReportException(str2);
    }

    public static String d(String str) {
        String trim = str.trim();
        if (trim.contains(JmConst.COMMA)) {
            return a(trim.split(JmConst.COMMA));
        }
        if (a.matcher(trim).matches()) {
            a(trim);
            return trim;
        }
        String str2 = "字段不合法，存在SQL注入风险!--->" + trim;
        b.error(str2);
        throw new JimuReportException(str2);
    }

    public static String a(String... strArr) {
        for (String str : strArr) {
            d(str);
        }
        return String.join(JmConst.COMMA, strArr);
    }

    private static boolean a(String str, String str2) {
        if (str.startsWith(str2.trim())) {
            return true;
        }
        if (!str.contains(str2)) {
            return false;
        }
        String str3 = " " + str2;
        if (d.contains(str2)) {
            str3 = str2;
        }
        if (str.contains(str3)) {
            return true;
        }
        for (String str4 : (List) d.a("\\s+\\S+" + str2, str, 0, new ArrayList())) {
            b.info("isExistSqlInjectKeyword —- 匹配到的SQL注入关键词：{}", str4);
            if (str4.contains("%") || str4.contains("+") || str4.contains("#") || str4.contains("/") || str4.contains(JmConst.RIGHT_BRACKET)) {
                return true;
            }
        }
        return false;
    }

    static {
        d.add(org.jeecg.modules.jmreport.common.constant.c.t);
        d.add("+");
        d.add(g);
        e = new String[]{"chr\\s*\\(", "mid\\s*\\(", " char\\s*\\(", "sleep\\s*\\(", "user\\s*\\(", "show\\s+tables", "user[\\s]*\\([\\s]*\\)", "show\\s+databases", "sleep\\(\\d*\\)", "sleep\\(.*\\)"};
        f = Pattern.compile("/\\*[\\s\\S]*\\*/");
        k = Pattern.compile("^[a-zA-Z][a-zA-Z0-9_]{0,63}$");
        a = Pattern.compile("^[a-zA-Z0-9_]+$");
    }
}
