package club.gclmit.gear4j.safe.handler;

import club.gclmit.gear4j.core.lang.Log;
import club.gclmit.gear4j.core.lang.LoggerProvider;
import club.gclmit.gear4j.core.utils.StringUtils;
import java.util.regex.Pattern;

/* loaded from: input_file:club/gclmit/gear4j/safe/handler/SqlHandler.class */
public class SqlHandler {
    public static final String REG = "(?:')|(?:--)|(/\\*(?:.|[\\n\\r])*?\\*/)|(\\b(select|update|and|or|delete|insert|trancate|char|into|substr|ascii|declare|exec|count|master|into|drop|execute)\\b)";
    public static Pattern SQL_PATTERN = Pattern.compile(REG, 2);

    public static boolean isSqlInjection(String str) {
        if (StringUtils.isBlank(str) || !SQL_PATTERN.matcher(str).find()) {
            return false;
        }
        Log.info(LoggerProvider.GEAR4J, "SqlInjection提醒你参数存在非法字符，请确认：[{}]", new Object[]{str});
        return true;
    }
}
