package com.touchbiz.db.starter.utils;

import com.touchbiz.common.utils.text.oConvertUtils;
import java.lang.reflect.Field;
import java.util.Set;
import java.util.regex.Pattern;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/touchbiz/db/starter/utils/SqlInjectionUtil.class */
public class SqlInjectionUtil {
    private static final Logger log = LoggerFactory.getLogger(SqlInjectionUtil.class);
    private static final String XSS_STR = "and |exec |insert |select |delete |update |drop |count |chr |mid |master |truncate |char |declare |;|or |+|user()";
    private static final String REGULAR_EXPRE_USER = "user[\\s]*\\([\\s]*\\)";
    private static final String SHOW_TABLES = "show\\s+tables";

    public static void filterContent(String str) {
        filterContent(str, (String) null);
    }

    public static void filterContent(String str, String str2) {
        if (str == null || "".equals(str)) {
            return;
        }
        String replaceAll = str.toLowerCase().replaceAll("/\\*.*\\*/", "");
        for (String str3 : XSS_STR.split("\\|")) {
            if (replaceAll.contains(str3)) {
                log.error("请注意，存在SQL注入关键词---> {}", str3);
                log.error("请注意，值可能存在SQL注入风险!---> {}", replaceAll);
                throw new RuntimeException("请注意，值可能存在SQL注入风险!--->" + replaceAll);
            }
        }
        if (str2 != null) {
            for (String str4 : str2.split("\\|")) {
                if (replaceAll.contains(str4)) {
                    log.error("请注意，存在SQL注入关键词---> {}", str4);
                    log.error("请注意，值可能存在SQL注入风险!---> {}", replaceAll);
                    throw new RuntimeException("请注意，值可能存在SQL注入风险!--->" + replaceAll);
                }
            }
        }
        if (Pattern.matches(SHOW_TABLES, replaceAll) || Pattern.matches(REGULAR_EXPRE_USER, replaceAll)) {
            throw new RuntimeException("请注意，值可能存在SQL注入风险!--->" + replaceAll);
        }
    }

    public static void filterContent(String[] strArr) {
        filterContent(strArr, (String) null);
    }

    public static void filterContent(String[] strArr, String str) {
        String str2;
        String[] split = XSS_STR.split("\\|");
        int length = strArr.length;
        for (int i = 0; i < length && (str2 = strArr[i]) != null && !"".equals(str2); i++) {
            String replaceAll = str2.toLowerCase().replaceAll("/\\*.*\\*/", "");
            for (String str3 : split) {
                if (replaceAll.contains(str3)) {
                    log.error("请注意，存在SQL注入关键词---> {}", str3);
                    log.error("请注意，值可能存在SQL注入风险!---> {}", replaceAll);
                    throw new RuntimeException("请注意，值可能存在SQL注入风险!--->" + replaceAll);
                }
            }
            if (str != null) {
                for (String str4 : str.split("\\|")) {
                    if (replaceAll.contains(str4)) {
                        log.error("请注意，存在SQL注入关键词---> {}", str4);
                        log.error("请注意，值可能存在SQL注入风险!---> {}", replaceAll);
                        throw new RuntimeException("请注意，值可能存在SQL注入风险!--->" + replaceAll);
                    }
                }
            }
            if (Pattern.matches(SHOW_TABLES, replaceAll) || Pattern.matches(REGULAR_EXPRE_USER, replaceAll)) {
                throw new RuntimeException("请注意，值可能存在SQL注入风险!--->" + replaceAll);
            }
        }
    }

    public static void specialFilterContentForDictSql(String str) {
        String[] split = " exec | insert | select | delete | update | drop | count | chr | mid | master | truncate | char | declare |;|+|user()".split("\\|");
        if (str == null || "".equals(str)) {
            return;
        }
        String replaceAll = str.toLowerCase().replaceAll("/\\*.*\\*/", "");
        for (String str2 : split) {
            if (replaceAll.contains(str2) || replaceAll.startsWith(str2.trim())) {
                log.error("请注意，存在SQL注入关键词---> {}", str2);
                log.error("请注意，值可能存在SQL注入风险!---> {}", replaceAll);
                throw new RuntimeException("请注意，值可能存在SQL注入风险!--->" + replaceAll);
            }
        }
        if (Pattern.matches(SHOW_TABLES, replaceAll) || Pattern.matches(REGULAR_EXPRE_USER, replaceAll)) {
            throw new RuntimeException("请注意，值可能存在SQL注入风险!--->" + replaceAll);
        }
    }

    public static void specialFilterContentForOnlineReport(String str) {
        String[] split = " exec | insert | delete | update | drop | chr | mid | master | truncate | char | declare |user()".split("\\|");
        if (str == null || "".equals(str)) {
            return;
        }
        String replaceAll = str.toLowerCase().replaceAll("/\\*.*\\*/", "");
        for (String str2 : split) {
            if (replaceAll.contains(str2) || replaceAll.startsWith(str2.trim())) {
                log.error("请注意，存在SQL注入关键词---> {}", str2);
                log.error("请注意，值可能存在SQL注入风险!---> {}", replaceAll);
                throw new RuntimeException("请注意，值可能存在SQL注入风险!--->" + replaceAll);
            }
        }
        if (Pattern.matches(SHOW_TABLES, replaceAll) || Pattern.matches(REGULAR_EXPRE_USER, replaceAll)) {
            throw new RuntimeException("请注意，值可能存在SQL注入风险!--->" + replaceAll);
        }
    }

    public static boolean isClassField(String str, Class cls) {
        for (Field field : cls.getDeclaredFields()) {
            String name = field.getName();
            String camelToUnderline = oConvertUtils.camelToUnderline(name);
            if (name.equalsIgnoreCase(str) || camelToUnderline.equalsIgnoreCase(str)) {
                return true;
            }
        }
        return false;
    }

    public static boolean isClassField(Set<String> set, Class cls) {
        Field[] declaredFields = cls.getDeclaredFields();
        for (String str : set) {
            boolean z = false;
            for (Field field : declaredFields) {
                String name = field.getName();
                String camelToUnderline = oConvertUtils.camelToUnderline(name);
                if (name.equalsIgnoreCase(str) || camelToUnderline.equalsIgnoreCase(str)) {
                    z = true;
                    break;
                }
            }
            if (!z) {
                return false;
            }
        }
        return true;
    }
}
