package top.continew.starter.data.core.util;

import cn.hutool.core.text.CharSequenceUtil;
import java.util.regex.Pattern;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:top/continew/starter/data/core/util/SqlInjectionUtils.class */
public class SqlInjectionUtils {
    private static final String SQL_SYNTAX_KEYWORD = "and |exec |peformance_schema|information_schema|extractvalue|updatexml|geohash|gtid_subset|gtid_subtract|insert |select |delete |update |drop |count |chr |mid |master |truncate |char |declare |;|or |+|--";
    private static final String MESSAGE_TEMPLATE = "SQL 注入检查: 检查值=>{}<=存在 SQL 注入关键字, 关键字=>{}<=";
    private static final Logger log = LoggerFactory.getLogger(SqlInjectionUtils.class);
    private static final Pattern SQL_SYNTAX_PATTERN = Pattern.compile("(insert|delete|update|select|create|drop|truncate|grant|alter|deny|revoke|call|execute|exec|declare|show|rename|set)\\s+.*(into|from|set|where|table|database|view|index|on|cursor|procedure|trigger|for|password|union|and|or)|(select\\s*\\*\\s*from\\s+)|(and|or)\\s+.*", 2);
    private static final Pattern SQL_COMMENT_PATTERN = Pattern.compile("'.*(or|union|--|#|/\\*|;)", 2);
    private static final String[] SQL_FUNCTION_PATTERN = {"chr\\s*\\(", "mid\\s*\\(", " char\\s*\\(", "sleep\\s*\\(", "user\\s*\\(", "show\\s+tables", "user[\\s]*\\([\\s]*\\)", "show\\s+databases", "sleep\\(\\d*\\)", "sleep\\(.*\\)"};

    private SqlInjectionUtils() {
    }

    public static boolean check(String str) {
        return check(str, null);
    }

    public static boolean check(String str, String str2) {
        if (CharSequenceUtil.isBlank(str)) {
            return false;
        }
        if (SQL_COMMENT_PATTERN.matcher(str).find() || SQL_SYNTAX_PATTERN.matcher(str).find()) {
            log.warn("SQL 注入检查: 检查值=>{}<=存在 SQL 注释字符或 SQL 注入敏感字符", str);
            return true;
        }
        String trim = str.toLowerCase().trim();
        if (checkKeyword(trim, SQL_SYNTAX_KEYWORD.split("\\|"))) {
            return true;
        }
        if (CharSequenceUtil.isNotBlank(str2) && checkKeyword(trim, str2.split("\\|"))) {
            return true;
        }
        for (String str3 : SQL_FUNCTION_PATTERN) {
            if (Pattern.matches(".*" + str3 + ".*", trim)) {
                log.warn(MESSAGE_TEMPLATE, trim, str3);
                return true;
            }
        }
        return false;
    }

    private static boolean checkKeyword(String str, String[] strArr) {
        for (String str2 : strArr) {
            if (str.contains(str2)) {
                log.warn(MESSAGE_TEMPLATE, str, str2);
                return true;
            }
        }
        return false;
    }
}
