package com.shiji.core.util;

import com.alibaba.druid.sql.ast.SQLExpr;
import com.alibaba.druid.sql.ast.expr.SQLCharExpr;
import com.product.exception.ServiceRuntimeException;

/* loaded from: input_file:com/shiji/core/util/SQLCheckUtil.class */
public class SQLCheckUtil {
    public static SQLExpr filterIllegalChar(SQLExpr sQLExpr) {
        if (sQLExpr == null) {
            return null;
        }
        if (!(sQLExpr instanceof SQLCharExpr)) {
            return sQLExpr;
        }
        String text = ((SQLCharExpr) sQLExpr).getText();
        if (containsSqlQuery(text)) {
            throw new ServiceRuntimeException("SQL参数中出现SQL注入语句: " + text);
        }
        return containsIllegalChars(text) ? new SQLCharExpr(text.replaceAll("[\"'*]", "")) : sQLExpr;
    }

    private static boolean containsIllegalChars(String str) {
        return str.contains("'") || str.contains("\"") || str.contains("*");
    }

    private static boolean containsSqlQuery(String str) {
        if (str == null) {
            return false;
        }
        String lowerCase = str.toLowerCase();
        return (lowerCase.contains("select") && lowerCase.contains("from")) || (lowerCase.contains("update") && lowerCase.contains("set")) || ((lowerCase.contains("delete") && lowerCase.contains("from")) || ((lowerCase.contains("insert") && lowerCase.contains("into")) || ((lowerCase.contains("case") && lowerCase.contains("when")) || ((lowerCase.contains("drop") && lowerCase.contains("table")) || (lowerCase.contains("truncate") && lowerCase.contains("table"))))));
    }

    private static boolean isNumeric(String str) {
        return str.matches("-?\\d+(\\.\\d+)?");
    }
}
