package com.f2bpm.base.core.utils;

import com.alibaba.nacos.api.common.Constants;
import com.f2bpm.base.core.utils.string.StringUtil;
import java.util.regex.Pattern;
import org.apache.pdfbox.pdmodel.common.PDPageLabelRange;

/* loaded from: input_file:BOOT-INF/lib/f2bpm-cloud-base-core-7.0.0.jar:com/f2bpm/base/core/utils/SqlInjectionUtil.class */
public class SqlInjectionUtil {
    public static final String injectKeys = ";|create |select |insert |delete |exec |into | and | or | where | count |drop table|update |truncate | master | net  | delay | waitfor | asc | mid | char |xp_cmdshell | ch ";
    public static final String todoListSearchInjectKeys = ";|create |1=|1 =|select |insert |delete |exec |into | or | where | count |drop table|update |truncate | master | net  | delay | waitfor | asc | mid | char |xp_cmdshell | ch ";
    public static String filterSqlInjection = "select;from,select;into,delete;from,drop;table,drop;database,update;set,truncate;table,create;table,exists;select,insert;into,asc(,xp_cmdshell,declare;@,exec;master,chr(,ch(,waitfor;delay";

    public static boolean validateSqlInjection(String str) {
        if (str == null) {
            return false;
        }
        for (String str2 : injectKeys.split(Constants.NAMING_HTTP_HEADER_SPLITTER)) {
            if (str.toLowerCase().indexOf(str2) > -1) {
                return true;
            }
        }
        return false;
    }

    public static void exceptionSqlInjection(String str) {
        if (str == null) {
            return;
        }
        String[] split = injectKeys.split(Constants.NAMING_HTTP_HEADER_SPLITTER);
        for (int i = 0; i < split.length; i++) {
            if (str.toLowerCase().indexOf(split[i]) > -1) {
                throw new RuntimeException("发现sql注入可能:" + split[i]);
            }
        }
    }

    public static String checkDangerSqlkey(String str) {
        String[] split = injectKeys.split(Constants.NAMING_HTTP_HEADER_SPLITTER);
        String lowerCase = str.toLowerCase();
        for (int i = 0; i < split.length; i++) {
            if (lowerCase.indexOf(split[i]) > -1) {
                return split[i];
            }
        }
        return "";
    }

    public static String filterKeywordInject(String str, String str2) {
        return str == null ? str : Pattern.compile(str2, 2).matcher(str).replaceAll(" ").replace("1=1", " ");
    }

    public static String filterKeywordInject(String str) {
        return str == null ? str : Pattern.compile(injectKeys, 2).matcher(str).replaceAll(" ").replace("1=1", " ");
    }

    public static String restoreSqlKeywords(String str) {
        return StringUtil.isEmpty(str) ? "" : str.replace("s_elect ", " select ").replace(" s_and ", " and ").replace(" s_or ", " or ");
    }

    public static void main(String[] strArr) {
        System.out.println(validateSqlInjection("AAsElect SELECT SelectA * from test where or id = 1 ch theAnd and A ANd B anD C AND select ascc Asc  name != 'sql' deleteA  and AND delEte AND  oR A or B OR aaa CH  3 and 1 And 2 And "));
        System.out.println(filterKeywordInject("AAsElect SELECT SelectA * from test where or id = 1 ch theAnd and A ANd B anD C AND select ascc Asc  name != 'sql' deleteA  and AND delEte AND  oR A or B OR aaa CH  3 and 1 And 2 And "));
        System.out.println("abcABC".replaceAll(PDPageLabelRange.STYLE_LETTERS_LOWER, "1"));
    }
}
