package org.jeecg.modules.jmreport.common.b;

import java.util.regex.Pattern;
import org.jeecg.modules.jmreport.common.expetion.JimuReportException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* compiled from: SqlInjectionUtil.java */
/* loaded from: input_file:org/jeecg/modules/jmreport/common/b/i.class */
public class i {
    private static final String b = " exec |peformance_schema|information_schema|extractvalue|updatexml|geohash|gtid_subset|gtid_subtract|insert |alter |delete | grant |update |drop | chr | mid | master |truncate | char | declare |user()|";
    private static final String c = "show\\s+tables";
    private static final String d = "user[\\s]*\\([\\s]*\\)";
    private static final Logger a = LoggerFactory.getLogger(i.class);
    private static final Pattern e = Pattern.compile("/\\*[\\s\\S]*\\*/");
    private static final Pattern f = Pattern.compile("sleep\\(\\d*\\)");

    public static void a(String str) {
        String[] split = b.split(org.jeecg.modules.jmreport.common.constant.d.am);
        if (str == null || "".equals(str)) {
            return;
        }
        b(str);
        String lowerCase = str.toLowerCase();
        c(lowerCase);
        String replaceAll = lowerCase.replaceAll("/\\*.*\\*/", "");
        for (int i = 0; i < split.length; i++) {
            if (replaceAll.indexOf(split[i]) > -1 || replaceAll.startsWith(split[i].trim())) {
                a.error("请注意，存在SQL注入关键词---> {}", split[i]);
                a.error("请注意，值可能存在SQL注入风险!---> {}", replaceAll);
                throw new JimuReportException(1001, "请注意，值可能存在SQL注入风险!--->" + replaceAll);
            }
        }
        if (Pattern.matches(c, replaceAll) || Pattern.matches(d, replaceAll)) {
            throw new RuntimeException("请注意，值可能存在SQL注入风险!--->" + replaceAll);
        }
    }

    public static void b(String str) {
        if (e.matcher(str).find()) {
            a.error("请注意，值可能存在SQL注入风险---> \\*.*\\");
            throw new RuntimeException("请注意，值可能存在SQL注入风险---> \\*.*\\");
        }
    }

    public static void c(String str) {
        if (f.matcher(str).find()) {
            a.error("请注意，值可能存在SQL注入风险---> \\*.*\\");
            throw new RuntimeException("请注意，值可能存在SQL注入风险---> \\*.*\\");
        }
    }
}
