package com.ai.bss.infrastructure.util;

import com.ai.abc.exception.BaseException;
import com.ai.bss.infrastructure.constant.ExceptionMsgConsts;
import java.lang.reflect.Field;
import java.lang.reflect.InvocationTargetException;
import java.util.regex.Pattern;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/ai/bss/infrastructure/util/CheckSqlInjection.class */
public class CheckSqlInjection {
    private static final Logger log = LoggerFactory.getLogger(CheckSqlInjection.class);
    private static String msg = "参数不合法，存在安全风险";
    private static String CHECKSQL = " /(\\%27)|(\\')|(\\-\\-)|(\\%23)|(#)/ix";
    private static String CHECKSQL2 = "/\\w*((\\%27)|(\\'))((\\%6F)|o|(\\%4F))((\\%72)|r|(\\%52))/ix";
    private static String CHECKSQL3 = "/((\\%27)|(\\'))union/ix(\\%27)|(\\')";
    private static String CHECKSQL4 = "\\b(and|exec|insert|select|drop|grant|alter|delete|update|count|chr|mid|master|truncate|char|declare|or|sysdate|now|if\\()\\b|(\\*|;|\\+|'|%)";

    private static boolean CHECK(String str) {
        return Pattern.compile(CHECKSQL4).matcher(str).find();
    }

    public static void checkObject(Object obj) {
        if (obj != null) {
            try {
                if ("".equals(obj)) {
                    return;
                }
                if (obj instanceof String) {
                    if (Pattern.matches(CHECKSQL, obj.toString())) {
                        throw new BaseException(msg);
                    }
                    if (Pattern.matches(CHECKSQL2, obj.toString())) {
                        throw new BaseException(msg);
                    }
                    if (Pattern.matches(CHECKSQL3, obj.toString())) {
                        throw new BaseException(msg);
                    }
                    if (CHECK(obj.toString())) {
                        throw new BaseException(msg);
                    }
                    return;
                }
                Field[] declaredFields = obj.getClass().getDeclaredFields();
                for (int i = 0; i < declaredFields.length; i++) {
                    String name = declaredFields[i].getName();
                    String str = name.substring(0, 1).toUpperCase() + name.substring(1);
                    if (declaredFields[i].getGenericType().toString().equals("class java.lang.String")) {
                        log.debug(str);
                        String str2 = (String) obj.getClass().getMethod("get" + str, new Class[0]).invoke(obj, new Object[0]);
                        if (StringUtils.isEmpty(str2)) {
                            continue;
                        } else {
                            if (Pattern.matches(CHECKSQL, str2)) {
                                throw new BaseException(msg);
                            }
                            if (Pattern.matches(CHECKSQL2, str2)) {
                                throw new BaseException(msg);
                            }
                            if (Pattern.matches(CHECKSQL3, str2)) {
                                throw new BaseException(msg);
                            }
                            if (CHECK(str2)) {
                                throw new BaseException(msg);
                            }
                        }
                    }
                }
            } catch (Exception e) {
                throw new BaseException(ExceptionMsgConsts.paramNotExist(msg));
            }
        }
    }

    public static void main(String[] strArr) throws NoSuchMethodException, IllegalAccessException, InvocationTargetException {
        checkObject(new TestDto());
    }
}
