package com.gateway.invoke.security;

import com.alibaba.fastjson.JSONArray;
import com.alibaba.fastjson.JSONObject;
import com.gateway.connector.proto.Proto;
import com.gateway.message.SystemMessage;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/gateway/invoke/security/SqlInjSecurityCheck.class */
public class SqlInjSecurityCheck implements ISecurityCheck {
    private static int WhiteListCheck = 10004;
    private static String WhiteListCheckMsg = "";
    private final Logger logger = LoggerFactory.getLogger(getClass());
    private List<String> sqls = new ArrayList();

    public void init() {
        this.sqls.add("'");
        this.sqls.add("<");
        this.sqls.add(">");
        this.sqls.add("`");
        this.sqls.add("~");
        this.sqls.add("$");
        this.sqls.add("%");
        this.sqls.add("^");
        this.sqls.add("exec");
        this.sqls.add("insert");
        this.sqls.add("select");
        this.sqls.add("delete");
        this.sqls.add("update");
        this.sqls.add("mid");
        this.sqls.add("master");
        this.sqls.add("truncate");
        this.sqls.add("char");
        this.sqls.add("declare");
    }

    @Override // com.gateway.invoke.security.ISecurityCheck
    public SecurityResult check(SystemMessage systemMessage, Proto proto, String str, String str2, String str3, Map<?, ?> map) {
        SecurityResult securityResult = new SecurityResult();
        Object obj = map.get("content");
        if (obj != null) {
            if (obj instanceof String) {
                if (isInj(obj + "")) {
                    securityResult.code = WhiteListCheck;
                    securityResult.msg = WhiteListCheckMsg;
                    return securityResult;
                }
            } else if (obj instanceof JSONArray) {
                Iterator it = ((JSONArray) obj).iterator();
                while (it.hasNext()) {
                    JSONObject jSONObject = (JSONObject) it.next();
                    if (jSONObject != null) {
                        Iterator it2 = jSONObject.entrySet().iterator();
                        while (true) {
                            if (it2.hasNext()) {
                                if (isInj(((Map.Entry) it2.next()).getValue() + "")) {
                                    securityResult.code = WhiteListCheck;
                                    securityResult.msg = WhiteListCheckMsg;
                                    break;
                                }
                            }
                        }
                    }
                }
            } else {
                JSONObject jSONObject2 = (JSONObject) obj;
                if (jSONObject2 != null) {
                    Iterator it3 = jSONObject2.entrySet().iterator();
                    while (true) {
                        if (!it3.hasNext()) {
                            break;
                        }
                        if (isInj(((Map.Entry) it3.next()).getValue() + "")) {
                            securityResult.code = WhiteListCheck;
                            securityResult.msg = WhiteListCheckMsg;
                            break;
                        }
                    }
                }
            }
        }
        return securityResult;
    }

    private boolean isInj(String str) {
        boolean z = false;
        Iterator<String> it = this.sqls.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            String next = it.next();
            if (str.indexOf(next) >= 0) {
                z = true;
                this.logger.warn(String.format("value:%s sql:%s", str, next));
                break;
            }
        }
        return z;
    }
}
