package com.aote.util;

import java.util.Iterator;
import java.util.Map;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;
import org.json.JSONArray;
import org.json.JSONObject;

/* loaded from: input_file:com/aote/util/ParamFilter.class */
public class ParamFilter {
    static Logger log = Logger.getLogger(ParamFilter.class);
    public static final String[] sqlkeywords = {"select", "insert", "update", "delete", "from", "drop", "count", "table", "truncate", "declare", "asc(", "mid(", "char(", "where", "master", "netlocalgroup", "administrators", "xp_cmdshell", "net user", "exec", "execute", "xp_", "sp_", "0x", ";", " or", "\"t_user\"", "--", "#", "union", "/", "//"};

    public static void checkSqlMap(Map<String, Object> map) {
        Iterator<Object> it = map.values().iterator();
        while (it.hasNext()) {
            checkSqlStr(String.valueOf(it.next()));
        }
    }

    public static void checkSqlJsonStr(String str) {
        log.debug("待检数据：" + str);
        checkSqlJson(new JSONObject(str));
    }

    public static void checkSqlJson(JSONObject jSONObject) {
        Iterator it = jSONObject.keySet().iterator();
        while (it.hasNext()) {
            Object obj = jSONObject.get((String) it.next());
            if (obj instanceof JSONArray) {
                JSONArray jSONArray = new JSONArray(String.valueOf(obj));
                for (int i = 0; i < jSONArray.length(); i++) {
                    checkSqlJson(jSONArray.getJSONObject(i));
                }
            } else if (obj instanceof JSONObject) {
                checkSqlJson((JSONObject) obj);
            } else if ((obj instanceof String) && String.valueOf(obj).startsWith("{")) {
                checkSqlJsonStr(String.valueOf(obj));
            } else {
                checkSqlStr(String.valueOf(obj));
            }
        }
    }

    public static void checkSqlStr(String str) {
        if (StringUtils.isBlank(str)) {
            return;
        }
        String lowerCase = str.toLowerCase();
        for (String str2 : sqlkeywords) {
            if (lowerCase.indexOf(str2) != -1) {
                log.debug("参数包含非法字符:" + str2);
                throw new RuntimeException("参数包含非法字符:" + str2);
            }
        }
    }
}
