package com.ajaxjs.data.util;

import java.util.Iterator;
import java.util.regex.Pattern;
import net.sf.jsqlparser.expression.BinaryExpression;
import net.sf.jsqlparser.expression.Expression;
import net.sf.jsqlparser.expression.Function;
import net.sf.jsqlparser.expression.operators.conditional.AndExpression;
import net.sf.jsqlparser.expression.operators.conditional.OrExpression;
import net.sf.jsqlparser.expression.operators.relational.ComparisonOperator;
import net.sf.jsqlparser.parser.CCJSqlParser;
import net.sf.jsqlparser.parser.CCJSqlParserUtil;
import net.sf.jsqlparser.schema.Column;
import net.sf.jsqlparser.statement.select.Join;
import net.sf.jsqlparser.statement.select.OrderByElement;
import net.sf.jsqlparser.statement.select.PlainSelect;
import net.sf.jsqlparser.statement.select.SelectItem;
import net.sf.jsqlparser.statement.select.SubSelect;
import net.sf.jsqlparser.statement.select.WithItem;
import net.sf.jsqlparser.util.TablesNamesFinder;

/* loaded from: input_file:com/ajaxjs/data/util/SqlInjectionAnalyzer.class */
public class SqlInjectionAnalyzer extends TablesNamesFinder {
    private static final String DANGEROUS_FUNCTIONS = "(sleep|benchmark|extractvalue|updatexml|ST_LatFromGeoHash|ST_LongFromGeoHash|GTID_SUBSET|GTID_SUBTRACT|floor|ST_Pointfromgeohash|geometrycollection|multipoint|polygon|multipolygon|linestring|multilinestring)";
    private final ConstAnalyzer constAnalyzer = new ConstAnalyzer();
    private static final Pattern BOL = Pattern.compile("(true|false)", 2);
    private static final SqlInjectionAnalyzer injectionChecker = new SqlInjectionAnalyzer();

    public SqlInjectionAnalyzer() {
        init(true);
    }

    public void visitBinaryExpression(BinaryExpression binaryExpression) {
        if ((binaryExpression instanceof ComparisonOperator) && isConst(binaryExpression.getLeftExpression()) && isConst(binaryExpression.getRightExpression())) {
            throw new SecurityException("DISABLE IDENTICAL EQUATION " + binaryExpression);
        }
        super.visitBinaryExpression(binaryExpression);
    }

    public void visit(AndExpression andExpression) {
        super.visit(andExpression);
        checkConstExpress(andExpression.getLeftExpression());
        checkConstExpress(andExpression.getRightExpression());
    }

    public void visit(OrExpression orExpression) {
        super.visit(orExpression);
        checkConstExpress(orExpression.getLeftExpression());
        checkConstExpress(orExpression.getRightExpression());
    }

    public void visit(Function function) {
        if (function.getName().matches(DANGEROUS_FUNCTIONS)) {
            throw new SecurityException("DANGEROUS FUNCTION: " + function.getName());
        }
        super.visit(function);
    }

    public void visit(WithItem withItem) {
    }

    public void visit(SubSelect subSelect) {
    }

    public void visit(Column column) {
        if (isBoolean(column)) {
            throw new SecurityException("DISABLE CONST BOOL " + column);
        }
        super.visit(column);
    }

    public void visit(PlainSelect plainSelect) {
        if (plainSelect.getSelectItems() != null) {
            Iterator it = plainSelect.getSelectItems().iterator();
            while (it.hasNext()) {
                ((SelectItem) it.next()).accept(this);
            }
        }
        if (plainSelect.getFromItem() != null) {
            plainSelect.getFromItem().accept(this);
        }
        if (plainSelect.getJoins() != null) {
            for (Join join : plainSelect.getJoins()) {
                join.getRightItem().accept(this);
                Iterator it2 = join.getOnExpressions().iterator();
                while (it2.hasNext()) {
                    ((Expression) it2.next()).accept(this);
                }
            }
        }
        if (plainSelect.getWhere() != null) {
            plainSelect.getWhere().accept(this);
            checkConstExpress(plainSelect.getWhere());
        }
        if (plainSelect.getHaving() != null) {
            plainSelect.getHaving().accept(this);
        }
        if (plainSelect.getOracleHierarchical() != null) {
            plainSelect.getOracleHierarchical().accept(this);
        }
        if (plainSelect.getOrderByElements() != null) {
            Iterator it3 = plainSelect.getOrderByElements().iterator();
            while (it3.hasNext()) {
                ((OrderByElement) it3.next()).getExpression().accept(this);
            }
        }
        if (plainSelect.getGroupBy() != null) {
            Iterator it4 = plainSelect.getGroupBy().getGroupByExpressionList().getExpressions().iterator();
            while (it4.hasNext()) {
                ((Expression) it4.next()).accept(this);
            }
        }
    }

    private boolean isConst(Expression expression) {
        return this.constAnalyzer.isConstExpression(expression);
    }

    private void checkConstExpress(Expression expression) {
        if (this.constAnalyzer.isConstExpression(expression)) {
            throw new SecurityException("DISABLE CONST EXPRESSION " + expression);
        }
    }

    public static boolean isBoolean(Column column) {
        return null != column && null == column.getTable() && BOL.matcher(column.getColumnName()).matches();
    }

    public static boolean check(String str) {
        try {
            ((CCJSqlParser) CCJSqlParserUtil.newParser(str).withAllowComplexParsing(CCJSqlParserUtil.getNestingDepth(str) <= 10)).Statement().accept(injectionChecker);
            return true;
        } catch (Exception e) {
            e.printStackTrace();
            return false;
        }
    }
}
