package com.polardbtools.outline.config;

import java.io.IOException;
import java.util.Enumeration;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import org.springframework.context.annotation.Configuration;
import org.springframework.jdbc.datasource.init.ScriptUtils;

@WebFilter(urlPatterns = {ScriptUtils.DEFAULT_BLOCK_COMMENT_START_DELIMITER}, filterName = "sqlFilter")
@Configuration
/* loaded from: input_file:BOOT-INF/classes/com/polardbtools/outline/config/SqlFilter.class */
public class SqlFilter implements Filter {
    @Override // javax.servlet.Filter
    public void init(FilterConfig filterConfig) throws ServletException {
    }

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        Enumeration<String> parameterNames = servletRequest.getParameterNames();
        String str = "";
        while (parameterNames.hasMoreElements()) {
            for (String str2 : servletRequest.getParameterValues(parameterNames.nextElement().toString())) {
                str = str + str2;
            }
        }
        if (sqlValidate(str)) {
            throw new IOException("您发送请求中的参数中含有非法字符");
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    protected static boolean sqlValidate(String str) {
        return str.toLowerCase().matches("select|update|and|or|delete|insert|truncate|char|into|substr|ascii|declare|exec|count|master|into|drop|execute|table|char|declare|sitename|xp_cmdshell|like|from|grant|use|group_concat|column_name|information_schema.columns|table_schema|union|where|order|by|'\\*|\\;|\\-|\\--|\\+|\\,|\\//|\\/|\\%|\\#");
    }

    protected static boolean sqlValidateV2(String str) {
        String lowerCase = str.toLowerCase();
        return lowerCase.indexOf("drop") == -1 && lowerCase.indexOf("truncate") == -1 && lowerCase.indexOf("delete") == -1;
    }

    @Override // javax.servlet.Filter
    public void destroy() {
    }
}
