package com.digiwin.app.dao.filter;

import com.digiwin.app.dao.DWQueryCondition;
import com.digiwin.app.dao.DWQueryExists;
import com.digiwin.app.dao.DWQueryField;
import com.digiwin.app.dao.DWQueryInfo;
import com.digiwin.app.dao.DWQueryOrderby;
import com.digiwin.app.dao.DWSqlInfo;
import com.digiwin.app.data.DWDataRow;
import com.digiwin.app.data.IDWSQLOptions;
import com.digiwin.app.sql.DWFieldRegexUtils;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:com/digiwin/app/dao/filter/DWSQLInjectionCheckFilter.class */
public class DWSQLInjectionCheckFilter implements IDWSQLFilter {
    public static String OPTION_CHECK_SQL_INJECTION_ENABLED = "checkSqlInjectionEnabled";
    private boolean isCheckSqlInjection;

    /* loaded from: input_file:com/digiwin/app/dao/filter/DWSQLInjectionCheckFilter$SqlInjectionVerification.class */
    public static class SqlInjectionVerification {
        private List<Object> checkObj;

        public SqlInjectionVerification(List<Object> list) {
            this.checkObj = list;
        }

        private <T> void checkList(List<T> list) {
            if (Objects.nonNull(list)) {
                Iterator<T> it = list.iterator();
                while (it.hasNext()) {
                    checkSqlInjection(it.next());
                }
            }
        }

        public void checkSqlInjection() {
            checkList(this.checkObj);
        }

        public void checkSqlInjection(Object obj) {
            if (obj instanceof String) {
                checkSqlInjection((String) obj);
                return;
            }
            if (obj instanceof DWQueryInfo) {
                checkSqlInjection((DWQueryInfo) obj);
                return;
            }
            if (obj instanceof DWQueryOrderby) {
                checkSqlInjection((DWQueryOrderby) obj);
                return;
            }
            if (obj instanceof DWQueryCondition) {
                checkSqlInjection((DWQueryCondition) obj);
            } else if (obj instanceof DWQueryField) {
                checkSqlInjection((DWQueryField) obj);
            } else {
                if (obj instanceof DWQueryExists) {
                }
            }
        }

        private void checkSqlInjection(String str) {
            if (!StringUtils.isEmpty(str) && DWFieldRegexUtils.isSQLInjection(str)) {
                throw new RuntimeException(String.format("SQL Injection:[%s]", str));
            }
        }

        private void checkSqlInjection(DWQueryInfo dWQueryInfo) {
            checkList(dWQueryInfo.getSelectObjects());
        }

        private void checkSqlInjection(DWQueryOrderby dWQueryOrderby) {
            checkSqlInjection(dWQueryOrderby.getName() + " " + dWQueryOrderby.getOrderby());
        }

        private void checkSqlInjection(DWQueryCondition dWQueryCondition) {
            checkList(dWQueryCondition.getItems());
        }

        private void checkSqlInjection(DWQueryField dWQueryField) {
            checkSqlInjection(dWQueryField.getName());
        }
    }

    public void setCheckSqlInjection(boolean z) {
        this.isCheckSqlInjection = z;
    }

    @Override // com.digiwin.app.dao.filter.IDWSQLFilter
    public void doFilter(DWSqlInfo dWSqlInfo, IDWSQLOptions iDWSQLOptions) {
    }

    @Override // com.digiwin.app.dao.filter.IDWSQLFilter
    public void doFilter(DWQueryInfo dWQueryInfo, IDWSQLOptions iDWSQLOptions) {
        if (isEnabled(iDWSQLOptions)) {
            new SqlInjectionVerification(packageCheckObject(dWQueryInfo)).checkSqlInjection();
        }
    }

    @Override // com.digiwin.app.dao.filter.IDWSQLFilter
    public void doFilter(DWDataRow dWDataRow, IDWSQLOptions iDWSQLOptions) {
    }

    public List<Object> packageCheckObject(DWQueryInfo dWQueryInfo) {
        ArrayList arrayList = new ArrayList();
        List<Object> selectObjects = dWQueryInfo.getSelectObjects();
        if (Objects.nonNull(selectObjects)) {
            arrayList.addAll(selectObjects);
        }
        List<DWQueryOrderby> orderfields = dWQueryInfo.getOrderfields();
        if (Objects.nonNull(orderfields)) {
            arrayList.addAll(orderfields);
        }
        DWQueryCondition condition = dWQueryInfo.getCondition();
        if (Objects.nonNull(condition)) {
            arrayList.add(condition);
        }
        return arrayList;
    }

    private boolean isEnabled(IDWSQLOptions iDWSQLOptions) {
        return iDWSQLOptions == null ? this.isCheckSqlInjection : ((Boolean) iDWSQLOptions.get(OPTION_CHECK_SQL_INJECTION_ENABLED, Boolean.valueOf(this.isCheckSqlInjection))).booleanValue();
    }
}
