package com.qinghui.common.utils.sql;

import com.qinghui.common.exception.UtilException;
import com.qinghui.common.utils.StringUtils;

/* loaded from: input_file:com/qinghui/common/utils/sql/SqlUtil.class */
public class SqlUtil {
    public static String SQL_REGEX = "and |extractvalue|updatexml|exec |insert |select |delete |update |drop |count |chr |mid |master |truncate |char |declare |or |+|user()";
    public static String SQL_PATTERN = "[a-zA-Z0-9_\\ \\,\\.]+";

    public static String escapeOrderBySql(String str) {
        if (!StringUtils.isNotEmpty(str) || isValidOrderBySql(str)) {
            return str;
        }
        throw new UtilException("参数不符合规范，不能进行查询");
    }

    public static boolean isValidOrderBySql(String str) {
        return str.matches(SQL_PATTERN);
    }

    public static void filterKeyword(String str) {
        if (StringUtils.isEmpty(str)) {
            return;
        }
        for (String str2 : StringUtils.split(SQL_REGEX, "\\|")) {
            if (StringUtils.indexOfIgnoreCase(str, str2) > -1) {
                throw new UtilException("参数存在SQL注入风险");
            }
        }
    }
}
