package com.ql.util.express.config;

import com.ql.util.express.config.whitelist.WhiteChecker;
import com.ql.util.express.exception.QLSecurityRiskException;
import java.lang.reflect.Method;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;

/* loaded from: input_file:com/ql/util/express/config/QLExpressRunStrategy.class */
public class QLExpressRunStrategy {
    private static boolean sandboxMode = false;
    private static List<WhiteChecker> compileWhiteCheckerList = null;
    private static boolean avoidNullPointer = false;
    private static boolean compareNullLessMoreAsFalse = false;
    private static ClassLoader customClassLoader = null;
    private static boolean forbidInvokeSecurityRiskMethods = false;
    private static final Set<String> SECURITY_RISK_METHOD_LIST = new HashSet();
    private static Set<String> SECURE_METHOD_LIST = new HashSet();
    private static int maxArrLength = -1;

    private QLExpressRunStrategy() {
        throw new IllegalStateException("Utility class");
    }

    public static void setSandBoxMode(boolean z) {
        sandboxMode = z;
    }

    public static boolean isSandboxMode() {
        return sandboxMode;
    }

    public static boolean isCompareNullLessMoreAsFalse() {
        return compareNullLessMoreAsFalse;
    }

    public static void setCompareNullLessMoreAsFalse(boolean z) {
        compareNullLessMoreAsFalse = z;
    }

    public static boolean isAvoidNullPointer() {
        return avoidNullPointer;
    }

    public static void setAvoidNullPointer(boolean z) {
        avoidNullPointer = z;
    }

    public static ClassLoader getCustomClassLoader() {
        return customClassLoader;
    }

    public static void setCustomClassLoader(ClassLoader classLoader) {
        customClassLoader = classLoader;
    }

    public static boolean isForbidInvokeSecurityRiskMethods() {
        return forbidInvokeSecurityRiskMethods;
    }

    public static void setForbidInvokeSecurityRiskMethods(boolean z) {
        forbidInvokeSecurityRiskMethods = z;
    }

    public static void addSecurityRiskMethod(Class<?> cls, String str) {
        SECURITY_RISK_METHOD_LIST.add(cls.getName() + "." + str);
    }

    public static void setSecureMethods(Set<String> set) {
        SECURE_METHOD_LIST = set;
    }

    public static void addSecureMethod(Class<?> cls, String str) {
        SECURE_METHOD_LIST.add(cls.getName() + "." + str);
    }

    public static void assertSecurityRiskMethod(Method method) throws QLSecurityRiskException {
        if (!forbidInvokeSecurityRiskMethods || method == null) {
            return;
        }
        String str = method.getDeclaringClass().getName() + "." + method.getName();
        if (SECURE_METHOD_LIST == null || SECURE_METHOD_LIST.isEmpty()) {
            if (SECURITY_RISK_METHOD_LIST.contains(str)) {
                throw new QLSecurityRiskException("使用QLExpress调用了不安全的系统方法:" + method);
            }
        } else if (!SECURE_METHOD_LIST.contains(str)) {
            throw new QLSecurityRiskException("使用QLExpress调用了不安全的系统方法:" + method);
        }
    }

    public static boolean checkWhiteClassList(Class<?> cls) {
        if (compileWhiteCheckerList == null) {
            return true;
        }
        Iterator<WhiteChecker> it = compileWhiteCheckerList.iterator();
        while (it.hasNext()) {
            if (it.next().check(cls)) {
                return true;
            }
        }
        return false;
    }

    public static void setCompileWhiteCheckerList(List<WhiteChecker> list) {
        compileWhiteCheckerList = list;
    }

    public static void setMaxArrLength(int i) {
        maxArrLength = i;
    }

    public static boolean checkArrLength(int i) {
        return maxArrLength == -1 || i <= maxArrLength;
    }

    static {
        SECURITY_RISK_METHOD_LIST.add(System.class.getName() + ".exit");
        SECURITY_RISK_METHOD_LIST.add(Runtime.getRuntime().getClass().getName() + ".exec");
        SECURITY_RISK_METHOD_LIST.add(ProcessBuilder.class.getName() + ".start");
        SECURITY_RISK_METHOD_LIST.add(Method.class.getName() + ".invoke");
        SECURITY_RISK_METHOD_LIST.add(Class.class.getName() + ".forName");
        SECURITY_RISK_METHOD_LIST.add(ClassLoader.class.getName() + ".loadClass");
        SECURITY_RISK_METHOD_LIST.add(ClassLoader.class.getName() + ".findClass");
        SECURITY_RISK_METHOD_LIST.add(ClassLoader.class.getName() + ".defineClass");
        SECURITY_RISK_METHOD_LIST.add(ClassLoader.class.getName() + ".getSystemClassLoader");
        SECURITY_RISK_METHOD_LIST.add("javax.naming.InitialContext.lookup");
        SECURITY_RISK_METHOD_LIST.add("com.sun.rowset.JdbcRowSetImpl.setDataSourceName");
        SECURITY_RISK_METHOD_LIST.add("com.sun.rowset.JdbcRowSetImpl.setAutoCommit");
        SECURITY_RISK_METHOD_LIST.add("jdk.jshell.JShell.create");
        SECURITY_RISK_METHOD_LIST.add("javax.script.ScriptEngineManager.getEngineByName");
        SECURITY_RISK_METHOD_LIST.add("org.springframework.jndi.JndiLocatorDelegate.lookup");
        for (Method method : QLExpressRunStrategy.class.getMethods()) {
            SECURITY_RISK_METHOD_LIST.add(QLExpressRunStrategy.class.getName() + "." + method.getName());
        }
    }
}
