package com.jxdinfo.hussar.common.utils;

import com.jxdinfo.hussar.common.exception.BaseException;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:com/jxdinfo/hussar/common/utils/SqlUtil.class */
public class SqlUtil {
    public static final String SQL_REGEX = "select |insert |delete |update |drop |count |exec |chr |mid |master |truncate |char |and |declare ";
    public static final String SQL_PATTERN = "[a-zA-Z0-9_\\ \\,\\.]+";

    public static String escapeOrderBySql(String str) {
        if (!StringUtils.isNotEmpty(str) || isValidOrderBySql(str)) {
            return str;
        }
        throw new BaseException("参数不符合规范，不能进行查询");
    }

    public static boolean isValidOrderBySql(String str) {
        return str.matches(SQL_PATTERN);
    }

    public static void filterKeyword(String str) {
        if (StringUtils.isEmpty(str)) {
            return;
        }
        for (String str2 : StringUtils.split(SQL_REGEX, "\\|")) {
            if (StringUtils.indexOfIgnoreCase(str, str2) > -1) {
                throw new BaseException("参数存在SQL注入风险");
            }
        }
    }
}
