package hirondelle.web4j.database;

import java.util.Arrays;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

/* loaded from: input_file:resources/lib/web4j.jar:hirondelle/web4j/database/SqlInjectionDetector.class */
final class SqlInjectionDetector {
    private static final String OPERATOR = "(=|<>|!=|<=|>=|<|>| IN | Like | Between )";
    private static final String DATA_PLACE = "([\\s]*[^\\s=<>!]*)";
    private static final int PLACE_HOLDER_GROUP = 2;
    private static final String LETTERS = "[a-zA-Z_]+";
    private static final List<String> FIXED_TEXT = Arrays.asList("?", "?)", "(?)", "(SELECT", "ALL(SELECT", "SOME(SELECT", "ANY(SELECT", "EXISTS(SELECT");
    private static final String REGEX = "(?:(=|<>|!=|<=|>=|<|>| IN | Like | Between )([\\s]*[^\\s=<>!]*))";
    private static final Pattern PLACE_HOLDER = Pattern.compile(REGEX, 2);
    private static final String FUNCTION = "(?:[a-zA-Z_]+\\(\\?[\\),]?)";
    private static final Pattern FUNCTION_REGEX = Pattern.compile(FUNCTION, 2);
    private static final String IN_PARAMS = "\\((?:\\?,)*\\?\\)";
    private static final Pattern IN_PARAMS_REGEX = Pattern.compile(IN_PARAMS, 2);

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean hasFlaw(String str) {
        return !isPlaceholderAlwaysPresentWhereItShouldBe(str);
    }

    private boolean isPlaceholderAlwaysPresentWhereItShouldBe(String str) {
        boolean z = true;
        Matcher matcher = PLACE_HOLDER.matcher(str);
        while (matcher.find()) {
            z = ifPlaceHolderMatches(matcher.group(2).trim().toUpperCase());
            if (!z) {
                break;
            }
        }
        return z;
    }

    private boolean ifPlaceHolderMatches(String str) {
        boolean matchFixedText = matchFixedText(str);
        if (!matchFixedText) {
            matchFixedText = matchFunctionCall(str);
        }
        if (!matchFixedText) {
            matchFixedText = matchInParams(str);
        }
        return matchFixedText;
    }

    private boolean matchFixedText(String str) {
        return FIXED_TEXT.contains(str);
    }

    private boolean matchFunctionCall(String str) {
        return FUNCTION_REGEX.matcher(str).matches();
    }

    private boolean matchInParams(String str) {
        return IN_PARAMS_REGEX.matcher(str).matches();
    }
}
