package hirondelle.web4j.database;

import hirondelle.web4j.util.Consts;
import hirondelle.web4j.util.Util;

/* loaded from: input_file:resources/lib/web4j.jar:hirondelle/web4j/database/DynamicCriteria.class */
public class DynamicCriteria {
    public static final String WHERE = " WHERE ";
    public static final String AND = " AND ";
    public static final String OR = " OR ";
    public static final String ORDER_BY = " ORDER BY ";
    public static final String ASC = " ASC ";
    public static final String DESC = " DESC ";
    public static final DynamicCriteria NONE = null;
    private String fSqlFragment;
    private boolean fDoChecking;
    private static final String NO_SQL_INJECTION_RISK_FOUND = "";

    public DynamicCriteria(String str) {
        this.fSqlFragment = "";
        this.fDoChecking = true;
        if (!Util.textHasContent(str)) {
            throw new IllegalArgumentException("The SQL fragment has no content.");
        }
        this.fSqlFragment = Consts.NEW_LINE + str.trim();
    }

    public DynamicCriteria(StringBuilder sb) {
        this(sb.toString());
    }

    public final String toString() {
        if (this.fDoChecking) {
            String sqlInjectionRiskFor = sqlInjectionRiskFor(this.fSqlFragment);
            if (Util.textHasContent(sqlInjectionRiskFor)) {
                throw new IllegalArgumentException(sqlInjectionRiskFor);
            }
        }
        return this.fSqlFragment;
    }

    public final void turnOffCheckingForSqlInjection() {
        this.fDoChecking = false;
    }

    protected String sqlInjectionRiskFor(String str) {
        return defaultSqlInjectionRiskFor(str);
    }

    private String defaultSqlInjectionRiskFor(String str) {
        return hasSqlInjectionFlaw(str) ? "SQL Injection flaw detected. Replace literals replace with '?'. Remove extraneous spaces. See javadoc for " + getClass().getSimpleName() + " for more information." + Util.quote(str) : "";
    }

    private boolean hasSqlInjectionFlaw(String str) {
        return new SqlInjectionDetector().hasFlaw(str);
    }
}
