package com.ibm.bspace.manager.services.security.accesscontrol;

import com.ibm.bscape.export.modeler.ModelerXMLConstants;
import com.ibm.bspace.manager.resources.BusinessSpacePIIMessages;
import com.ibm.websphere.logging.WsLevel;
import java.util.Vector;
import java.util.logging.Logger;
import java.util.regex.Pattern;

/* loaded from: input_file:webapps/BSpace.war:WEB-INF/classes/com/ibm/bspace/manager/services/security/accesscontrol/SQLInjectionChecker.class */
public class SQLInjectionChecker {
    private static final Logger logger = Logger.getLogger("com.ibm.bspace.manager.services.security.accesscontrol.SQLInjectionChecker");
    private static final String CLASSNAME = SQLInjectionChecker.class.getName();
    public static final String COPYRIGHT = "(C) Copyright IBM Corporation 2006, 2009.";

    public static void main(String[] strArr) {
        containsSQLKeywords("");
    }

    public static boolean containsSQLKeywords(String str) {
        logFine(CLASSNAME, "containsSQLKeywords(sql)", "Entry");
        String property = System.getProperty("rest.security.sql_injection_check");
        if (property != null && property.equalsIgnoreCase("off")) {
            logFine(CLASSNAME, "containsSQLKeywords(sql)", "SQL Injection check is OFF");
            logFine(CLASSNAME, "containsSQLKeywords(sql)", "Exit");
            return false;
        }
        Vector vector = new Vector();
        String[] strArr = {"exec", "group by", "order by", ModelerXMLConstants.EQUAL, "having ", " DROP ", "--", " SELECT ", "SELECT ", " INSERT ", " INSERT INTO ", "INSERT INTO", "SELECT * FROM ", " SELECT FROM ", "UPDATE ", " UPDATE ", "DELETE ", " DELETE ", "'", " UNION ", "UNION ", " JOIN ", "JOIN ", "TRIGGER ", "OR ", " OR", "' or ", "@", " waitfor delay ", " -- or ", " DROP ", " DROP", "DROP", "IF ", "sysobjects", "grant ", "connect ", "TEMPORARY TABLESPACE", "identified ", " OPENROWSET"};
        if (str.contains(")") || str.contains("(") || str.contains("||")) {
            logFine(CLASSNAME, "containsSQLKeywords(sql)", BusinessSpacePIIMessages.getString("FN4029E.RESTSECURITY_ERROR"));
            logFine(CLASSNAME, "containsSQLKeywords(sql)", "Exit");
            return true;
        }
        for (int i = 0; i < strArr.length; i++) {
            vector.add(Pattern.compile(strArr[i]));
            vector.add(Pattern.compile(strArr[i].toLowerCase()));
        }
        int size = vector.size();
        for (int i2 = 0; i2 < size; i2++) {
            if (((Pattern) vector.get(i2)).matcher(str).find()) {
                logFine(CLASSNAME, "containsSQLKeywords(sql)", BusinessSpacePIIMessages.getString("FN4029E.RESTSECURITY_ERROR"));
                logFine(CLASSNAME, "containsSQLKeywords(sql)", "Exit");
                return true;
            }
        }
        logFine(CLASSNAME, "containsSQLKeywords(sql)", "Exiting with false i.e passed SQL injection check");
        return false;
    }

    private static void logFine(String str, String str2, String str3) {
        if (logger.isLoggable(WsLevel.FINE)) {
            logger.logp(WsLevel.FINE, str, str2, str3);
        }
    }
}
