package com.iailab.module.model.common.xss;

import com.iailab.module.model.common.exception.RRException;
import org.apache.commons.lang3.StringUtils;

/**
 * SQLè¿‡æ»¤
 *
 * @author Mark sunlightcs@gmail.com
 */
public class SQLFilter {

    /**
     * SQLæ³¨å…¥è¿‡æ»¤
     * @param str  å¾…éªŒè¯çš„å—ç¬¦ä¸²
     */
    public static String sqlInject(String str){
        if(StringUtils.isBlank(str)){
            return null;
        }
        //åŽ»æŽ‰'|"|;|\å—ç¬¦
        str = StringUtils.replace(str, "'", "");
        str = StringUtils.replace(str, "\"", "");
        str = StringUtils.replace(str, ";", "");
        str = StringUtils.replace(str, "\\", "");

        //è½¬æ¢æˆå°å†™
        str = str.toLowerCase();

        //éžæ³•å—ç¬¦
        String[] keywords = {"master", "truncate", "insert", "select", "delete", "update", "declare", "alter", "drop"};

        //åˆ¤æ–æ˜¯å¦åŒ…å«éžæ³•å—ç¬¦
        for(String keyword : keywords){
            if(str.indexOf(keyword) != -1){
                throw new RRException("åŒ…å«éžæ³•å—ç¬¦");
            }
        }

        return str;
    }
}