package kd.bos.orm.query.oql.g.expr;

import java.util.HashSet;
import java.util.Iterator;
import java.util.Locale;
import java.util.Set;
import kd.bos.algo.sql.tree.Expr;
import kd.bos.algo.sql.tree.ExprList;
import kd.bos.algo.sql.tree.UnresolvedAttribute;
import kd.bos.algo.sql.tree.UnresolvedFuncall;
import kd.bos.orm.query.oql.g.visitor.ExprVisitor;

/* loaded from: input_file:kd/bos/orm/query/oql/g/expr/SelectFieldsSQLInjectionVisitor.class */
final class SelectFieldsSQLInjectionVisitor extends ExprVisitor<Object> {
    private static final Set<String> limitFunction = new HashSet();

    @Override // kd.bos.orm.query.oql.g.visitor.ExprVisitor
    public Object defaultVisit(Expr expr, Object obj) {
        if (expr.getChildrenCount() <= 0) {
            return null;
        }
        Iterator it = expr.getChildren().iterator();
        while (it.hasNext()) {
            ((Expr) it.next()).accept(this, obj);
        }
        return null;
    }

    public Object visitExprList(ExprList exprList, Object obj) {
        Iterator it = exprList.getChildren().iterator();
        while (it.hasNext()) {
            ((Expr) it.next()).accept(this, obj);
        }
        return null;
    }

    public Object visitUnresolvedFuncall(UnresolvedFuncall unresolvedFuncall, Object obj) {
        if (!isRightFunctionName(unresolvedFuncall.getName())) {
            throw new SQLInjectionException(unresolvedFuncall.toString() + " is not allowed");
        }
        Iterator it = unresolvedFuncall.getChildren().iterator();
        while (it.hasNext()) {
            ((Expr) it.next()).accept(this, obj);
        }
        return null;
    }

    public Object visitUnresolvedAttribute(UnresolvedAttribute unresolvedAttribute, Object obj) {
        Iterator it = unresolvedAttribute.getNameParts().iterator();
        while (it.hasNext()) {
            if (!isRightID((String) it.next())) {
                throw new SQLInjectionException(unresolvedAttribute.toString() + " is not allowed");
            }
        }
        return null;
    }

    private boolean isRightFunctionName(String str) {
        return isRightID(str) && str.indexOf(46) == -1 && !limitFunction.contains(str.toLowerCase());
    }

    private boolean isRightID(String str) {
        String lowerCase = str.toLowerCase(Locale.ENGLISH);
        return (lowerCase.startsWith("0x") || lowerCase.startsWith("0o") || lowerCase.startsWith("0b")) ? false : true;
    }

    static {
        limitFunction.add("bin");
        limitFunction.add("oct");
        limitFunction.add("hex");
        limitFunction.add("unhex");
        limitFunction.add("chr");
    }
}
