package com.club.framework.util;

import com.club.framework.filter.SQLFilter;

/* loaded from: input_file:com/club/framework/util/SecurityUtil.class */
public class SecurityUtil {
    public static String cleanXss(String str) {
        return str.replaceAll("<", "& lt;").replaceAll(">", "& gt;").replaceAll("\\(", "& #40;").replaceAll("\\)", "& #41;").replaceAll("'", "& #39;").replaceAll("eval\\((.*)\\)", "").replaceAll("[\\\"\\'][\\s]*javascript:(.*)[\\\"\\']", "\"\"").replaceAll("script", "");
    }

    public static boolean isContainedSQL(String str) {
        String lowerCase = str.toLowerCase();
        String[] split = "exec |exec&nbsp;|execute |execute&nbsp;|insert |insert&nbsp;|select |select&nbsp;|delete |delete&nbsp;|update |update&nbsp;|count |count&nbsp;|drop |drop&nbsp;|master |master&nbsp;|truncate |truncate&nbsp;|declare |declare&nbsp;|sitename |sitename&nbsp;|net user |net&nbsp;user&nbsp;|xp_cmdshell |xp_cmdshell&nbsp;|like'|like&#39;|insert |insert&nbsp;|create |create&nbsp;|drop |drop&nbsp;|from |from&nbsp;|grant |grant&nbsp;|group_concat |group_concat&nbsp;|column_name|information_schema.columns|table_schema |table_schema&nbsp;|union |union&nbsp;|where |where&nbsp;|order by|order&nbsp;by".split("\\|");
        for (int i = 0; i < split.length; i++) {
            if (lowerCase.indexOf(split[i]) >= 0) {
                if (split[i].contains("&nbsp;")) {
                    split[i] = split[i].replace("&nbsp;", " ");
                }
                SQLFilter.badStr = split[i];
                return true;
            }
        }
        return false;
    }
}
