package com.contrastsecurity.agent.plugins.rasp.rules.d.a;

import com.contrastsecurity.agent.plugins.rasp.rules.d.a.C0168b;
import com.contrastsecurity.thirdparty.javax.inject.Inject;
import com.contrastsecurity.thirdparty.net.sf.jsqlparser.parser.CCJSqlParserUtil;
import com.contrastsecurity.thirdparty.org.apache.commons.lang.StringUtils;
import com.contrastsecurity.thirdparty.org.slf4j.Logger;
import com.contrastsecurity.thirdparty.org.slf4j.LoggerFactory;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;

/* JADX INFO: Access modifiers changed from: package-private */
/* compiled from: QueryEvaluatorImpl.java */
/* loaded from: input_file:com/contrastsecurity/agent/plugins/rasp/rules/d/a/l.class */
public final class l implements j {
    private final C0168b.C0029b a;
    private static final String c = "BEGIN;";
    private static final String d = ";END";
    private static final String e = "sqlParseProblemSemantic";
    private static List<String> b = Collections.unmodifiableList(Arrays.asList("exec", "execute", "waitfor", "kill", "xp_cmdshell"));
    private static final Logger f = LoggerFactory.getLogger(l.class);

    /* JADX INFO: Access modifiers changed from: package-private */
    /* compiled from: QueryEvaluatorImpl.java */
    /* loaded from: input_file:com/contrastsecurity/agent/plugins/rasp/rules/d/a/l$a.class */
    public enum a {
        QUERY,
        POSSIBLE_SLASH,
        COMMENT,
        POSSIBLE_CLOSE_SLASH,
        POSSIBLE_DASH,
        LINE_COMMENT,
        SINGLE_QUOTE,
        DOUBLE_QUOTE,
        CHAIN
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Inject
    public l(com.contrastsecurity.agent.commons.c cVar) {
        this.a = new C0168b.C0029b(cVar, this);
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.d.a.j
    public q a(String str) {
        f.debug("Query to be analyzed: {}", str);
        ArrayList arrayList = new ArrayList();
        List<String> a2 = a(arrayList, str);
        for (int i = 0; i < a2.size(); i++) {
            String str2 = a2.get(i);
            f.debug("Subquery detected {}: {}", Integer.valueOf(i), str2);
            a(str2, arrayList);
        }
        a(arrayList);
        return new q(arrayList);
    }

    private void a(String str, List<p> list) {
        try {
            CCJSqlParserUtil.parse(str).accept(new C0173c(list, this.a.a(list)));
        } catch (Throwable th) {
            com.contrastsecurity.agent.commons.u.a(th);
            a(list, th);
        }
    }

    private static void a(List<p> list, Throwable th) {
        String str = null;
        Throwable th2 = th;
        while (true) {
            Throwable th3 = th2;
            if (th3 == null || th3.getCause() == null) {
                break;
            }
            str = th3.getMessage();
            th2 = th3.getCause();
        }
        if (str != null) {
            int indexOf = str.indexOf(10);
            if (indexOf > 0) {
                str = str.substring(0, indexOf);
            }
        } else {
            str = "null";
        }
        com.contrastsecurity.agent.i.c.b(e, f, "Problem parsing SQL query", th);
        list.add(new i(str));
    }

    private static void a(List<p> list) {
        Iterator<p> it = list.iterator();
        while (it.hasNext()) {
            f.info("Query had issue: {}", it.next());
        }
    }

    private static List<String> a(List<p> list, String str) {
        String substring = str.startsWith(c) && str.endsWith(d) ? str.substring(c.length(), str.length() - d.length()) : str;
        ArrayList arrayList = new ArrayList();
        StringBuilder sb = new StringBuilder();
        StringBuilder sb2 = new StringBuilder();
        a aVar = a.QUERY;
        String str2 = null;
        String str3 = null;
        char c2 = 0;
        int i = 0;
        while (i < substring.length()) {
            char charAt = substring.charAt(i);
            boolean z = i == substring.length() - 1;
            switch (aVar) {
                case QUERY:
                    if (charAt != '/') {
                        if (charAt != '-') {
                            if (charAt != '#') {
                                if (charAt != ';') {
                                    if (charAt != '\"') {
                                        if (charAt != '\'') {
                                            if (!Character.isWhitespace(charAt)) {
                                                sb2.append(charAt);
                                                sb.append(charAt);
                                                break;
                                            } else {
                                                if (str3 != null) {
                                                    str2 = str3;
                                                }
                                                str3 = sb2.toString();
                                                sb2.setLength(0);
                                                if (a(str2, str3)) {
                                                    list.add(new f(substring, str3));
                                                }
                                                sb.append(charAt);
                                                break;
                                            }
                                        } else {
                                            sb.append(charAt);
                                            aVar = a.SINGLE_QUOTE;
                                            break;
                                        }
                                    } else {
                                        sb.append(charAt);
                                        aVar = a.DOUBLE_QUOTE;
                                        break;
                                    }
                                } else {
                                    arrayList.add(sb.toString());
                                    if (!z && !StringUtils.isBlank(substring.substring(i + 1))) {
                                        list.add(new d(substring, i));
                                    }
                                    sb.setLength(0);
                                    break;
                                }
                            } else {
                                arrayList.add(sb.toString());
                                sb.setLength(0);
                                aVar = a.LINE_COMMENT;
                                break;
                            }
                        } else {
                            aVar = a.POSSIBLE_DASH;
                            break;
                        }
                    } else {
                        aVar = a.POSSIBLE_SLASH;
                        break;
                    }
                    break;
                case POSSIBLE_SLASH:
                    if (charAt != '*') {
                        if (charAt != '/') {
                            aVar = a.QUERY;
                            sb.append('/');
                            sb.append(charAt);
                            break;
                        } else {
                            aVar = a.LINE_COMMENT;
                            arrayList.add(sb.toString());
                            sb.setLength(0);
                            break;
                        }
                    } else {
                        aVar = a.COMMENT;
                        break;
                    }
                case COMMENT:
                    if (charAt != '*') {
                        break;
                    } else {
                        aVar = a.POSSIBLE_CLOSE_SLASH;
                        break;
                    }
                case POSSIBLE_CLOSE_SLASH:
                    if (charAt != '/') {
                        break;
                    } else {
                        aVar = a.QUERY;
                        sb.append(' ');
                        break;
                    }
                case POSSIBLE_DASH:
                    if (charAt != '-') {
                        aVar = a.QUERY;
                        sb.append(c2);
                        sb.append(charAt);
                        break;
                    } else {
                        aVar = a.LINE_COMMENT;
                        break;
                    }
                case SINGLE_QUOTE:
                    sb.append(charAt);
                    if (charAt != '\'') {
                        break;
                    } else {
                        aVar = a.QUERY;
                        sb.append(' ');
                        break;
                    }
                case DOUBLE_QUOTE:
                    if (charAt == '\"') {
                        aVar = a.QUERY;
                        sb.append(' ');
                    }
                    sb.append(charAt);
                    break;
            }
            c2 = charAt;
            i++;
        }
        if (sb.length() > 0) {
            arrayList.add(sb.toString());
        }
        return arrayList;
    }

    private static boolean a(String str, String str2) {
        return ("into".equalsIgnoreCase(str) && "file".equalsIgnoreCase(str2)) || b.contains(str2.toLowerCase());
    }
}
