package com.alibaba.druid.wall.spi;

import com.alibaba.druid.sql.SQLUtils;
import com.alibaba.druid.sql.ast.SQLCommentHint;
import com.alibaba.druid.sql.ast.SQLExpr;
import com.alibaba.druid.sql.ast.SQLName;
import com.alibaba.druid.sql.ast.SQLObject;
import com.alibaba.druid.sql.ast.expr.SQLBinaryOpExpr;
import com.alibaba.druid.sql.ast.expr.SQLInListExpr;
import com.alibaba.druid.sql.ast.expr.SQLMethodInvokeExpr;
import com.alibaba.druid.sql.ast.expr.SQLNumericLiteralExpr;
import com.alibaba.druid.sql.ast.expr.SQLPropertyExpr;
import com.alibaba.druid.sql.ast.expr.SQLVariantRefExpr;
import com.alibaba.druid.sql.ast.statement.SQLAlterTableStatement;
import com.alibaba.druid.sql.ast.statement.SQLAssignItem;
import com.alibaba.druid.sql.ast.statement.SQLCallStatement;
import com.alibaba.druid.sql.ast.statement.SQLCreateTableStatement;
import com.alibaba.druid.sql.ast.statement.SQLCreateTriggerStatement;
import com.alibaba.druid.sql.ast.statement.SQLDeleteStatement;
import com.alibaba.druid.sql.ast.statement.SQLDropTableStatement;
import com.alibaba.druid.sql.ast.statement.SQLExprTableSource;
import com.alibaba.druid.sql.ast.statement.SQLInsertInto;
import com.alibaba.druid.sql.ast.statement.SQLInsertStatement;
import com.alibaba.druid.sql.ast.statement.SQLSelectGroupByClause;
import com.alibaba.druid.sql.ast.statement.SQLSelectItem;
import com.alibaba.druid.sql.ast.statement.SQLSelectQueryBlock;
import com.alibaba.druid.sql.ast.statement.SQLSelectStatement;
import com.alibaba.druid.sql.ast.statement.SQLSetStatement;
import com.alibaba.druid.sql.ast.statement.SQLUnionQuery;
import com.alibaba.druid.sql.ast.statement.SQLUpdateStatement;
import com.alibaba.druid.sql.dialect.mysql.ast.expr.MySqlOutFileExpr;
import com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlCreateTableStatement;
import com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlDeleteStatement;
import com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlInsertStatement;
import com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlReplaceStatement;
import com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlSelectQueryBlock;
import com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlShowCreateTableStatement;
import com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlUnionQuery;
import com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlUpdateStatement;
import com.alibaba.druid.sql.dialect.mysql.visitor.MySqlASTVisitor;
import com.alibaba.druid.sql.dialect.mysql.visitor.MySqlASTVisitorAdapter;
import com.alibaba.druid.wall.Violation;
import com.alibaba.druid.wall.WallConfig;
import com.alibaba.druid.wall.WallContext;
import com.alibaba.druid.wall.WallProvider;
import com.alibaba.druid.wall.WallSqlTableStat;
import com.alibaba.druid.wall.WallVisitor;
import com.alibaba.druid.wall.spi.WallVisitorUtils;
import com.alibaba.druid.wall.violation.IllegalSQLObjectViolation;
import java.util.ArrayList;
import java.util.List;

/* loaded from: classes2.dex */
public class MySqlWallVisitor extends MySqlASTVisitorAdapter implements WallVisitor, MySqlASTVisitor {
    private final WallConfig c;
    private final WallProvider d;
    private final List<Violation> e = new ArrayList();
    private boolean f = false;
    private boolean g = false;

    public MySqlWallVisitor(WallProvider wallProvider) {
        this.c = wallProvider.c();
        this.d = wallProvider;
    }

    @Override // com.alibaba.druid.sql.visitor.SQLASTVisitorAdapter, com.alibaba.druid.sql.visitor.SQLASTVisitor
    public void a(SQLInsertStatement sQLInsertStatement) {
        WallVisitorUtils.a();
    }

    @Override // com.alibaba.druid.sql.visitor.SQLASTVisitorAdapter, com.alibaba.druid.sql.visitor.SQLASTVisitor
    public void a(SQLUpdateStatement sQLUpdateStatement) {
        WallVisitorUtils.a();
    }

    @Override // com.alibaba.druid.wall.WallVisitor
    public void a(Violation violation) {
        this.e.add(violation);
    }

    @Override // com.alibaba.druid.wall.WallVisitor
    public void a(boolean z) {
        this.g = z;
    }

    public boolean a(SQLObject sQLObject, String str) {
        if (str == null) {
            return false;
        }
        if (str.equals("?") || !this.c.p0()) {
            return true;
        }
        if (str.startsWith("@@")) {
            if (!(sQLObject instanceof SQLSelectItem) && !(sQLObject instanceof SQLAssignItem)) {
                return false;
            }
            str = str.substring(2);
        }
        return this.c.g().contains(str);
    }

    @Override // com.alibaba.druid.sql.visitor.SQLASTVisitorAdapter, com.alibaba.druid.sql.visitor.SQLASTVisitor
    public boolean a(SQLPropertyExpr sQLPropertyExpr) {
        if (sQLPropertyExpr.getOwner() instanceof SQLVariantRefExpr) {
            SQLVariantRefExpr sQLVariantRefExpr = (SQLVariantRefExpr) sQLPropertyExpr.getOwner();
            SQLObject parent = sQLPropertyExpr.getParent();
            String name = sQLVariantRefExpr.getName();
            if (name.equalsIgnoreCase("@@session") || name.equalsIgnoreCase("@@global")) {
                if (!(parent instanceof SQLSelectItem) && !(parent instanceof SQLAssignItem)) {
                    this.e.add(new IllegalSQLObjectViolation(2003, "variable in condition not allow", c(sQLPropertyExpr)));
                    return false;
                }
                if (!a(sQLPropertyExpr.getParent(), sQLPropertyExpr.getName()) && !WallVisitorUtils.b((WallVisitor) this, (SQLObject) sQLPropertyExpr)) {
                    boolean z = true;
                    if (d(name) && (WallVisitorUtils.h(sQLPropertyExpr) || WallVisitorUtils.a((SQLExpr) sQLVariantRefExpr))) {
                        z = false;
                    }
                    if (!z) {
                        this.e.add(new IllegalSQLObjectViolation(2003, "variable not allow : " + sQLPropertyExpr.getName(), c(sQLPropertyExpr)));
                    }
                }
                return false;
            }
        }
        WallVisitorUtils.a((WallVisitor) this, sQLPropertyExpr);
        return true;
    }

    @Override // com.alibaba.druid.sql.visitor.SQLASTVisitorAdapter, com.alibaba.druid.sql.visitor.SQLASTVisitor
    public boolean a(SQLVariantRefExpr sQLVariantRefExpr) {
        WallVisitorUtils.WallTopStatementContext c;
        String name = sQLVariantRefExpr.getName();
        if (name != null && name.startsWith("@@") && !a(sQLVariantRefExpr.getParent(), sQLVariantRefExpr.getName()) && (((c = WallVisitorUtils.c()) == null || (!c.b() && !c.c())) && !WallVisitorUtils.b((WallVisitor) this, (SQLObject) sQLVariantRefExpr))) {
            boolean z = true;
            if (d(name) && (WallVisitorUtils.h(sQLVariantRefExpr) || WallVisitorUtils.a((SQLExpr) sQLVariantRefExpr))) {
                z = false;
            }
            if (!z) {
                this.e.add(new IllegalSQLObjectViolation(2003, "variable not allow : " + sQLVariantRefExpr.getName(), c(sQLVariantRefExpr)));
            }
        }
        return false;
    }

    @Override // com.alibaba.druid.sql.visitor.SQLASTVisitorAdapter, com.alibaba.druid.sql.visitor.SQLASTVisitor
    public boolean a(SQLCallStatement sQLCallStatement) {
        return false;
    }

    @Override // com.alibaba.druid.sql.visitor.SQLASTVisitorAdapter, com.alibaba.druid.sql.visitor.SQLASTVisitor
    public boolean a(SQLCreateTableStatement sQLCreateTableStatement) {
        WallVisitorUtils.a((WallVisitor) this, sQLCreateTableStatement);
        return false;
    }

    @Override // com.alibaba.druid.sql.visitor.SQLASTVisitorAdapter, com.alibaba.druid.sql.visitor.SQLASTVisitor
    public boolean a(SQLDropTableStatement sQLDropTableStatement) {
        WallVisitorUtils.a((WallVisitor) this, sQLDropTableStatement);
        return true;
    }

    @Override // com.alibaba.druid.sql.visitor.SQLASTVisitorAdapter, com.alibaba.druid.sql.visitor.SQLASTVisitor
    public boolean a(SQLSelectGroupByClause sQLSelectGroupByClause) {
        WallVisitorUtils.b((WallVisitor) this, sQLSelectGroupByClause.k());
        return true;
    }

    @Override // com.alibaba.druid.sql.visitor.SQLASTVisitorAdapter, com.alibaba.druid.sql.visitor.SQLASTVisitor
    public boolean a(SQLSelectQueryBlock sQLSelectQueryBlock) {
        WallVisitorUtils.b((WallVisitor) this, sQLSelectQueryBlock);
        return true;
    }

    @Override // com.alibaba.druid.sql.visitor.SQLASTVisitorAdapter, com.alibaba.druid.sql.visitor.SQLASTVisitor
    public boolean a(SQLSelectStatement sQLSelectStatement) {
        if (this.c.e0()) {
            WallVisitorUtils.d();
            return true;
        }
        g().add(new IllegalSQLObjectViolation(1002, "select not allow", c(sQLSelectStatement)));
        return false;
    }

    @Override // com.alibaba.druid.sql.dialect.mysql.visitor.MySqlASTVisitorAdapter, com.alibaba.druid.sql.dialect.mysql.visitor.MySqlASTVisitor
    public boolean a(MySqlOutFileExpr mySqlOutFileExpr) {
        if (this.c.a0() || WallVisitorUtils.a(mySqlOutFileExpr)) {
            return true;
        }
        this.e.add(new IllegalSQLObjectViolation(3000, "into out file not allow", c(mySqlOutFileExpr)));
        return true;
    }

    @Override // com.alibaba.druid.sql.dialect.mysql.visitor.MySqlASTVisitorAdapter, com.alibaba.druid.sql.dialect.mysql.visitor.MySqlASTVisitor
    public boolean a(MySqlReplaceStatement mySqlReplaceStatement) {
        return true;
    }

    @Override // com.alibaba.druid.sql.dialect.mysql.visitor.MySqlASTVisitorAdapter, com.alibaba.druid.sql.dialect.mysql.visitor.MySqlASTVisitor
    public boolean a(MySqlSelectQueryBlock mySqlSelectQueryBlock) {
        WallVisitorUtils.b((WallVisitor) this, (SQLSelectQueryBlock) mySqlSelectQueryBlock);
        return true;
    }

    @Override // com.alibaba.druid.sql.visitor.SQLASTVisitorAdapter, com.alibaba.druid.sql.visitor.SQLASTVisitor
    public void b(SQLObject sQLObject) {
        WallVisitorUtils.c(this, sQLObject);
    }

    @Override // com.alibaba.druid.sql.visitor.SQLASTVisitorAdapter, com.alibaba.druid.sql.visitor.SQLASTVisitor
    public void b(SQLSelectStatement sQLSelectStatement) {
        WallVisitorUtils.a();
    }

    @Override // com.alibaba.druid.wall.WallVisitor
    public void b(boolean z) {
        this.f = z;
    }

    @Override // com.alibaba.druid.sql.visitor.SQLASTVisitorAdapter, com.alibaba.druid.sql.visitor.SQLASTVisitor
    public boolean b(SQLCommentHint sQLCommentHint) {
        WallVisitorUtils.a((WallVisitor) this, sQLCommentHint);
        return true;
    }

    @Override // com.alibaba.druid.sql.visitor.SQLASTVisitorAdapter, com.alibaba.druid.sql.visitor.SQLASTVisitor
    public boolean b(SQLBinaryOpExpr sQLBinaryOpExpr) {
        return WallVisitorUtils.a((WallVisitor) this, sQLBinaryOpExpr);
    }

    @Override // com.alibaba.druid.sql.visitor.SQLASTVisitorAdapter, com.alibaba.druid.sql.visitor.SQLASTVisitor
    public boolean b(SQLInListExpr sQLInListExpr) {
        WallVisitorUtils.a((WallVisitor) this, sQLInListExpr);
        return true;
    }

    @Override // com.alibaba.druid.sql.visitor.SQLASTVisitorAdapter, com.alibaba.druid.sql.visitor.SQLASTVisitor
    public boolean b(SQLMethodInvokeExpr sQLMethodInvokeExpr) {
        WallVisitorUtils.a((WallVisitor) this, sQLMethodInvokeExpr);
        return true;
    }

    @Override // com.alibaba.druid.sql.visitor.SQLASTVisitorAdapter, com.alibaba.druid.sql.visitor.SQLASTVisitor
    public boolean b(SQLAlterTableStatement sQLAlterTableStatement) {
        WallVisitorUtils.a((WallVisitor) this, sQLAlterTableStatement);
        return true;
    }

    @Override // com.alibaba.druid.sql.visitor.SQLASTVisitorAdapter, com.alibaba.druid.sql.visitor.SQLASTVisitor
    public boolean b(SQLCreateTriggerStatement sQLCreateTriggerStatement) {
        return false;
    }

    @Override // com.alibaba.druid.sql.visitor.SQLASTVisitorAdapter, com.alibaba.druid.sql.visitor.SQLASTVisitor
    public boolean b(SQLDeleteStatement sQLDeleteStatement) {
        WallVisitorUtils.a((WallVisitor) this, sQLDeleteStatement);
        return true;
    }

    @Override // com.alibaba.druid.sql.visitor.SQLASTVisitorAdapter, com.alibaba.druid.sql.visitor.SQLASTVisitor
    public boolean b(SQLExprTableSource sQLExprTableSource) {
        WallVisitorUtils.a((WallVisitor) this, sQLExprTableSource);
        return !(sQLExprTableSource.getExpr() instanceof SQLName);
    }

    @Override // com.alibaba.druid.sql.visitor.SQLASTVisitorAdapter, com.alibaba.druid.sql.visitor.SQLASTVisitor
    public boolean b(SQLInsertStatement sQLInsertStatement) {
        WallVisitorUtils.d();
        WallVisitorUtils.a((WallVisitor) this, (SQLInsertInto) sQLInsertStatement);
        return true;
    }

    @Override // com.alibaba.druid.sql.visitor.SQLASTVisitorAdapter, com.alibaba.druid.sql.visitor.SQLASTVisitor
    public boolean b(SQLSelectItem sQLSelectItem) {
        WallVisitorUtils.a((WallVisitor) this, sQLSelectItem);
        return true;
    }

    @Override // com.alibaba.druid.sql.visitor.SQLASTVisitorAdapter, com.alibaba.druid.sql.visitor.SQLASTVisitor
    public boolean b(SQLSetStatement sQLSetStatement) {
        return false;
    }

    @Override // com.alibaba.druid.sql.visitor.SQLASTVisitorAdapter, com.alibaba.druid.sql.visitor.SQLASTVisitor
    public boolean b(SQLUnionQuery sQLUnionQuery) {
        WallVisitorUtils.a((WallVisitor) this, sQLUnionQuery);
        return true;
    }

    @Override // com.alibaba.druid.sql.visitor.SQLASTVisitorAdapter, com.alibaba.druid.sql.visitor.SQLASTVisitor
    public boolean b(SQLUpdateStatement sQLUpdateStatement) {
        WallVisitorUtils.d();
        WallVisitorUtils.a((WallVisitor) this, sQLUpdateStatement);
        return true;
    }

    @Override // com.alibaba.druid.sql.dialect.mysql.visitor.MySqlASTVisitorAdapter, com.alibaba.druid.sql.dialect.mysql.visitor.MySqlASTVisitor
    public boolean b(MySqlCreateTableStatement mySqlCreateTableStatement) {
        WallVisitorUtils.a((WallVisitor) this, (SQLCreateTableStatement) mySqlCreateTableStatement);
        return true;
    }

    @Override // com.alibaba.druid.sql.dialect.mysql.visitor.MySqlASTVisitorAdapter, com.alibaba.druid.sql.dialect.mysql.visitor.MySqlASTVisitor
    public boolean b(MySqlDeleteStatement mySqlDeleteStatement) {
        WallVisitorUtils.a((WallVisitor) this, mySqlDeleteStatement.k());
        return b((SQLDeleteStatement) mySqlDeleteStatement);
    }

    @Override // com.alibaba.druid.sql.dialect.mysql.visitor.MySqlASTVisitorAdapter, com.alibaba.druid.sql.dialect.mysql.visitor.MySqlASTVisitor
    public boolean b(MySqlInsertStatement mySqlInsertStatement) {
        return b((SQLInsertStatement) mySqlInsertStatement);
    }

    @Override // com.alibaba.druid.sql.dialect.mysql.visitor.MySqlASTVisitorAdapter, com.alibaba.druid.sql.dialect.mysql.visitor.MySqlASTVisitor
    public boolean b(MySqlSelectQueryBlock.Limit limit) {
        if (!(limit.l() instanceof SQLNumericLiteralExpr)) {
            return true;
        }
        WallContext l = WallContext.l();
        if (((SQLNumericLiteralExpr) limit.l()).k().intValue() != 0) {
            return true;
        }
        if (l != null) {
            l.j();
        }
        if (this.d.c().J()) {
            return true;
        }
        g().add(new IllegalSQLObjectViolation(2200, "limit row 0", c(limit)));
        return true;
    }

    @Override // com.alibaba.druid.sql.dialect.mysql.visitor.MySqlASTVisitorAdapter, com.alibaba.druid.sql.dialect.mysql.visitor.MySqlASTVisitor
    public boolean b(MySqlShowCreateTableStatement mySqlShowCreateTableStatement) {
        WallSqlTableStat a;
        String h = ((SQLName) mySqlShowCreateTableStatement.getName()).h();
        WallContext l = WallContext.l();
        if (l == null || (a = l.a(h)) == null) {
            return false;
        }
        a.s();
        return false;
    }

    @Override // com.alibaba.druid.sql.dialect.mysql.visitor.MySqlASTVisitorAdapter, com.alibaba.druid.sql.dialect.mysql.visitor.MySqlASTVisitor
    public boolean b(MySqlUnionQuery mySqlUnionQuery) {
        WallVisitorUtils.a((WallVisitor) this, (SQLUnionQuery) mySqlUnionQuery);
        return true;
    }

    @Override // com.alibaba.druid.sql.dialect.mysql.visitor.MySqlASTVisitorAdapter, com.alibaba.druid.sql.dialect.mysql.visitor.MySqlASTVisitor
    public boolean b(MySqlUpdateStatement mySqlUpdateStatement) {
        return b((SQLUpdateStatement) mySqlUpdateStatement);
    }

    @Override // com.alibaba.druid.wall.WallVisitor
    public String c(SQLObject sQLObject) {
        return SQLUtils.a(sQLObject);
    }

    @Override // com.alibaba.druid.wall.WallVisitor
    public boolean c(String str) {
        if (this.c.j0()) {
            return !this.d.d(str);
        }
        return false;
    }

    @Override // com.alibaba.druid.wall.WallVisitor
    public WallProvider d() {
        return this.d;
    }

    public boolean d(String str) {
        if (str.startsWith("@@")) {
            str = str.substring(2);
        }
        return this.c.d().contains(str.toLowerCase());
    }

    @Override // com.alibaba.druid.wall.WallVisitor
    public WallConfig e() {
        return this.c;
    }

    @Override // com.alibaba.druid.wall.WallVisitor
    public boolean f() {
        return this.g;
    }

    @Override // com.alibaba.druid.wall.WallVisitor
    public List<Violation> g() {
        return this.e;
    }

    @Override // com.alibaba.druid.wall.WallVisitor
    public String getDbType() {
        return "mysql";
    }

    @Override // com.alibaba.druid.wall.WallVisitor
    public boolean h() {
        return this.f;
    }
}
