package com.actionsoft.bpms.commons.security.sql;

import java.sql.SQLException;
import java.util.regex.Pattern;

/* loaded from: input_file:com/actionsoft/bpms/commons/security/sql/SQLSecurityProxy.class */
public class SQLSecurityProxy {
    private static Pattern INJECT_KEY = Pattern.compile("\\s+and\\s+|\\s+or\\s+", 2);
    private static Pattern INJECT_EXEC = Pattern.compile("EXECUTE|SP_|EXEC", 2);

    public static void checkInjection(String str, String str2, String str3) throws SQLException {
        if (str3 == null) {
            return;
        }
        if (INJECT_KEY.matcher(str3).find()) {
            throw new SQLException("输入条件不允许包含AND,OR");
        }
        if (str3.indexOf(59) != -1) {
            throw new SQLException("输入条件不允许包含;");
        }
        if (INJECT_EXEC.matcher(str3).find()) {
            throw new SQLException("输入条件不允许包含EXEC,EXECUTE,SP_");
        }
    }
}
