package com.alibaba.druid.wall.spi;

import com.alibaba.druid.DbType;
import com.alibaba.druid.sql.ast.SQLObject;
import com.alibaba.druid.sql.ast.expr.SQLIdentifierExpr;
import com.alibaba.druid.sql.ast.expr.SQLPropertyExpr;
import com.alibaba.druid.sql.ast.expr.SQLVariantRefExpr;
import com.alibaba.druid.sql.ast.statement.SQLAssignItem;
import com.alibaba.druid.sql.ast.statement.SQLDeleteStatement;
import com.alibaba.druid.sql.ast.statement.SQLInsertStatement;
import com.alibaba.druid.sql.ast.statement.SQLSelectItem;
import com.alibaba.druid.sql.ast.statement.SQLUpdateStatement;
import com.alibaba.druid.sql.dialect.mysql.ast.expr.MySqlOutFileExpr;
import com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlCreateTableStatement;
import com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlDeleteStatement;
import com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlInsertStatement;
import com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlSelectQueryBlock;
import com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlUpdateStatement;
import com.alibaba.druid.sql.dialect.mysql.visitor.MySqlASTVisitor;
import com.alibaba.druid.wall.WallProvider;
import com.alibaba.druid.wall.WallVisitor;
import com.alibaba.druid.wall.spi.WallVisitorUtils;
import com.alibaba.druid.wall.violation.IllegalSQLObjectViolation;

/* loaded from: input_file:WEB-INF/lib/druid-1.2.6.jar:com/alibaba/druid/wall/spi/MySqlWallVisitor.class */
public class MySqlWallVisitor extends WallVisitorBase implements WallVisitor, MySqlASTVisitor {
    public MySqlWallVisitor(WallProvider wallProvider) {
        super(wallProvider);
    }

    @Override // com.alibaba.druid.wall.WallVisitor
    public DbType getDbType() {
        return DbType.mysql;
    }

    @Override // com.alibaba.druid.sql.dialect.mysql.visitor.MySqlASTVisitor
    public boolean visit(MySqlSelectQueryBlock mySqlSelectQueryBlock) {
        WallVisitorUtils.checkSelelct(this, mySqlSelectQueryBlock);
        return true;
    }

    @Override // com.alibaba.druid.sql.dialect.mysql.visitor.MySqlASTVisitor
    public boolean visit(MySqlDeleteStatement mySqlDeleteStatement) {
        WallVisitorUtils.checkReadOnly(this, mySqlDeleteStatement.getFrom());
        return visit((SQLDeleteStatement) mySqlDeleteStatement);
    }

    @Override // com.alibaba.druid.sql.dialect.mysql.visitor.MySqlASTVisitor
    public boolean visit(MySqlUpdateStatement mySqlUpdateStatement) {
        return visit((SQLUpdateStatement) mySqlUpdateStatement);
    }

    @Override // com.alibaba.druid.sql.dialect.mysql.visitor.MySqlASTVisitor
    public boolean visit(MySqlInsertStatement mySqlInsertStatement) {
        return visit((SQLInsertStatement) mySqlInsertStatement);
    }

    @Override // com.alibaba.druid.wall.WallVisitor, com.alibaba.druid.sql.visitor.SQLASTVisitor
    public boolean visit(SQLIdentifierExpr sQLIdentifierExpr) {
        return true;
    }

    @Override // com.alibaba.druid.wall.WallVisitor, com.alibaba.druid.sql.visitor.SQLASTVisitor
    public boolean visit(SQLPropertyExpr sQLPropertyExpr) {
        if (sQLPropertyExpr.getOwner() instanceof SQLVariantRefExpr) {
            SQLVariantRefExpr sQLVariantRefExpr = (SQLVariantRefExpr) sQLPropertyExpr.getOwner();
            SQLObject parent = sQLPropertyExpr.getParent();
            String name = sQLVariantRefExpr.getName();
            if (name.equalsIgnoreCase("@@session") || name.equalsIgnoreCase("@@global")) {
                if (!(parent instanceof SQLSelectItem) && !(parent instanceof SQLAssignItem)) {
                    this.violations.add(new IllegalSQLObjectViolation(2003, "variable in condition not allow", toSQL(sQLPropertyExpr)));
                    return false;
                }
                if (checkVar(sQLPropertyExpr.getParent(), sQLPropertyExpr.getName()) || WallVisitorUtils.isTopNoneFromSelect(this, sQLPropertyExpr)) {
                    return false;
                }
                boolean z = true;
                if (isDeny(name) && (WallVisitorUtils.isWhereOrHaving(sQLPropertyExpr) || WallVisitorUtils.checkSqlExpr(sQLVariantRefExpr))) {
                    z = false;
                }
                if (z) {
                    return false;
                }
                this.violations.add(new IllegalSQLObjectViolation(2003, "variable not allow : " + sQLPropertyExpr.getName(), toSQL(sQLPropertyExpr)));
                return false;
            }
        }
        WallVisitorUtils.check(this, sQLPropertyExpr);
        return true;
    }

    public boolean checkVar(SQLObject sQLObject, String str) {
        if (str == null) {
            return false;
        }
        if (str.equals("?") || !this.config.isVariantCheck()) {
            return true;
        }
        if (str.startsWith("@@")) {
            if (!(sQLObject instanceof SQLSelectItem) && !(sQLObject instanceof SQLAssignItem)) {
                return false;
            }
            str = str.substring(2);
        }
        return this.config.getPermitVariants().contains(str);
    }

    public boolean isDeny(String str) {
        if (str.startsWith("@@")) {
            str = str.substring(2);
        }
        return this.config.getDenyVariants().contains(str.toLowerCase());
    }

    @Override // com.alibaba.druid.sql.visitor.SQLASTVisitor
    public boolean visit(SQLVariantRefExpr sQLVariantRefExpr) {
        String name = sQLVariantRefExpr.getName();
        if (name == null || !name.startsWith("@@") || checkVar(sQLVariantRefExpr.getParent(), sQLVariantRefExpr.getName())) {
            return false;
        }
        WallVisitorUtils.WallTopStatementContext wallTopStatementContext = WallVisitorUtils.getWallTopStatementContext();
        if ((wallTopStatementContext != null && (wallTopStatementContext.fromSysSchema() || wallTopStatementContext.fromSysTable())) || WallVisitorUtils.isTopNoneFromSelect(this, sQLVariantRefExpr)) {
            return false;
        }
        boolean z = true;
        if (isDeny(name) && (WallVisitorUtils.isWhereOrHaving(sQLVariantRefExpr) || WallVisitorUtils.checkSqlExpr(sQLVariantRefExpr))) {
            z = false;
        }
        if (z) {
            return false;
        }
        this.violations.add(new IllegalSQLObjectViolation(2003, "variable not allow : " + sQLVariantRefExpr.getName(), toSQL(sQLVariantRefExpr)));
        return false;
    }

    @Override // com.alibaba.druid.sql.dialect.mysql.visitor.MySqlASTVisitor
    public boolean visit(MySqlOutFileExpr mySqlOutFileExpr) {
        if (this.config.isSelectIntoOutfileAllow() || WallVisitorUtils.isTopSelectOutFile(mySqlOutFileExpr)) {
            return true;
        }
        this.violations.add(new IllegalSQLObjectViolation(3000, "into out file not allow", toSQL(mySqlOutFileExpr)));
        return true;
    }

    @Override // com.alibaba.druid.wall.spi.WallVisitorBase, com.alibaba.druid.wall.WallVisitor
    public boolean isDenyTable(String str) {
        return this.config.isTableCheck() && !this.provider.checkDenyTable(str);
    }

    @Override // com.alibaba.druid.sql.dialect.mysql.visitor.MySqlASTVisitor
    public boolean visit(MySqlCreateTableStatement mySqlCreateTableStatement) {
        WallVisitorUtils.check(this, mySqlCreateTableStatement);
        return true;
    }
}
