package pt.digitalis.dif.utils.security;

import pt.digitalis.dif.exception.BusinessException;
import pt.digitalis.dif.utils.logging.DIFLogger;
import pt.digitalis.dif.utils.security.configuration.HTTPSecurityConfiguration;
import pt.digitalis.utils.common.StringUtils;

/* loaded from: input_file:WEB-INF/lib/dif-core-2.8.9-4.jar:pt/digitalis/dif/utils/security/ParameterSQLInjectionManager.class */
public class ParameterSQLInjectionManager {
    public static Boolean sqlInjectionSafe(String str, String str2, Boolean bool) {
        Boolean valueOf = Boolean.valueOf(SqlSafeUtil.isSqlInjectionSafe(str2));
        if (!valueOf.booleanValue() && bool.booleanValue()) {
            DIFLogger.getLogger().info("SQL Injection detected for parameter [" + str + "] with value [" + str2 + "]");
            if (bool.booleanValue()) {
                DIFLogger.getLogger().warn(new BusinessException("SQL Injection detected").addToExceptionContext("Parameter value", str2).getRenderedExceptionContext());
            }
        }
        return valueOf;
    }

    public static String verifyInjectionSafe(String str, String str2, boolean z) {
        Boolean blockSQLInjection = HTTPSecurityConfiguration.getInstance().getBlockSQLInjection();
        if (blockSQLInjection != null && !blockSQLInjection.booleanValue()) {
            return str2;
        }
        if (!StringUtils.isNotBlank(str2) || sqlInjectionSafe(str, str2, Boolean.valueOf(z)).booleanValue()) {
            return str2;
        }
        throw new RuntimeException("The parameter [" + str + "] with value [" + str2 + "] has SQL Injection attack content");
    }
}
