package com.dotmarketing.viewtools;

import com.dotmarketing.business.APILocator;
import com.dotmarketing.business.UserAPI;
import com.dotmarketing.common.db.DotConnect;
import com.dotmarketing.portlets.contentlet.model.Contentlet;
import com.dotmarketing.util.Config;
import com.dotmarketing.util.Logger;
import com.dotmarketing.util.UtilMethods;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import org.apache.velocity.context.Context;
import org.apache.velocity.context.InternalContextAdapterImpl;
import org.apache.velocity.tools.view.context.ViewContext;
import org.apache.velocity.tools.view.tools.ViewTool;

/* loaded from: input_file:com/dotmarketing/viewtools/SQLResultsViewTool.class */
public class SQLResultsViewTool implements ViewTool {
    private static final UserAPI userAPI = APILocator.getUserAPI();
    Context ctx;
    private InternalContextAdapterImpl ica;
    ArrayList<HashMap<String, String>> errorResults;

    @Override // org.apache.velocity.tools.view.tools.ViewTool
    public void init(Object obj) {
        this.ctx = ((ViewContext) obj).getVelocityContext();
        this.errorResults = new ArrayList<>();
    }

    public ArrayList<HashMap<String, String>> getSQLResults(String str, String str2, int i, int i2) {
        if (!canUserEvaluate()) {
            HashMap<String, String> hashMap = new HashMap<>();
            hashMap.put("hasDotConnectSQLError", "true");
            hashMap.put("dotConnectSQLError", "Content Editor cannot execute the SQLResultsViewTool becase it does not have enough permissions to do it");
            Logger.error(this, "Content Editor cannot execute the SQLResultsViewTool becase it does not have enough permissions to do it");
            this.errorResults.add(hashMap);
            return this.errorResults;
        }
        try {
            this.ica = new InternalContextAdapterImpl(this.ctx);
            String currentTemplateName = this.ica.getCurrentTemplateName();
            Contentlet find = APILocator.getContentletAPI().find(currentTemplateName.substring(currentTemplateName.indexOf("/") + 1, currentTemplateName.indexOf("_")), APILocator.getUserAPI().getSystemUser(), true);
            if (!UtilMethods.isSet(str2)) {
                return new ArrayList<>();
            }
            try {
                if (!isSQLValid(str2, find)) {
                    return this.errorResults;
                }
                DotConnect dotConnect = new DotConnect();
                dotConnect.setSQL(str2);
                if (UtilMethods.isSet(Integer.valueOf(i)) && i > 0) {
                    dotConnect.setStartRow(i);
                }
                if (UtilMethods.isSet(Integer.valueOf(i2)) && i2 > 0) {
                    dotConnect.setMaxRows(i2);
                }
                if (!str.equals("default")) {
                    return dotConnect.getResults(str);
                }
                if (Config.getBooleanProperty("ALLOW_VELOCITY_SQL_ACCESS_TO_DOTCMS_DB", false)) {
                    return dotConnect.getResults();
                }
                Logger.error(this, "getSQLResults Tool is trying to execute queries using the default connection pool.");
                Logger.debug(this, "ALLOW_VELOCITY_SQL_ACCESS_TO_DOTCMS_DB is set to false");
                HashMap<String, String> hashMap2 = new HashMap<>();
                hashMap2.put("hasDotConnectSQLError", "true");
                hashMap2.put("dotConnectSQLError", "getSQLResults Tool is trying to execute queries using the default connection pool. ALLOW_VELOCITY_SQL_ACCESS_TO_DOTCMS_DB is set to false");
                this.errorResults.add(hashMap2);
                return this.errorResults;
            } catch (Exception e) {
                HashMap<String, String> hashMap3 = new HashMap<>();
                hashMap3.put("hasDotConnectSQLError", "true");
                hashMap3.put("dotConnectSQLError", "There was a sql error:" + e.getMessage());
                this.errorResults.add(hashMap3);
                return this.errorResults;
            }
        } catch (Exception e2) {
            Logger.error(this, "There was a problem retrieving the content where SQLResultsViewTool was called");
            HashMap<String, String> hashMap4 = new HashMap<>();
            hashMap4.put("hasDotConnectSQLError", "true");
            hashMap4.put("dotConnectSQLError", "There was a sql error:" + e2.getMessage());
            this.errorResults.add(hashMap4);
            return this.errorResults;
        }
    }

    public ArrayList<HashMap<String, String>> getParameterizedSQLResults(String str, String str2, ArrayList<Object> arrayList, int i, int i2) {
        if (!canUserEvaluate()) {
            HashMap<String, String> hashMap = new HashMap<>();
            hashMap.put("hasDotConnectSQLError", "true");
            hashMap.put("dotConnectSQLError", "Content Editor cannot execute the SQLResultsViewTool becase it does not have enough permissions to do it");
            Logger.error(this, "Content Editor cannot execute the SQLResultsViewTool becase it does not have enough permissions to do it");
            this.errorResults.add(hashMap);
            return this.errorResults;
        }
        try {
            this.ica = new InternalContextAdapterImpl(this.ctx);
            String currentTemplateName = this.ica.getCurrentTemplateName();
            Contentlet find = APILocator.getContentletAPI().find(currentTemplateName.substring(currentTemplateName.indexOf("/") + 1, currentTemplateName.indexOf("_")), APILocator.getUserAPI().getSystemUser(), true);
            if (!UtilMethods.isSet(str2)) {
                return new ArrayList<>();
            }
            try {
                if (!isSQLValid(str2, find)) {
                    return this.errorResults;
                }
                int i3 = 0;
                for (int i4 = 0; i4 < str2.length(); i4++) {
                    if (str2.charAt(i4) == '?') {
                        i3++;
                    }
                }
                if (i3 != arrayList.size()) {
                    HashMap<String, String> hashMap2 = new HashMap<>();
                    hashMap2.put("hasDotConnectSQLError", "true");
                    hashMap2.put("dotConnectSQLError", "getParameterizedSQLResults Tool won't work if the amount of params in SQL is different than size of params list");
                    this.errorResults.add(hashMap2);
                    return this.errorResults;
                }
                Iterator<Object> it = arrayList.iterator();
                while (it.hasNext()) {
                    if (!isSQLValid(it.next().toString(), find)) {
                        return this.errorResults;
                    }
                }
                DotConnect dotConnect = new DotConnect();
                dotConnect.setSQL(str2);
                if (UtilMethods.isSet(Integer.valueOf(i)) && i > 0) {
                    dotConnect.setStartRow(i);
                }
                if (UtilMethods.isSet(Integer.valueOf(i2)) && i2 > 0) {
                    dotConnect.setMaxRows(i2);
                }
                Iterator<Object> it2 = arrayList.iterator();
                while (it2.hasNext()) {
                    Object next = it2.next();
                    if (UtilMethods.isSet(next)) {
                        dotConnect.addParam(next);
                    }
                }
                if (!str.equals("default")) {
                    return dotConnect.getResults(str);
                }
                if (Config.getBooleanProperty("ALLOW_VELOCITY_SQL_ACCESS_TO_DOTCMS_DB", false)) {
                    return dotConnect.getResults();
                }
                Logger.error(this, "getSQLResults Tool is trying to execute queries using the default connection pool.");
                Logger.debug(this, "ALLOW_VELOCITY_SQL_ACCESS_TO_DOTCMS_DB is set to false");
                HashMap<String, String> hashMap3 = new HashMap<>();
                hashMap3.put("hasDotConnectSQLError", "true");
                hashMap3.put("dotConnectSQLError", "getSQLResults Tool is trying to execute queries using the default connection pool. ALLOW_VELOCITY_SQL_ACCESS_TO_DOTCMS_DB is set to false");
                this.errorResults.add(hashMap3);
                return this.errorResults;
            } catch (Exception e) {
                HashMap<String, String> hashMap4 = new HashMap<>();
                hashMap4.put("hasDotConnectSQLError", "true");
                hashMap4.put("dotConnectSQLError", "There was a sql error:" + e.getMessage());
                this.errorResults.add(hashMap4);
                return this.errorResults;
            }
        } catch (Exception e2) {
            Logger.error(this, "There was a problem retrieving the content where SQLResultsViewTool was called");
            HashMap<String, String> hashMap5 = new HashMap<>();
            hashMap5.put("hasDotConnectSQLError", "true");
            hashMap5.put("dotConnectSQLError", "There was a sql error:" + e2.getMessage());
            this.errorResults.add(hashMap5);
            return this.errorResults;
        }
    }

    protected boolean canUserEvaluate() {
        try {
            this.ica = new InternalContextAdapterImpl(this.ctx);
            String currentTemplateName = this.ica.getCurrentTemplateName();
            return APILocator.getRoleAPI().doesUserHaveRole(userAPI.loadUserById(APILocator.getContentletAPI().find(currentTemplateName.substring(currentTemplateName.indexOf("/") + 1, currentTemplateName.indexOf("_")), APILocator.getUserAPI().getSystemUser(), true).getModUser(), APILocator.getUserAPI().getSystemUser(), true), APILocator.getRoleAPI().loadRoleByKey("Scripting Developer"));
        } catch (Exception e) {
            Logger.warn((Class) getClass(), "Scripting called with error" + e);
            return false;
        }
    }

    protected boolean isSQLValid(String str, Contentlet contentlet) {
        if (str.toLowerCase().indexOf("user_") > -1) {
            Logger.error(this, "getSQLResults Tool is trying to query the user_ table");
            Logger.debug(this, "Check content with id: " + contentlet.getIdentifier());
            HashMap<String, String> hashMap = new HashMap<>();
            hashMap.put("hasDotConnectSQLError", "true");
            hashMap.put("dotConnectSQLError", "getSQLResults Tool is trying to query the user_ table");
            this.errorResults.add(hashMap);
            return false;
        }
        if (str.toLowerCase().indexOf("cms_role") > -1) {
            Logger.error(this, "getSQLResults Tool is trying to query the cms_role table");
            Logger.debug(this, "Check content with id: " + contentlet.getIdentifier());
            HashMap<String, String> hashMap2 = new HashMap<>();
            hashMap2.put("hasDotConnectSQLError", "true");
            hashMap2.put("dotConnectSQLError", "getSQLResults Tool is trying to query the cms_role table");
            this.errorResults.add(hashMap2);
            return false;
        }
        if (str.toLowerCase().indexOf("delete ") <= -1 && str.toLowerCase().indexOf("drop ") <= -1 && str.toLowerCase().indexOf("truncate ") <= -1 && str.toLowerCase().indexOf("alter ") <= -1 && str.toLowerCase().indexOf("create ") <= -1 && str.toLowerCase().indexOf("update ") <= -1) {
            return true;
        }
        Logger.error(this, "getSQLResults Tool is trying to run a forbidden query");
        Logger.debug(this, "Check content with id: " + contentlet.getIdentifier());
        HashMap<String, String> hashMap3 = new HashMap<>();
        hashMap3.put("hasDotConnectSQLError", "true");
        hashMap3.put("dotConnectSQLError", "getSQLResults Tool is trying to run a forbidden query");
        this.errorResults.add(hashMap3);
        return false;
    }
}
