package com.xdja.validated.filter;

import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Component;

@WebFilter(filterName = "XssFilter", urlPatterns = {"/*"})
@Component
/* loaded from: input_file:com/xdja/validated/filter/XssFilter.class */
public class XssFilter implements Filter {
    private Logger LOG = LoggerFactory.getLogger(XssFilter.class);

    @Component
    /* loaded from: input_file:com/xdja/validated/filter/XssFilter$XssHttpServletRequestWraper.class */
    class XssHttpServletRequestWraper extends HttpServletRequestWrapper {
        public XssHttpServletRequestWraper(HttpServletRequest httpServletRequest) {
            super(httpServletRequest);
        }

        public String getParameter(String str) {
            if (XssFilter.this.LOG.isDebugEnabled()) {
                XssFilter.this.LOG.debug(".....getParameter name.......{}", str);
            }
            return clearSQL(clearXss(super.getRequest().getParameter(str)));
        }

        public String[] getParameterValues(String str) {
            String[] parameterValues = super.getRequest().getParameterValues(str);
            if (parameterValues == null || parameterValues.length <= 0) {
                return parameterValues;
            }
            XssFilter.this.LOG.debug("getParameterValues.......{}", parameterValues.toString());
            String[] strArr = new String[parameterValues.length];
            for (int i = 0; i < parameterValues.length; i++) {
                if (!StringUtils.isBlank(parameterValues[i])) {
                    strArr[i] = clearXss(parameterValues[i]);
                    strArr[i] = clearSQL(strArr[i]);
                }
            }
            return strArr;
        }

        private String clearXss(String str) {
            return StringUtils.isBlank(str) ? str : str.replaceAll("<", "&lt;").replaceAll(">", "&gt;").replaceAll("\\(", "&#40;").replace("\\)", "&#41;").replaceAll("'", "&#39;").replaceAll("eval\\((.*)\\)", "").replaceAll("[\\\"\\'][\\s]*javascript:(.*)[\\\"\\']", "\"\"").replace("script", "").replaceAll("%", "\\\\%");
        }

        protected String clearSQL(String str) {
            if (StringUtils.isNoneBlank(new CharSequence[]{str})) {
                str = str.toLowerCase();
                for (String str2 : "' or | and |exec|execute|insert|select|delete|update|count|drop|where|chr|mid|master|truncate|table|from|grant|use|group_concat|column_name|".split("\\|")) {
                    str = str.replaceAll(str2, "");
                }
            }
            return str;
        }

        public String xssEncode(String str) {
            if (str == null || str.isEmpty()) {
                return str;
            }
            StringBuilder sb = new StringBuilder();
            for (int i = 0; i < str.length(); i++) {
                char charAt = str.charAt(i);
                switch (charAt) {
                    case '\"':
                        sb.append((char) 8220);
                        break;
                    case '#':
                        sb.append((char) 65283);
                        break;
                    case '&':
                        sb.append((char) 65286);
                        break;
                    case '\'':
                        sb.append((char) 8216);
                        break;
                    case '(':
                        sb.append((char) 65288);
                        break;
                    case ')':
                        sb.append((char) 65289);
                        break;
                    case '/':
                        sb.append((char) 65295);
                        break;
                    case '<':
                        sb.append((char) 65308);
                        break;
                    case '>':
                        sb.append((char) 65310);
                        break;
                    case '\\':
                        sb.append((char) 65340);
                        break;
                    default:
                        sb.append(charAt);
                        break;
                }
            }
            return sb.toString();
        }
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        filterChain.doFilter(new XssHttpServletRequestWraper((HttpServletRequest) servletRequest), servletResponse);
    }

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void destroy() {
    }
}
