package com.jzt.cloud.ba.quake.config.filter;

import com.alibaba.fastjson.JSONObject;
import com.jzt.cloud.ba.quake.config.XssAndSqlHttpServletRequestWrapper;
import java.io.BufferedReader;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import org.springframework.util.StringUtils;

/* loaded from: input_file:BOOT-INF/classes/com/jzt/cloud/ba/quake/config/filter/XssAndSqlFilter.class */
public class XssAndSqlFilter implements Filter {
    @Override // javax.servlet.Filter
    public void destroy() {
    }

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        String str = "GET";
        XssAndSqlHttpServletRequestWrapper xssAndSqlHttpServletRequestWrapper = null;
        if (servletRequest instanceof HttpServletRequest) {
            str = ((HttpServletRequest) servletRequest).getMethod();
            xssAndSqlHttpServletRequestWrapper = new XssAndSqlHttpServletRequestWrapper((HttpServletRequest) servletRequest);
        }
        if ("POST".equalsIgnoreCase(str)) {
            String bodyString = getBodyString(xssAndSqlHttpServletRequestWrapper.getReader());
            if (!StringUtils.isEmpty(bodyString) && XssAndSqlHttpServletRequestWrapper.checkXSSAndSql(bodyString)) {
                servletResponse.setCharacterEncoding("UTF-8");
                servletResponse.setContentType("application/json;charset=UTF-8");
                servletResponse.getWriter().write(JSONObject.toJSONString("您所访问的页面请求中有违反安全规则元素存在，拒绝访问!"));
                return;
            }
        }
        if (!xssAndSqlHttpServletRequestWrapper.checkParameter() || (!"POST".equals(str) && !"GET".equals(str))) {
            filterChain.doFilter(xssAndSqlHttpServletRequestWrapper, servletResponse);
            return;
        }
        servletResponse.setCharacterEncoding("UTF-8");
        servletResponse.setContentType("application/json;charset=UTF-8");
        servletResponse.getWriter().write(JSONObject.toJSONString("您所访问的页面请求中有违反安全规则元素存在，拒绝访问!"));
    }

    @Override // javax.servlet.Filter
    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public static String getBodyString(BufferedReader bufferedReader) {
        String str = "";
        while (true) {
            try {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    break;
                }
                str = str + readLine;
            } catch (IOException e) {
                System.out.println("IOException: " + e);
            }
        }
        bufferedReader.close();
        return str;
    }
}
