package com.jzt.cloud.ba.quake.config;

import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Vector;
import java.util.regex.Pattern;
import javax.servlet.ReadListener;
import javax.servlet.ServletInputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import org.springframework.util.StreamUtils;

/* loaded from: input_file:BOOT-INF/classes/com/jzt/cloud/ba/quake/config/XssAndSqlHttpServletRequestWrapper.class */
public class XssAndSqlHttpServletRequestWrapper extends HttpServletRequestWrapper {
    private static Pattern scriptPat1 = Pattern.compile("<[\r\n| | ]*script[\r\n| | ]*>(.*?)</[\r\n| | ]*script[\r\n| | ]*>", 2);
    private static Pattern scriptPat2 = Pattern.compile("src[\r\n| | ]*=[\r\n| | ]*[\\\"|\\'](.*?)[\\\"|\\']", 42);
    private static Pattern scriptPat3 = Pattern.compile("</[\r\n| | ]*script[\r\n| | ]*>", 2);
    private static Pattern scriptPat4 = Pattern.compile("<[\r\n| | ]*script(.*?)>", 42);
    private static Pattern scriptPat5 = Pattern.compile("eval\\((.*?)\\)", 42);
    private static Pattern scriptPat6 = Pattern.compile("e-xpression\\((.*?)\\)", 42);
    private static Pattern scriptPat7 = Pattern.compile("javascript[\r\n| | ]*:[\r\n| | ]*", 2);
    private static Pattern scriptPat8 = Pattern.compile("vbscript[\r\n| | ]*:[\r\n| | ]*", 2);
    private static Pattern scriptPat9 = Pattern.compile("onload(.*?)=", 42);
    private static Pattern scriptPat10 = Pattern.compile("\\b(and|exec|insert|select|drop|grant|alter|delete|update|count|chr|mid|master|truncate|char|declare|or)\\b|(\\*|;|\\+|'|%)", 42);
    HttpServletRequest orgRequest;
    private Map<String, String[]> parameterMap;
    private final byte[] body;

    public XssAndSqlHttpServletRequestWrapper(HttpServletRequest httpServletRequest) throws IOException {
        super(httpServletRequest);
        this.orgRequest = null;
        this.orgRequest = httpServletRequest;
        this.parameterMap = httpServletRequest.getParameterMap();
        this.body = StreamUtils.copyToByteArray(httpServletRequest.getInputStream());
    }

    @Override // javax.servlet.ServletRequestWrapper, javax.servlet.ServletRequest
    public Enumeration<String> getParameterNames() {
        return new Vector(this.parameterMap.keySet()).elements();
    }

    @Override // javax.servlet.ServletRequestWrapper, javax.servlet.ServletRequest
    public String getParameter(String str) {
        String[] strArr = this.parameterMap.get(str);
        if (strArr == null || strArr.length <= 0) {
            return null;
        }
        String str2 = strArr[0];
        if (str2 != null) {
            str2 = xssEncode(str2);
        }
        return str2;
    }

    @Override // javax.servlet.ServletRequestWrapper, javax.servlet.ServletRequest
    public String[] getParameterValues(String str) {
        String[] strArr = this.parameterMap.get(str);
        if (strArr == null || strArr.length <= 0) {
            return null;
        }
        int length = strArr.length;
        for (int i = 0; i < length; i++) {
            strArr[i] = xssEncode(strArr[i]);
        }
        return strArr;
    }

    @Override // javax.servlet.http.HttpServletRequestWrapper, javax.servlet.http.HttpServletRequest
    public String getHeader(String str) {
        String header = super.getHeader(xssEncode(str));
        if (header != null) {
            header = xssEncode(header);
        }
        return header;
    }

    private static String xssEncode(String str) {
        if (str == null || str.isEmpty()) {
            return str;
        }
        String stripXSSAndSql = stripXSSAndSql(str);
        StringBuilder sb = new StringBuilder(stripXSSAndSql.length() + 16);
        for (int i = 0; i < stripXSSAndSql.length(); i++) {
            char charAt = stripXSSAndSql.charAt(i);
            switch (charAt) {
                case '#':
                    sb.append("＃");
                    break;
                case '&':
                    sb.append("＆");
                    break;
                case '<':
                    sb.append("＜");
                    break;
                case '>':
                    sb.append("＞");
                    break;
                default:
                    sb.append(charAt);
                    break;
            }
        }
        return sb.toString();
    }

    public HttpServletRequest getOrgRequest() {
        return this.orgRequest;
    }

    public static HttpServletRequest getOrgRequest(HttpServletRequest httpServletRequest) {
        return httpServletRequest instanceof XssAndSqlHttpServletRequestWrapper ? ((XssAndSqlHttpServletRequestWrapper) httpServletRequest).getOrgRequest() : httpServletRequest;
    }

    public static String stripXSSAndSql(String str) {
        if (str != null) {
            String replaceAll = scriptPat6.matcher(scriptPat5.matcher(scriptPat4.matcher(scriptPat3.matcher(scriptPat2.matcher(scriptPat1.matcher(str).replaceAll("")).replaceAll("")).replaceAll("")).replaceAll("")).replaceAll("")).replaceAll("");
            Pattern pattern = scriptPat7;
            str = scriptPat9.matcher(scriptPat8.matcher(replaceAll).replaceAll("")).replaceAll("");
        }
        return str;
    }

    public static boolean checkXSSAndSql(String str) {
        boolean z = false;
        if (str.contains("eprescriptionDTO")) {
            return false;
        }
        if (str != null) {
            boolean find = scriptPat1.matcher(str).find();
            if (find) {
                return find;
            }
            boolean find2 = scriptPat2.matcher(str).find();
            if (find2) {
                return find2;
            }
            boolean find3 = scriptPat3.matcher(str).find();
            if (find3) {
                return find3;
            }
            boolean find4 = scriptPat4.matcher(str).find();
            if (find4) {
                return find4;
            }
            boolean find5 = scriptPat5.matcher(str).find();
            if (find5) {
                return find5;
            }
            boolean find6 = scriptPat6.matcher(str).find();
            if (find6) {
                return find6;
            }
            boolean find7 = scriptPat7.matcher(str).find();
            if (find7) {
                return find7;
            }
            boolean find8 = scriptPat8.matcher(str).find();
            if (find8) {
                return find8;
            }
            boolean find9 = scriptPat9.matcher(str).find();
            if (find9) {
                return find9;
            }
            z = scriptPat10.matcher(str).find();
            if (z) {
                return z;
            }
        }
        return z;
    }

    public final boolean checkParameter() {
        HashMap hashMap = new HashMap(this.parameterMap);
        Iterator it = hashMap.keySet().iterator();
        while (it.hasNext()) {
            Object obj = hashMap.get((String) it.next());
            if (obj instanceof String) {
                if (checkXSSAndSql((String) obj)) {
                    return true;
                }
            } else if (obj instanceof String[]) {
                for (String str : (String[]) obj) {
                    if (checkXSSAndSql(str)) {
                        return true;
                    }
                }
            } else {
                continue;
            }
        }
        return false;
    }

    @Override // javax.servlet.ServletRequestWrapper, javax.servlet.ServletRequest
    public BufferedReader getReader() throws IOException {
        return new BufferedReader(new InputStreamReader(getInputStream()));
    }

    @Override // javax.servlet.ServletRequestWrapper, javax.servlet.ServletRequest
    public ServletInputStream getInputStream() throws IOException {
        final ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(this.body);
        return new ServletInputStream() { // from class: com.jzt.cloud.ba.quake.config.XssAndSqlHttpServletRequestWrapper.1
            @Override // java.io.InputStream
            public int read() throws IOException {
                return byteArrayInputStream.read();
            }

            @Override // javax.servlet.ServletInputStream
            public boolean isFinished() {
                return false;
            }

            @Override // javax.servlet.ServletInputStream
            public boolean isReady() {
                return false;
            }

            @Override // javax.servlet.ServletInputStream
            public void setReadListener(ReadListener readListener) {
            }
        };
    }
}
