package com.picc.gz.model.util;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;

/* loaded from: input_file:com/picc/gz/model/util/InjectionAttackWrapperDataStr.class */
public class InjectionAttackWrapperDataStr extends HttpServletRequestWrapper {
    private static final String EVENTS = "((?i)onload|onunload|onchange|onsubmit|onreset|onselect|onblur|onfocus|onkeydown|onkeypress|onkeyup|onclick|ondblclick|onmousedown|onmousemove|onmouseout|onmouseover|onmouseup)";
    private static final String XSS_HTML_TAG = "(%3C)|(%3E)|[<>]+";
    private static final String XSS_INJECTION = "((%22%20)|(%22\\s)|('%22)|(%22\\+))\\w.*|(\\s|%20)((?i)onload|onunload|onchange|onsubmit|onreset|onselect|onblur|onfocus|onkeydown|onkeypress|onkeyup|onclick|ondblclick|onmousedown|onmousemove|onmouseout|onmouseover|onmouseup).*|(%3D)|(%7C)";
    private static final String XSS_REGEX = "(%3C)|(%3E)|[<>]+|((%22%20)|(%22\\s)|('%22)|(%22\\+))\\w.*|(\\s|%20)((?i)onload|onunload|onchange|onsubmit|onreset|onselect|onblur|onfocus|onkeydown|onkeypress|onkeyup|onclick|ondblclick|onmousedown|onmousemove|onmouseout|onmouseover|onmouseup).*|(%3D)|(%7C)";
    private static final String SQL_REGEX = "('.+--)|(--)|(\\|)|(%7C)";
    static boolean filterXSS = true;
    static boolean filterSQL = true;

    public InjectionAttackWrapperDataStr(HttpServletRequest httpServletRequest, boolean z, boolean z2) {
        super(httpServletRequest);
        filterXSS = z;
        filterSQL = z2;
    }

    public InjectionAttackWrapperDataStr(HttpServletRequest httpServletRequest) {
        this(httpServletRequest, true, true);
    }

    public static String getDataStr(String str) {
        return filterParamString(str);
    }

    protected static String filterParamString(String str) {
        if (str == null) {
            return null;
        }
        if (filterXSS()) {
            str = str.replaceAll(XSS_REGEX, "");
        }
        if (filterSQL()) {
            str = str.replaceAll(SQL_REGEX, "");
        }
        return str;
    }

    protected static boolean filterXSS() {
        return filterXSS;
    }

    protected static boolean filterSQL() {
        return filterSQL;
    }
}
