package com.sinosoftgz.starter.custom.security.filter;

import java.util.HashMap;
import java.util.Map;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;

/* loaded from: input_file:BOOT-INF/lib/component-starter-customsecurity-Causeway.Bay.RELEASE.jar:com/sinosoftgz/starter/custom/security/filter/InjectionAttackWrapper.class */
public class InjectionAttackWrapper extends HttpServletRequestWrapper {
    private static final String EVENTS = "((?i)onload|onunload|onchange|onsubmit|onreset|onselect|onblur|onfocus|onkeydown|onkeypress|onkeyup|onclick|ondblclick|onmousedown|onmousemove|onmouseout|onmouseover|onmouseup|onerror)";
    private static final String XSS_HTML_TAG = "(%3C)|(%3E)|[<>]+";
    private static final String XSS_INJECTION = "((%22%20)|(%22\\s)|('%22)|(%22\\+))\\w.*|(\\s|%20)((?i)onload|onunload|onchange|onsubmit|onreset|onselect|onblur|onfocus|onkeydown|onkeypress|onkeyup|onclick|ondblclick|onmousedown|onmousemove|onmouseout|onmouseover|onmouseup|onerror).*|(%3D)|(%7C)";
    private static final String XSS_REGEX = "(%3C)|(%3E)|[<>]+|((%22%20)|(%22\\s)|('%22)|(%22\\+))\\w.*|(\\s|%20)((?i)onload|onunload|onchange|onsubmit|onreset|onselect|onblur|onfocus|onkeydown|onkeypress|onkeyup|onclick|ondblclick|onmousedown|onmousemove|onmouseout|onmouseover|onmouseup|onerror).*|(%3D)|(%7C)";
    private static final String SQL_REGEX = "('.+--)|(--)|(\\|)|(%7C)";
    boolean filterXSS;
    boolean filterSQL;

    public InjectionAttackWrapper(HttpServletRequest httpServletRequest, boolean z, boolean z2) {
        super(httpServletRequest);
        this.filterXSS = true;
        this.filterSQL = true;
        this.filterXSS = z;
        this.filterSQL = z2;
    }

    public InjectionAttackWrapper(HttpServletRequest httpServletRequest) {
        this(httpServletRequest, true, true);
    }

    @Override // javax.servlet.ServletRequestWrapper, javax.servlet.ServletRequest
    public String getParameter(String str) {
        return filterParamString(super.getParameter(str));
    }

    @Override // javax.servlet.ServletRequestWrapper, javax.servlet.ServletRequest
    public Map<String, String[]> getParameterMap() {
        Map<String, String[]> parameterMap = super.getParameterMap();
        HashMap hashMap = new HashMap(parameterMap.size());
        for (String str : parameterMap.keySet()) {
            hashMap.put(str, filterStringArray(parameterMap.get(str)));
        }
        return hashMap;
    }

    protected String[] filterStringArray(String[] strArr) {
        String[] strArr2 = new String[strArr.length];
        for (int i = 0; i < strArr.length; i++) {
            strArr2[i] = filterParamString(strArr[i]);
        }
        return strArr2;
    }

    @Override // javax.servlet.ServletRequestWrapper, javax.servlet.ServletRequest
    public String[] getParameterValues(String str) {
        String[] parameterValues = super.getParameterValues(str);
        if (parameterValues == null) {
            return null;
        }
        String[] strArr = new String[parameterValues.length];
        for (int i = 0; i < parameterValues.length; i++) {
            strArr[i] = filterParamString(parameterValues[i]);
        }
        return strArr;
    }

    protected String filterParamString(String str) {
        if (str == null) {
            return null;
        }
        if (filterXSS()) {
            str = str.replaceAll(XSS_REGEX, "");
        }
        if (filterSQL()) {
            str = str.replaceAll(SQL_REGEX, "");
        }
        return str;
    }

    @Override // javax.servlet.http.HttpServletRequestWrapper, javax.servlet.http.HttpServletRequest
    public Cookie[] getCookies() {
        Cookie[] cookies = super.getCookies();
        if (cookies != null) {
            for (Cookie cookie : cookies) {
                cookie.setValue(filterParamString(cookie.getValue()));
            }
        }
        return cookies;
    }

    @Override // javax.servlet.http.HttpServletRequestWrapper, javax.servlet.http.HttpServletRequest
    public String getQueryString() {
        return filterParamString(super.getQueryString());
    }

    protected boolean filterXSS() {
        return this.filterXSS;
    }

    protected boolean filterSQL() {
        return this.filterSQL;
    }
}
