package cn.xphsc.web.boot.sqlInjection;

import cn.xphsc.web.boot.sqlInjection.exception.SqlInjectionException;
import cn.xphsc.web.boot.sqlInjection.utils.SqlInjectionUtils;
import cn.xphsc.web.common.enums.ExceptionEnum;
import cn.xphsc.web.common.servlet.HttpServletRequestWrapperBuilder;
import cn.xphsc.web.common.servlet.MyServletInputStream;
import cn.xphsc.web.common.validator.Validator;
import cn.xphsc.web.utils.IoUtils;
import cn.xphsc.web.utils.JacksonUtils;
import cn.xphsc.web.utils.ObjectUtils;
import cn.xphsc.web.utils.StringUtils;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.util.Map;
import javax.servlet.ServletInputStream;
import javax.servlet.http.HttpServletRequest;

/* loaded from: input_file:cn/xphsc/web/boot/sqlInjection/SqlInjectionRequestWrapper.class */
public class SqlInjectionRequestWrapper extends HttpServletRequestWrapperBuilder {
    private boolean parameterEabled;

    public SqlInjectionRequestWrapper(HttpServletRequest httpServletRequest, boolean z) {
        super(httpServletRequest);
        this.parameterEabled = z;
    }

    public ServletInputStream getInputStream() throws IOException {
        String ioUtils = IoUtils.toString(getStreamBody());
        if (StringUtils.isEmpty(ioUtils)) {
            return super.getInputStream();
        }
        Map<String, Object> jsonStringToMap = jsonStringToMap(ioUtils);
        filterOfvalue(jsonStringToMap);
        return new MyServletInputStream(new ByteArrayInputStream(JacksonUtils.toJSONString(jsonStringToMap).getBytes("utf-8")));
    }

    public Object getAttribute(String str) {
        Object attributeOf = attributeOf(str);
        if (attributeOf instanceof Map) {
            attributeOf = filterOfvalue((Map) attributeOf(str));
        }
        return attributeOf;
    }

    private void checkFilterSqlException(String str) {
        if (!SqlInjectionUtils.checkSqlKeyWords(str)) {
            throw new SqlInjectionException(ExceptionEnum.SQL_KEYWORDS_EXCEPTION.getCode(), ExceptionEnum.SQL_KEYWORDS_EXCEPTION.getName());
        }
    }

    private Map<String, Object> filterOfvalue(Map<String, Object> map) {
        for (Map.Entry<String, Object> entry : map.entrySet()) {
            if (this.parameterEabled) {
                if (Validator.containString(entry.getValue())) {
                    map.put(entry.getKey(), SqlInjectionUtils.cleanSqlKeyWords(String.valueOf(entry.getValue())));
                }
            } else if (Validator.containString(entry.getValue())) {
                checkFilterSqlException(ObjectUtils.isNotEmpty(entry.getValue()) ? String.valueOf(entry.getValue()) : null);
            }
        }
        return map;
    }
}
