package ink.huaxun.gateway.config;

import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:ink/huaxun/gateway/config/XssHttpServletRequestWrapper.class */
public class XssHttpServletRequestWrapper extends RequestWrapper {
    private static final Logger logger = LoggerFactory.getLogger(XssHttpServletRequestWrapper.class);
    private static final String[] KEY = {"and", "exec", "insert", "select", "delete", "update", "count", "*", "%", "chr", "mid", "master", "truncate", "char", "declare", ";", "or", "-", "+"};
    private static final Set<String> NOT_ALLOWED_KEY_WORDS = new HashSet(Arrays.asList(KEY));
    private static final String REPLACED_STRING = "INVALID";
    private final String currentUrl;

    public XssHttpServletRequestWrapper(HttpServletRequest httpServletRequest) {
        super(httpServletRequest);
        this.currentUrl = httpServletRequest.getRequestURI();
    }

    public String getParameter(String str) {
        String parameter = super.getParameter(str);
        if (parameter == null) {
            return null;
        }
        return cleanXSS(parameter);
    }

    public String[] getParameterValues(String str) {
        String[] parameterValues = super.getParameterValues(str);
        if (parameterValues == null) {
            return null;
        }
        int length = parameterValues.length;
        String[] strArr = new String[length];
        for (int i = 0; i < length; i++) {
            strArr[i] = cleanXSS(parameterValues[i]);
        }
        return strArr;
    }

    public Map<String, String[]> getParameterMap() {
        Map parameterMap = super.getParameterMap();
        if (parameterMap == null) {
            return null;
        }
        HashMap hashMap = new HashMap();
        for (String str : parameterMap.keySet()) {
            String cleanXSS = cleanXSS(str);
            int length = ((String[]) parameterMap.get(str)).length;
            String[] strArr = new String[length];
            for (int i = 0; i < length; i++) {
                strArr[i] = cleanXSS(((String[]) parameterMap.get(str))[i]);
            }
            hashMap.put(cleanXSS, strArr);
        }
        return hashMap;
    }

    public String getHeader(String str) {
        String header = super.getHeader(str);
        if (header == null) {
            return null;
        }
        return cleanXSS(header);
    }

    public String cleanXSS(String str) {
        return cleanSqlKeyWords(str).replaceAll("<", "& lt;").replaceAll(">", "& gt;").replaceAll("\\(", "& #40;").replaceAll("\\)", "& #41;").replaceAll("'", "& #39;").replaceAll("eval\\((.*)\\)", "").replaceAll("[\"'][\\s]*javascript:(.*)[\"']", "\"\"").replaceAll("script", "");
    }

    private String cleanSqlKeyWords(String str) {
        String str2 = str;
        for (String str3 : NOT_ALLOWED_KEY_WORDS) {
            if (str2.length() > str3.length() + 4 && (str2.contains(" " + str3) || str2.contains(str3 + " ") || str2.contains(" " + str3 + " "))) {
                str2 = StringUtils.replace(str2, str3, REPLACED_STRING);
                logger.error(this.currentUrl + "已被过滤，因为参数中包含不允许sql的关键词(" + str3 + ");参数：" + str + ";过滤后的参数：" + str2);
            }
        }
        return str2;
    }
}
