package cn.com.yusys.yusp.commons.security.web.filter;

import java.io.IOException;
import java.util.Enumeration;
import java.util.regex.Pattern;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:cn/com/yusys/yusp/commons/security/web/filter/SQLInjectionServletFilter.class */
public class SQLInjectionServletFilter implements Filter {
    private static final Logger logger = LoggerFactory.getLogger(SQLInjectionServletFilter.class);
    private static String regex = "";
    private Pattern sqlPattern;

    public void init(FilterConfig filterConfig) throws ServletException {
        regex = filterConfig.getInitParameter("regex");
        this.sqlPattern = Pattern.compile(regex, 2);
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        Enumeration parameterNames = servletRequest.getParameterNames();
        while (parameterNames.hasMoreElements()) {
            String[] parameterValues = servletRequest.getParameterValues((String) parameterNames.nextElement());
            for (int i = 0; i < parameterValues.length; i++) {
                if (!isValid(parameterValues[i])) {
                    throw new IOException("The parameter in your request contains illegal characters:" + parameterValues[i]);
                }
            }
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    public void destroy() {
    }

    private boolean isValid(String str) {
        if (!this.sqlPattern.matcher(str).find()) {
            return true;
        }
        logger.error("sql injection：str={}", str);
        return false;
    }
}
