package cn.com.yusys.yusp.commons.filter;

import java.io.IOException;
import java.net.URLDecoder;
import java.util.Enumeration;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.oro.text.regex.Pattern;
import org.apache.oro.text.regex.Perl5Compiler;
import org.apache.oro.text.regex.Perl5Matcher;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:cn/com/yusys/yusp/commons/filter/XssAndSQLFilter.class */
public class XssAndSQLFilter implements Filter {
    private static final Logger logger = LoggerFactory.getLogger(XssAndSQLFilter.class);
    protected String encoding = null;
    protected FilterConfig filterConfig = null;
    private static Pattern invalidInputPattern;
    private static Pattern XSSURL;

    static {
        invalidInputPattern = null;
        XSSURL = null;
        Perl5Compiler perl5Compiler = new Perl5Compiler();
        try {
            invalidInputPattern = perl5Compiler.compile("<[\\s\\x00]*SCRIPT|SELECT\\s|INSERT\\s|DELETE\\s|UPDATE\\s|DROP\\s|<!--|-->|<FRAME|<IFRAME|<FRAMESET|<NOFRAME|<PLAINTEXT|<A\\s|<LINK|<MAP|<BGSOUND|<IMG|<FORM|<INPUT|<SELECT|<OPTION|<TEXTAREA|<APPLET|<OBJECT|<EMBED|<NOSCRIPT|<STYLE|ALERT[\\s\\x00]*\\(");
            XSSURL = perl5Compiler.compile("<[\\s\\x00]*SCRIPT|<TEXTAREA|<APPLET|<OBJECT|<EMBED|<NOSCRIPT|<STYLE|ALERT[\\s\\x00]*\\(");
        } catch (Exception e) {
            invalidInputPattern = null;
            XSSURL = null;
            e.printStackTrace();
            System.out.println("\n\n\nWarning:InvalidInputPattern compile error\n\n\n");
        }
    }

    public void destroy() {
        this.encoding = null;
        this.filterConfig = null;
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        requestEncodingFilter(servletRequest);
        if (safeProtectFilter(servletRequest, servletResponse)) {
            try {
                logger.debug("请求含有非法字符！");
                servletRequest.setAttribute("forwardFlag", "true");
                ((HttpServletResponse) servletResponse).sendError(500, "illegal request parameter from yusp filter");
                return;
            } catch (Exception e) {
                e.printStackTrace();
            }
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    public void requestEncodingFilter(ServletRequest servletRequest) throws IOException, ServletException {
        String selectEncoding;
        if (servletRequest.getCharacterEncoding() != null || (selectEncoding = selectEncoding(servletRequest)) == null) {
            return;
        }
        String characterEncoding = servletRequest.getCharacterEncoding();
        if (characterEncoding == null) {
            servletRequest.setCharacterEncoding(selectEncoding);
        } else if (characterEncoding.toUpperCase().indexOf(DataAuthFilter.UTF8) != -1) {
            servletRequest.setCharacterEncoding(DataAuthFilter.UTF8);
        } else {
            servletRequest.setCharacterEncoding(selectEncoding);
        }
    }

    public boolean safeProtectFilter(ServletRequest servletRequest, ServletResponse servletResponse) throws IOException {
        Perl5Matcher perl5Matcher = new Perl5Matcher();
        if ("true".equals((String) servletRequest.getAttribute("forwardFlag"))) {
            return false;
        }
        if (XSSURL != null && perl5Matcher.contains(URLDecoder.decode(((HttpServletRequest) servletRequest).getRequestURI(), "utf-8").toUpperCase(), XSSURL)) {
            return true;
        }
        if (invalidInputPattern == null) {
            return false;
        }
        Enumeration parameterNames = servletRequest.getParameterNames();
        while (parameterNames.hasMoreElements()) {
            String parameter = servletRequest.getParameter((String) parameterNames.nextElement());
            if (parameter != null && perl5Matcher.contains(parameter.toUpperCase(), invalidInputPattern)) {
                return true;
            }
        }
        return false;
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        this.filterConfig = filterConfig;
        this.encoding = filterConfig.getInitParameter("encoding");
    }

    protected String selectEncoding(ServletRequest servletRequest) {
        return this.encoding;
    }
}
