package com.zxkxc.cloud.extension.xss;

import com.zxkxc.cloud.common.utils.excel.ExcelEnumCover;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Vector;
import java.util.regex.Pattern;
import javax.servlet.ReadListener;
import javax.servlet.ServletInputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import org.springframework.util.StreamUtils;

/* loaded from: input_file:com/zxkxc/cloud/extension/xss/CustomXssHttpServletRequestWrapper.class */
public class CustomXssHttpServletRequestWrapper extends HttpServletRequestWrapper {
    HttpServletRequest originRequest;
    private final Map<String, String[]> parameterMap;
    private final byte[] body;

    public CustomXssHttpServletRequestWrapper(HttpServletRequest httpServletRequest) throws IOException {
        super(httpServletRequest);
        this.originRequest = httpServletRequest;
        this.parameterMap = httpServletRequest.getParameterMap();
        this.body = StreamUtils.copyToByteArray(httpServletRequest.getInputStream());
    }

    public Enumeration<String> getParameterNames() {
        return new Vector(this.parameterMap.keySet()).elements();
    }

    public String getParameter(String str) {
        String[] strArr = this.parameterMap.get(str);
        if (strArr == null || strArr.length <= 0) {
            return null;
        }
        String str2 = strArr[0];
        if (str2 != null) {
            str2 = xssEncode(str2);
        }
        return str2;
    }

    public String[] getParameterValues(String str) {
        String[] strArr = this.parameterMap.get(str);
        if (strArr == null || strArr.length <= 0) {
            return null;
        }
        int length = strArr.length;
        for (int i = 0; i < length; i++) {
            strArr[i] = xssEncode(strArr[i]);
        }
        return strArr;
    }

    public String getHeader(String str) {
        String header = super.getHeader(xssEncode(str));
        if (header != null) {
            header = xssEncode(header);
        }
        return header;
    }

    private static String xssEncode(String str) {
        if (str == null || str.isEmpty()) {
            return str;
        }
        String stripXssAndSql = stripXssAndSql(str);
        StringBuilder sb = new StringBuilder(stripXssAndSql.length() + 16);
        for (int i = 0; i < stripXssAndSql.length(); i++) {
            char charAt = stripXssAndSql.charAt(i);
            switch (charAt) {
                case '#':
                    sb.append("＃");
                    break;
                case '&':
                    sb.append("＆");
                    break;
                case '<':
                    sb.append("＜");
                    break;
                case '>':
                    sb.append("＞");
                    break;
                default:
                    sb.append(charAt);
                    break;
            }
        }
        return sb.toString();
    }

    public static String stripXssAndSql(String str) {
        if (str != null) {
            str = Pattern.compile("onload(.*?)=", 42).matcher(Pattern.compile("vbscript[\r\n| | ]*:[\r\n| | ]*", 2).matcher(Pattern.compile("javascript[\r\n| | ]*:[\r\n| | ]*", 2).matcher(Pattern.compile("e-xpression\\((.*?)\\)", 42).matcher(Pattern.compile("eval\\((.*?)\\)", 42).matcher(Pattern.compile("<[\r\n| | ]*script(.*?)>", 42).matcher(Pattern.compile("</[\r\n| | ]*script[\r\n| | ]*>", 2).matcher(Pattern.compile("src[\r\n| | ]*=[\r\n| | ]*[\\\"|\\'](.*?)[\\\"|\\']", 42).matcher(Pattern.compile("<[\r\n| | ]*script[\r\n| | ]*>(.*?)</[\r\n| | ]*script[\r\n| | ]*>", 2).matcher(str).replaceAll(ExcelEnumCover.targetCoverExp)).replaceAll(ExcelEnumCover.targetCoverExp)).replaceAll(ExcelEnumCover.targetCoverExp)).replaceAll(ExcelEnumCover.targetCoverExp)).replaceAll(ExcelEnumCover.targetCoverExp)).replaceAll(ExcelEnumCover.targetCoverExp)).replaceAll(ExcelEnumCover.targetCoverExp)).replaceAll(ExcelEnumCover.targetCoverExp)).replaceAll(ExcelEnumCover.targetCoverExp);
        }
        return str;
    }

    public final boolean checkXssAndSql(String str) {
        boolean z = false;
        if (str != null) {
            boolean find = Pattern.compile("<[\r\n| | ]*script[\r\n| | ]*>(.*?)</[\r\n| | ]*script[\r\n| | ]*>", 2).matcher(str).find();
            if (find) {
                return find;
            }
            boolean find2 = Pattern.compile("src[\r\n| | ]*=[\r\n| | ]*[\\\"|\\'](.*?)[\\\"|\\']", 42).matcher(str).find();
            if (find2) {
                return find2;
            }
            boolean find3 = Pattern.compile("</[\r\n| | ]*script[\r\n| | ]*>", 2).matcher(str).find();
            if (find3) {
                return find3;
            }
            boolean find4 = Pattern.compile("<[\r\n| | ]*script(.*?)>", 42).matcher(str).find();
            if (find4) {
                return find4;
            }
            boolean find5 = Pattern.compile("eval\\((.*?)\\)", 42).matcher(str).find();
            if (find5) {
                return find5;
            }
            boolean find6 = Pattern.compile("e-xpression\\((.*?)\\)", 42).matcher(str).find();
            if (find6) {
                return find6;
            }
            boolean find7 = Pattern.compile("javascript[\r\n| | ]*:[\r\n| | ]*", 2).matcher(str).find();
            if (find7) {
                return find7;
            }
            boolean find8 = Pattern.compile("vbscript[\r\n| | ]*:[\r\n| | ]*", 2).matcher(str).find();
            if (find8) {
                return find8;
            }
            boolean find9 = Pattern.compile("onload(.*?)=", 42).matcher(str).find();
            if (find9) {
                return find9;
            }
            z = Pattern.compile("\\b(and|exec|insert|select|drop|grant|alter|delete|update|count|chr|mid|master|truncate|char|declare|or)\\b|(;|\\+|'|%)", 42).matcher(str).find();
            if (z) {
                return z;
            }
        }
        return z;
    }

    public final boolean checkParameter() {
        HashMap hashMap = new HashMap(this.parameterMap);
        Iterator it = hashMap.keySet().iterator();
        while (it.hasNext()) {
            Object obj = hashMap.get((String) it.next());
            if (obj instanceof String) {
                if (checkXssAndSql((String) obj)) {
                    return true;
                }
            } else if (obj instanceof String[]) {
                for (String str : (String[]) obj) {
                    if (checkXssAndSql(str)) {
                        return true;
                    }
                }
            } else {
                continue;
            }
        }
        return false;
    }

    public BufferedReader getReader() {
        return new BufferedReader(new InputStreamReader(getInputStream()));
    }

    public ServletInputStream getInputStream() {
        final ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(this.body);
        return new ServletInputStream() { // from class: com.zxkxc.cloud.extension.xss.CustomXssHttpServletRequestWrapper.1
            public int read() {
                return byteArrayInputStream.read();
            }

            public boolean isFinished() {
                return false;
            }

            public boolean isReady() {
                return false;
            }

            public void setReadListener(ReadListener readListener) {
            }
        };
    }
}
