package org.shoulder.web.filter.xss;

import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletRequestWrapper;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.util.HashMap;
import java.util.Map;
import java.util.regex.Pattern;
import org.shoulder.core.context.AppInfo;
import org.shoulder.core.util.StringUtils;

/* loaded from: input_file:org/shoulder/web/filter/xss/XssRequestWrapper.class */
public class XssRequestWrapper extends HttpServletRequestWrapper {
    private static final Pattern[] XSS_SCRIPT_PATTERNS = {Pattern.compile("<(no)?script>(.*?)</(no)?script>", 2), Pattern.compile("src[\\s]*=[\\s]*'(.*?)'", 42), Pattern.compile("src[\\s]*=[\\s]*\"(.*?)\"", 42), Pattern.compile("</script>", 2), Pattern.compile("<script(.*?)>", 42), Pattern.compile("eval\\((.*?)\\)", 42), Pattern.compile("expression\\((.*?)\\)", 42), Pattern.compile("(javascript:|vbscript:|view-source:)*", 2), Pattern.compile("onload(.*?)=", 42), Pattern.compile("<(\"[^\"]*\"|'[^']*'|[^'\">])*>", 42), Pattern.compile("(window\\.location|window\\.|\\.location|document\\.cookie|document\\.|alert\\(.*?\\)|window\\.open\\()*", 42), Pattern.compile("<+\\s*\\w*\\s*(oncontrolselect|oncopy|oncut|ondataavailable|ondatasetchanged|ondatasetcomplete|ondblclick|ondeactivate|ondrag|ondragend|ondragenter|ondragleave|ondragover|ondragstart|ondrop|onerror=|onerroupdate|onfilterchange|onfinish|onfocus|onfocusin|onfocusout|onhelp|onkeydown|onkeypress|onkeyup|onlayoutcomplete|onload|onlosecapture|onmousedown|onmouseenter|onmouseleave|onmousemove|onmousout|onmouseover|onmouseup|onmousewheel|onmove|onmoveend|onmovestart|onabort|onactivate|onafterprint|onafterupdate|onbefore|onbeforeactivate|onbeforecopy|onbeforecut|onbeforedeactivate|onbeforeeditocus|onbeforepaste|onbeforeprint|onbeforeunload|onbeforeupdate|onblur|onbounce|oncellchange|onchange|onclick|oncontextmenu|onpaste|onpropertychange|onreadystatuschange|onreset|onresize|onresizend|onresizestart|onrowenter|onrowexit|onrowsdelete|onrowsinserted|onscroll|onselect|onselectionchange|onselectstart|onstart|onstop|onsubmit|onunload)+\\s*=+", 42)};
    private static final Map<String, String> HTML_ESCAPE_CHARACTER_MAP = new HashMap();
    private static String charset;

    public XssRequestWrapper(HttpServletRequest httpServletRequest) {
        super(httpServletRequest);
        charset = super.getCharacterEncoding();
    }

    public String[] getParameterValues(String str) {
        String[] parameterValues = super.getParameterValues(str);
        if (parameterValues == null) {
            return null;
        }
        int length = parameterValues.length;
        String[] strArr = new String[length];
        for (int i = 0; i < length; i++) {
            strArr[i] = securityContext(parameterValues[i]);
        }
        return strArr;
    }

    public String getParameter(String str) {
        String parameter = super.getParameter(str);
        return StringUtils.isEmpty(parameter) ? parameter : securityContext(parameter);
    }

    public Object getAttribute(String str) {
        Object attribute = super.getAttribute(str);
        if (attribute instanceof String) {
            securityContext((String) attribute);
        }
        return attribute;
    }

    public String getQueryString() {
        return securityContext(super.getQueryString());
    }

    public Map<String, String[]> getParameterMap() {
        Map parameterMap = super.getParameterMap();
        HashMap hashMap = new HashMap();
        for (String str : parameterMap.keySet()) {
            String[] strArr = (String[]) parameterMap.get(str);
            if (strArr == null || strArr.length <= 0) {
                hashMap.put(str, strArr);
            } else {
                String[] strArr2 = new String[strArr.length];
                for (int i = 0; i < strArr.length; i++) {
                    strArr2[i] = securityContext(strArr[i]);
                }
                hashMap.put(str, strArr2);
            }
        }
        return hashMap;
    }

    private String securityContext(String str) {
        return stripXss(str);
    }

    private String stripXss(String str) {
        if (StringUtils.isEmpty(str)) {
            return str;
        }
        try {
            if (charset == null) {
                charset = AppInfo.charset().name();
            }
            str = URLDecoder.decode(str, charset);
            String replaceAll = str.replaceAll("��", "");
            for (Pattern pattern : XSS_SCRIPT_PATTERNS) {
                replaceAll = pattern.matcher(replaceAll).replaceAll("");
            }
            return filterHtmlEscape(replaceAll);
        } catch (UnsupportedEncodingException e) {
            return str;
        }
    }

    private String filterHtmlEscape(String str) {
        if (StringUtils.isEmpty(str)) {
            return str;
        }
        for (Map.Entry<String, String> entry : HTML_ESCAPE_CHARACTER_MAP.entrySet()) {
            str = str.replace(entry.getKey(), entry.getValue());
        }
        return str;
    }

    static {
        HTML_ESCAPE_CHARACTER_MAP.put("<", "&lt;");
        HTML_ESCAPE_CHARACTER_MAP.put(">", "&gt;");
        HTML_ESCAPE_CHARACTER_MAP.put("\\(", "&#x28;");
        HTML_ESCAPE_CHARACTER_MAP.put("\\)", "&#x29;");
        HTML_ESCAPE_CHARACTER_MAP.put("'", "&#x27;");
        HTML_ESCAPE_CHARACTER_MAP.put("\"", "&quot;");
        HTML_ESCAPE_CHARACTER_MAP.put("/", "&#x2f;");
    }
}
