package cn.morethank.open.admin.common.inject;

import cn.morethank.open.admin.common.constant.GlobalConstant;
import com.alibaba.fastjson2.JSONObject;
import com.alibaba.fastjson2.JSONWriter;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.regex.Pattern;
import java.util.stream.Stream;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:cn/morethank/open/admin/common/inject/AntiInjectXssUtils.class */
public class AntiInjectXssUtils {
    private static final Logger log = LoggerFactory.getLogger(AntiInjectXssUtils.class);
    private static final Pattern[] scriptPatterns = {Pattern.compile("<script>(.*?)</script>", 2), Pattern.compile("src[\r\n]*=[\r\n]*\\'(.*?)\\'", 42), Pattern.compile("</script>", 2), Pattern.compile("<script(.*?)>", 42), Pattern.compile("eval\\((.*?)\\)", 42), Pattern.compile("expression\\((.*?)\\)", 42), Pattern.compile("javascript:", 2), Pattern.compile("vbscript:", 2), Pattern.compile("onload(.*?)=", 42), Pattern.compile("alert(.*?)=", 42)};
    private static String badSql = "\\b(and|or)\\b.{1,6}?(=|>|<|\\bin\\b|\\blike\\b)|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)|information_schema|table_schema";
    private static Pattern sqlPattern = Pattern.compile(badSql, 2);

    public static String xssGetClean(String str) throws UnsupportedEncodingException {
        if (str != null) {
            str = str.replaceAll("��|\n|\r", GlobalConstant.EMPTY);
            for (Pattern pattern : scriptPatterns) {
                str = pattern.matcher(str).replaceAll(GlobalConstant.EMPTY);
            }
        }
        return cleanGetSqlKeyWords(str);
    }

    public static String xssPostClean(String str) {
        if (str != null) {
            String replaceAll = str.replaceAll("��|\n|\r", GlobalConstant.EMPTY);
            for (Pattern pattern : scriptPatterns) {
                replaceAll = pattern.matcher(replaceAll).replaceAll(GlobalConstant.EMPTY);
            }
            str = replaceAll.replaceAll("<", "&lt;").replaceAll(">", "&gt;");
        }
        return cleanPostSqlKeyWords(str);
    }

    private static String cleanGetSqlKeyWords(String str) throws UnsupportedEncodingException {
        return (str == null || str.trim().length() == 0) ? str : ((Stream) Stream.of((Object[]) URLDecoder.decode(str, "UTF-8").toLowerCase().split("\\&")).map(str2 -> {
            return str2.substring(str2.indexOf("=") + 1);
        }).parallel()).anyMatch(str3 -> {
            if (!sqlPattern.matcher(str3).find()) {
                return false;
            }
            log.error(String.format("参数中包含不允许sql的关键词:%s", str3));
            return true;
        }) ? GlobalConstant.ADMIN_FORBIDDEN : str;
    }

    private static String cleanPostSqlKeyWords(String str) {
        JSONObject jSONObject = null;
        try {
            jSONObject = JSONObject.parseObject(str);
        } catch (Exception e) {
            log.error(e.getMessage(), e);
        }
        if (jSONObject == null) {
            return str;
        }
        HashMap hashMap = new HashMap();
        Iterator it = jSONObject.entrySet().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Map.Entry entry = (Map.Entry) it.next();
            Object value = entry.getValue();
            if (value != null) {
                String obj = value.toString();
                if (sqlPattern.matcher(obj.toLowerCase()).find()) {
                    log.error(String.format("%s参数中包含不允许sql的关键词:%s", ((String) entry.getKey()).toString(), obj));
                    hashMap.put(entry.getKey(), GlobalConstant.ADMIN_FORBIDDEN);
                    break;
                }
                hashMap.put(entry.getKey(), entry.getValue());
            }
        }
        return JSONObject.toJSONString(hashMap, new JSONWriter.Feature[0]);
    }
}
