package com.jxdinfo.hussar.common.firewall.xss;

import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;

/* loaded from: input_file:com/jxdinfo/hussar/common/firewall/xss/XssHttpServletRequestWrapper.class */
public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {
    private String xssLevel;
    private static final Pattern XSSPATTERN = Pattern.compile(".*([\\\\s%09]*(j|&\\#[0]{0,4}106|&\\#x[0]{0,4}6a)[\\\\s%09]*(a|&\\#[0]{0,4}97|&\\#x[0]{0,4}61)[\\\\s%09]*(v|&\\#[0]{0,4}118|&\\#x[0]{0,4}76)[\\\\s%09]*(a|&\\#[0]{0,4}97|&\\#x[0]{0,4}61)[\\\\s%09]*(s|&\\#[0]{0,4}115|&\\#x[0]{0,4}73)[\\\\s%09]*(c|&\\#[0]{0,4}99|&\\#x[0]{0,4}63)[\\\\s%09]*(r|&\\#[0]{0,4}114|&\\#x[0]{0,4}72)[\\\\s%09]*(i|&\\#[0]{0,4}105|&\\#x[0]{0,4}69)[\\\\s%09]*(p|&\\#[0]{0,4}112|&\\#x[0]{0,4}70)[\\\\s%09]*(t|&\\#[0]{0,4}116|&\\#x[0]{0,4}74)[\\\\s%09]*(\\:|%3A|&\\#[0]{0,4}58|&\\#x[0]{0,4}3a)*[\\\\s%09]*|[\\\\s%09]*(a|&\\#[0]{0,4}97|&\\#x[0]{0,4}61)[\\\\s%09]*(l|&\\#[0]{0,4}108|&\\#x[0]{0,4}6c)[\\\\s%09]*(e|&\\#[0]{0,4}101|&\\#x[0]{0,4}65)[\\\\s%09]*(r|&\\#[0]{0,4}114|&\\#x[0]{0,4}72)[\\\\s%09]*(t|&\\#[0]{0,4}116|&\\#x[0]{0,4}74)|(%27|\\\\'|&\\#[0]{0,4}39)|/(<|%3c|&lt|&\\#[0]{0,4}60)|--|[\\\\s+]and[\\\\s+]|/[\\\\*].*[\\\\*]/and[\\\\s+]|/[\\\\*].*[\\\\*]/and/[\\\\*].*[\\\\*]/|[\\\\s+]and/[\\\\*].*[\\\\*]/(<|%3c|&lt|&\\#[0]{0,4}60)|[\\\\s+]or[\\\\s+]|/[\\\\*].*[\\\\*]/or[\\\\s+]|/[\\\\*].*[\\\\*]/or/[\\\\*].*[\\\\*]/|[\\\\s+]or/[\\\\*].*[\\\\*]/|[\\:%3A](<|%3c|&lt|&\\#[0]{0,4}60)[^\\:%3A]|[^\\:%3A](<|%3c|&lt|&\\#[0]{0,4}60)[\\:%3A]|[\\:%3A](>|%3e|&gt|&\\#[0]{0,4}62)[^\\:%3A]|[^\\:%3A](>|%3e|&gt|&\\#[0]{0,4}62)[\\:%3A]|^(<|%3c|&lt|&\\#[0]{0,4}60).*|^(>|%3e|&gt|&\\#[0]{0,4}62).*|(<|%3c|&lt|&\\#[0]{0,4}60)$|(>|%3e|&gt|&\\#[0]{0,4}62)$|[^\\:%3A](>|%3e|&gt|&\\#[0]{0,4}62)[^\\:%3A]|[^\\:%3A](<|%3c|&lt|&\\#[0]{0,4}60)[^\\:%3A]|(\"|%22|&#[0]{0,4}34)).*");
    private static final Pattern scriptPattern = Pattern.compile("<script>(.*?)</script>", 2);
    private static final Pattern srcScriptPattern = Pattern.compile("src[\r\n]*=[\r\n]*\\'(.*?)\\'", 42);
    private static final Pattern srcScriptPattern2 = Pattern.compile("src[\r\n]*=[\r\n]*\\\"(.*?)\\\"", 42);
    private static final Pattern singleScriptPattern = Pattern.compile("</script>", 2);
    private static final Pattern singleScriptPattern2 = Pattern.compile("<script(.*?)>", 42);
    private static final Pattern evalScriptPattern = Pattern.compile("eval\\((.*?)\\)", 42);
    private static final Pattern xpressionScriptPattern = Pattern.compile("e\u00adxpression\\((.*?)\\)", 42);
    private static final Pattern javascriptScriptPattern = Pattern.compile("javascript:", 2);
    private static final Pattern vbsScriptPattern = Pattern.compile("vbscript:", 2);
    private static final Pattern onloadScriptPattern = Pattern.compile("onload(.*?)=", 42);

    public XssHttpServletRequestWrapper(HttpServletRequest httpServletRequest, String str) {
        super(httpServletRequest);
        this.xssLevel = str;
    }

    public String[] getParameterValues(String str) {
        String[] parameterValues = super.getParameterValues(str);
        if (parameterValues == null) {
            return null;
        }
        int length = parameterValues.length;
        String[] strArr = new String[length];
        for (int i = 0; i < length; i++) {
            strArr[i] = cleanXSS(parameterValues[i], this.xssLevel);
        }
        return strArr;
    }

    public String getParameter(String str) {
        String parameter = super.getParameter(str);
        if (parameter == null) {
            return null;
        }
        return cleanXSS(parameter, this.xssLevel);
    }

    public String getHeader(String str) {
        String header = super.getHeader(str);
        if (header == null) {
            return null;
        }
        return cleanXSS(header, this.xssLevel);
    }

    private String cleanXSS(String str, String str2) {
        if (str != null) {
            str = "A".equals(str2) ? levelA(str) : "C".equals(str2) ? levelC(str) : levelB(str);
        }
        return str;
    }

    private String levelA(String str) {
        return str.replaceAll("<", "& lt;").replaceAll(">", "& gt;").replaceAll("\\(", "& #40;").replaceAll("\\)", "& #41;").replaceAll("'", "& #39;").replaceAll("eval\\((.*)\\)", "").replaceAll("[\\\"\\'][\\s]*javascript:(.*)[\\\"\\']", "\"\"").replaceAll("script", "");
    }

    private String levelB(String str) {
        return onloadScriptPattern.matcher(vbsScriptPattern.matcher(javascriptScriptPattern.matcher(xpressionScriptPattern.matcher(evalScriptPattern.matcher(singleScriptPattern2.matcher(singleScriptPattern.matcher(srcScriptPattern2.matcher(srcScriptPattern.matcher(scriptPattern.matcher(str).replaceAll("")).replaceAll("")).replaceAll("")).replaceAll("")).replaceAll("")).replaceAll("")).replaceAll("")).replaceAll("")).replaceAll("")).replaceAll("");
    }

    private String levelC(String str) {
        return XSSPATTERN.matcher(str).replaceAll("");
    }
}
