package com.drgou.xss;

import com.drgou.exception.XssException;
import com.drgou.utils.ConstantUtils;
import com.drgou.utils.JsonResult;
import java.io.BufferedReader;
import java.io.IOException;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

/* loaded from: input_file:com/drgou/xss/XssInterceptor.class */
public class XssInterceptor extends HandlerInterceptorAdapter {
    private Logger logger = LoggerFactory.getLogger(HandlerInterceptorAdapter.class);

    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) throws Exception {
        String servletPath = httpServletRequest.getServletPath();
        Map parameterMap = httpServletRequest.getParameterMap();
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("url:" + servletPath);
        for (Map.Entry entry : parameterMap.entrySet()) {
            if (((String[]) entry.getValue())[0] != ConstantUtils.RETURN_URL) {
                stringBuffer.append("^");
                stringBuffer.append((String) entry.getKey());
            }
        }
        this.logger.info(stringBuffer.toString());
        String str = "GET";
        XssAndSqlHttpServletRequestWrapper xssAndSqlHttpServletRequestWrapper = null;
        if (httpServletRequest instanceof HttpServletRequest) {
            str = httpServletRequest.getMethod();
            xssAndSqlHttpServletRequestWrapper = new XssAndSqlHttpServletRequestWrapper(httpServletRequest);
        }
        if ("POST".equalsIgnoreCase(str)) {
            String bodyString = getBodyString(xssAndSqlHttpServletRequestWrapper.getReader());
            if (StringUtils.isNotBlank(bodyString) && XssAndSqlHttpServletRequestWrapper.checkXSSAndSql(bodyString)) {
                throw new XssException(JsonResult.STATUS_PARAM_ERROR, "疑似xss攻击");
            }
        }
        if (xssAndSqlHttpServletRequestWrapper.checkParameter()) {
            throw new XssException(JsonResult.STATUS_PARAM_ERROR, "疑似xss攻击");
        }
        return true;
    }

    public static String getBodyString(BufferedReader bufferedReader) {
        String str = ConstantUtils.RETURN_URL;
        while (true) {
            try {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    break;
                }
                str = str + readLine;
            } catch (IOException e) {
                System.out.println("IOException: " + e);
            }
        }
        bufferedReader.close();
        return str;
    }
}
