package com.bcxin.ins.filter;

import com.bcxin.ins.models.ueditor.Constants;
import com.bcxin.ins.utils.html.EscapeUtil;
import java.io.IOException;
import java.util.Enumeration;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:com/bcxin/ins/filter/AntiSqlInjectionFilter.class */
public class AntiSqlInjectionFilter implements Filter {
    public void destroy() {
    }

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        String replace = httpServletRequest.getServletPath().replace("/", Constants.CONTEXT_PATH);
        if (StringUtils.isNotEmpty(replace) && replace.contains("apithrcheckLogin")) {
            httpServletResponse.setHeader("Access-Control-Allow-Origin", "*");
        }
        Enumeration parameterNames = httpServletRequest.getParameterNames();
        String str = Constants.CONTEXT_PATH;
        while (parameterNames.hasMoreElements()) {
            for (String str2 : httpServletRequest.getParameterValues(parameterNames.nextElement().toString())) {
                str = str + str2;
            }
        }
        if (!sqlValidate(str)) {
            filterChain.doFilter(servletRequest, servletResponse);
        } else {
            httpServletResponse.sendRedirect(httpServletRequest.getHeader("Origin") + "/admin/error/10011");
        }
    }

    protected static boolean sqlValidate(String str) {
        String lowerCase = str.toLowerCase();
        boolean html2Text = html2Text(lowerCase);
        if (!html2Text) {
            html2Text = sql2Text(lowerCase);
        }
        return html2Text;
    }

    public static boolean sql2Text(String str) {
        String replaceAll = str.replaceAll(" ", Constants.CONTEXT_PATH);
        String[] split = replaceAll.split("@");
        if (split.length > 3) {
            String str2 = "@" + split[1].substring(0, 1);
        }
        return replaceAll.contains("cast(") || replaceAll.contains("exec(@") || replaceAll.contains("%20as%20") || replaceAll.contains("declare%20") || replaceAll.contains("%20varchar(") || replaceAll.contains("set%20");
    }

    public static boolean html2Text(String str) {
        try {
            String trim = EscapeUtil.clean(str).trim();
            if (StringUtils.isNotEmpty(str)) {
                return !str.equals(trim);
            }
            return false;
        } catch (Exception e) {
            System.err.println("Html2Text: " + e.getMessage());
            return false;
        }
    }

    public static void main(String[] strArr) {
        html2Text("<script>alert(1)</script>".toLowerCase());
    }
}
