package com.seeyon.ctp.util;

import com.seeyon.ctp.tenant.config.deal.TenantConfigConsts;
import java.util.regex.Pattern;
import org.jsoup.Jsoup;
import org.jsoup.nodes.Document;
import org.jsoup.safety.Whitelist;

/* loaded from: input_file:com/seeyon/ctp/util/InjectionFilter.class */
public final class InjectionFilter {
    private static final String EMPTY_STRING = "";
    static Pattern[] XSS_PATTERNS;
    static Pattern SQL_PATTERN = Pattern.compile("\\b(sleep|and|exec|insert|select|drop|grant|alter|delete|update|count|chr|mid|master|truncate|char|declare|or|rename|desc)\\b|(\\*|;|\\+|'|%)", 10);
    private static final Whitelist WHITELIST = Whitelist.relaxed();
    private static final Document.OutputSettings OUTPUT_SETTINGS = new Document.OutputSettings().prettyPrint(false);

    public static String sqlRise(String str) {
        if (str == null) {
            return null;
        }
        if (SQL_PATTERN.matcher(str).find()) {
            throw new IllegalArgumentException("Detect SQL key world in string: " + str);
        }
        return str;
    }

    public static String xss(String str) {
        if (str != null) {
            String replaceAll = str.replaceAll("", "").replaceAll("��", "");
            for (Pattern pattern : XSS_PATTERNS) {
                replaceAll = pattern.matcher(replaceAll).replaceAll("");
            }
            str = Jsoup.clean(replaceAll, "", WHITELIST, OUTPUT_SETTINGS).replaceAll("<", "&lt;").replaceAll(">", "&gt;");
        }
        return str;
    }

    public static String filter(String str) {
        return sql(xss(str));
    }

    public static String sql(String str) {
        return sql(str, "");
    }

    public static String sql(String str, String str2) {
        if (str == null) {
            return null;
        }
        return SQL_PATTERN.matcher(str).replaceAll(str2);
    }

    public boolean contains(String str) {
        if (str == null) {
            return false;
        }
        return SQL_PATTERN.matcher(str.toLowerCase()).find();
    }

    public static void main(String[] strArr) {
        System.out.println(sql(" bUPDATE a"));
        System.out.println(xss(";<><script>"));
        System.out.println(xss("<expression>"));
        System.out.println(xss("<embed1>"));
        System.out.println(xss("eval(aaa)"));
        System.out.println(xss("alert(aaa)"));
    }

    static {
        WHITELIST.addTags(new String[]{"embed", "object", TenantConfigConsts.SYSPARAM_PARAM, "span", "div", "img"});
        WHITELIST.addAttributes(":all", new String[]{"style", "class", "id", "name"});
        WHITELIST.addAttributes("object", new String[]{"width", "height", "classid", "codebase"});
        WHITELIST.addAttributes(TenantConfigConsts.SYSPARAM_PARAM, new String[]{"name", "value"});
        WHITELIST.addAttributes("embed", new String[]{"src", "quality", "width", "height", "allowFullScreen", "allowScriptAccess", "flashvars", "name", "type", "pluginspage"});
        XSS_PATTERNS = new Pattern[]{Pattern.compile("<script>(.*?)</script>", 2), Pattern.compile("src[\r\n]*=[\r\n]*\\\"(.*?)\\\"", 42), Pattern.compile("</script>", 2), Pattern.compile("<script(.*?)>", 42), Pattern.compile("eval\\((.*?)\\)|alert\\((.*?)\\)|prompt\\((.*?)\\)|msgbox\\((.*?)\\)", 42), Pattern.compile("expression\\((.*?)\\)", 42), Pattern.compile("javascript:", 2), Pattern.compile("vbscript:", 2), Pattern.compile("onload(.*?)=", 42), Pattern.compile("on.*(.*?)=", 42)};
    }
}
