package com.ejie.r01f.util;

import com.ejie.r01f.log.R01FLog;
import com.ejie.r01f.xmlproperties.XMLProperties;
import java.io.IOException;
import java.net.URLDecoder;
import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:com/ejie/r01f/util/XSSSCanner.class */
public class XSSSCanner {
    private String _defaultXSSPattern = "<script|%3Cscript|&lt;script|javascript";
    private String _SPECIAL_CHARS = ".*%(([^A-Fa-f0-9]+|.{1}[^A-Fa-f0-9]+).*|.?$)";
    private String _XSSPattern;
    private boolean ACTIVATE;
    private boolean DEBUG;

    public XSSSCanner() {
        this._XSSPattern = null;
        this.ACTIVATE = false;
        this.DEBUG = true;
        try {
            this._XSSPattern = XMLProperties.get(R01FConstants.FRAMEWORK_APPCODE, "xssScanner/regexp");
        } catch (Exception e) {
            e.printStackTrace();
        }
        if (this._XSSPattern == null) {
            this._XSSPattern = this._defaultXSSPattern;
        }
        try {
            this.ACTIVATE = new Boolean(XMLProperties.get(R01FConstants.FRAMEWORK_APPCODE, "xssScanner/activate")).booleanValue();
        } catch (Exception e2) {
            e2.printStackTrace();
        }
        try {
            this.DEBUG = new Boolean(XMLProperties.get(R01FConstants.FRAMEWORK_APPCODE, "xssScanner/debug")).booleanValue();
        } catch (Exception e3) {
            e3.printStackTrace();
        }
    }

    public void scanRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        if (this.ACTIVATE) {
            String queryString = httpServletRequest.getQueryString();
            if (this.DEBUG) {
                R01FLog.to("r01f.xssScanner").info("Escaneando QUERYSTRING...");
            }
            if (queryString != null && (queryString.matches(this._SPECIAL_CHARS) || hasAnyXSS(URLDecoder.decode(queryString)))) {
                if (this.DEBUG) {
                    R01FLog.to("r01f.xssScanner").warning(new StringBuffer(">>>>>>>>>>>> ENCONTRADO PATRÓN xss en QUERYSTRING :").append(queryString).toString());
                }
                httpServletResponse.sendError(403, "[0] Forbidden");
                return;
            }
            for (String str : httpServletRequest.getParameterMap().keySet()) {
                String parameter = httpServletRequest.getParameter(str);
                if (this.DEBUG) {
                    R01FLog.to("r01f.xssScanner").info(new StringBuffer("Escaneando parámetro :").append(str).toString());
                }
                if (hasAnyXSS(parameter)) {
                    if (this.DEBUG) {
                        R01FLog.to("r01f.xssScanner").warning(new StringBuffer(">>>>>>>>>>>> ENCONTRADO PATRÓN xss en el Parámetro :").append(str).append("==>").append(parameter).toString());
                    }
                    httpServletResponse.sendError(403, "[1] Forbidden");
                } else if (this.DEBUG) {
                    R01FLog.to("r01f.xssScanner").info("..OK");
                }
            }
        }
    }

    public boolean hasAnyXSS(String str) {
        return Pattern.compile(this._XSSPattern).matcher(str.toLowerCase()).find();
    }

    public static void main(String[] strArr) {
        new XSSSCanner();
        System.out.println(new StringBuffer("REGEX: \"").append(".*%(([^A-Fa-f0-9]+|.{1}[^A-Fa-f0-9]+).*|.?$)").append("\"").toString());
        System.out.println(new StringBuffer(String.valueOf("<script>%")).append("<script>%".matches(".*%(([^A-Fa-f0-9]+|.{1}[^A-Fa-f0-9]+).*|.?$)") ? "" : " NO").append(" matches").toString());
        System.out.println(new StringBuffer(String.valueOf("<script>%1")).append("<script>%1".matches(".*%(([^A-Fa-f0-9]+|.{1}[^A-Fa-f0-9]+).*|.?$)") ? "" : " NO").append(" matches").toString());
        System.out.println(new StringBuffer(String.valueOf("<script>%F")).append("<script>%F".matches(".*%(([^A-Fa-f0-9]+|.{1}[^A-Fa-f0-9]+).*|.?$)") ? "" : " NO").append(" matches").toString());
        System.out.println(new StringBuffer(String.valueOf("<script>%G")).append("<script>%G".matches(".*%(([^A-Fa-f0-9]+|.{1}[^A-Fa-f0-9]+).*|.?$)") ? "" : " NO").append(" matches").toString());
        System.out.println(new StringBuffer(String.valueOf("<script>%1F")).append("<script>%1F".matches(".*%(([^A-Fa-f0-9]+|.{1}[^A-Fa-f0-9]+).*|.?$)") ? "" : " NO").append(" matches").toString());
        System.out.println(new StringBuffer(String.valueOf("<script>%1G")).append("<script>%1G".matches(".*%(([^A-Fa-f0-9]+|.{1}[^A-Fa-f0-9]+).*|.?$)") ? "" : " NO").append(" matches").toString());
        System.out.println(new StringBuffer(String.valueOf("<script>%FF")).append("<script>%FF".matches(".*%(([^A-Fa-f0-9]+|.{1}[^A-Fa-f0-9]+).*|.?$)") ? "" : " NO").append(" matches").toString());
        System.out.println(new StringBuffer(String.valueOf("<script>%G1")).append("<script>%G1".matches(".*%(([^A-Fa-f0-9]+|.{1}[^A-Fa-f0-9]+).*|.?$)") ? "" : " NO").append(" matches").toString());
        System.out.println(new StringBuffer(String.valueOf("%<script>")).append("%<script>".matches(".*%(([^A-Fa-f0-9]+|.{1}[^A-Fa-f0-9]+).*|.?$)") ? "" : " NO").append(" matches").toString());
        System.out.println(new StringBuffer(String.valueOf("%1<script>")).append("%1<script>".matches(".*%(([^A-Fa-f0-9]+|.{1}[^A-Fa-f0-9]+).*|.?$)") ? "" : " NO").append(" matches").toString());
        System.out.println(new StringBuffer(String.valueOf("%1F<script>")).append("%1F<script>".matches(".*%(([^A-Fa-f0-9]+|.{1}[^A-Fa-f0-9]+).*|.?$)") ? "" : " NO").append(" matches").toString());
        System.out.println(new StringBuffer(String.valueOf("%1G<script>")).append("%1G<script>".matches(".*%(([^A-Fa-f0-9]+|.{1}[^A-Fa-f0-9]+).*|.?$)") ? "" : " NO").append(" matches").toString());
        System.out.println(new StringBuffer(String.valueOf("%FF<script>")).append("%FF<script>".matches(".*%(([^A-Fa-f0-9]+|.{1}[^A-Fa-f0-9]+).*|.?$)") ? "" : " NO").append(" matches").toString());
        System.out.println(new StringBuffer(String.valueOf("%G1<script>")).append("%G1<script>".matches(".*%(([^A-Fa-f0-9]+|.{1}[^A-Fa-f0-9]+).*|.?$)") ? "" : " NO").append(" matches").toString());
    }
}
