package com.shove.web.security;

import com.satd.yshfq.utils.ListUtils;
import com.shove.Convert;
import com.shove.io.File;
import com.shove.io.file.PropertyFile;
import com.shove.security.newton.SI;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.StringUtils;
import play.Logger;
import play.Play;
import play.data.parsing.DataParser;
import play.data.parsing.TextParser;
import play.mvc.Http;
import play.utils.Utils;

/* loaded from: classes.dex */
public class InjectionInterceptor {
    private static String[] refererArray = null;
    private Http.Request request;
    public static Boolean __SYS_SHOVE_FLAG_IsUsed_InjectionInterceptor = false;
    private static Boolean haveBeenRunning = false;
    private static List<String> validImgExtName = null;
    private static final String rule0 = "<[^>]+?style=[\\w]+?:expression\\(|[@][\\s\t\r\n]*import\\b|<[^>]*?\\b(alert|confirm|prompt|javascript|document|cookie|onerror|onmousemove|onload|onclick|onmouseover)\\b[^>]*?>|<[^>]*?(\\\\(u|x|ux)[0-9,a-f,A-F]+?|\\\\[0-9]+?|&#[0-9,a-f,A-F]+?)[^>]*?>|^\\+/v(8|9)|<[^>]*?=[^>]*?&#[^>]*?>|\\b(and|or)\\b.{1,6}?(=|>|<|\\bin\\b|\\blike\\b)|/\\*.+?\\*/|<\\s*script\\b|<\\s*iframe\\b|<\\s*frame\\b|<\\s*object\\b|<\\s*embed\\b|<\\s*input\\b|\\bEVAL\\s*\\(|\\bfunction\\b\\s*\\(|<\\s*a\\b|<\\s*img\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)|[']+?.*?(OR|AND|[-]{2,}|UPDATE|CREATE|ALTER|DROP|TRUNCATE|SELECT|DELETE|EXEC|INSERT)\\b|\\b(OR|AND|[-]{2,}|UPDATE|CREATE|ALTER|DROP|TRUNCATE|SELECT|DELETE|EXEC|INSERT)\\b.*?[']+?";
    private static Pattern pattern0 = Pattern.compile(rule0, 2);
    private static final String rule1 = "<[^>]+?style=[\\w]+?:expression\\(|[@][\\s\t\r\n]*import\\b|<[^>]*?\\b(alert|confirm|prompt|javascript|document|cookie|onerror|onmousemove|onload|onclick|onmouseover)\\b[^>]*?>|<[^>]*?(\\\\(u|x|ux)[0-9,a-f,A-F]+?|\\\\[0-9]+?|&#[0-9,a-f,A-F]+?)[^>]*?>|^\\+/v(8|9)|<[^>]*?=[^>]*?&#[^>]*?>|\\b(and|or)\\b.{1,6}?(=|>|<|\\bin\\b|\\blike\\b)|/\\*.+?\\*/|<\\s*script\\b|<\\s*iframe\\b|<\\s*frame\\b|<\\s*object\\b|<\\s*embed\\b|<\\s*input\\b|\\bEVAL\\s*\\(|\\bfunction\\b\\s*\\(|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)|[']+?.*?(OR|AND|[-]{2,}|UPDATE|CREATE|ALTER|DROP|TRUNCATE|SELECT|DELETE|EXEC|INSERT)\\b|\\b(OR|AND|[-]{2,}|UPDATE|CREATE|ALTER|DROP|TRUNCATE|SELECT|DELETE|EXEC|INSERT)\\b.*?[']+?";
    private static Pattern pattern1 = Pattern.compile(rule1, 2);
    private static final String imgRule = "<img\\b[^<>]*?\\bsrc[\\s\t\r\n]*=[\\s\t\r\n]*[\"']?[\\s\t\r\n]*([^\\s\t\r\n\"'<>]*)[^<>]*?/?[\\s\t\r\n]*[/]*>";
    private static Pattern patternImg = Pattern.compile(imgRule, 2);
    private Map<String, String[]> parameterMap = null;
    private Map<String, Http.Cookie> cookies = null;
    private String referer = null;
    private boolean isKeepStreamOpen = false;

    static {
        refererArray = null;
        PropertyFile propertyFile = null;
        try {
            propertyFile = new PropertyFile();
        } catch (Exception e) {
            System.err.println(e);
        }
        if (propertyFile != null) {
            String read = propertyFile.read("injectionInterceptor.referer.whitelist");
            if (StringUtils.isNotBlank(read)) {
                refererArray = read.split(ListUtils.DEFAULT_JOIN_SEPARATOR);
            }
        }
    }

    public InjectionInterceptor() {
        this.request = null;
        this.request = Http.Request.current();
        initialize();
    }

    private Boolean _checkData(Pattern pattern, String str, Boolean bool) {
        if (str == null || str.isEmpty()) {
            return false;
        }
        if (pattern.matcher(str).find()) {
            return true;
        }
        if (!bool.booleanValue()) {
            return false;
        }
        Matcher matcher = patternImg.matcher(str);
        while (matcher.find()) {
            if (!validImgExtName.contains(File.getExtensionName(matcher.group(1)).toLowerCase())) {
                return true;
            }
        }
        return false;
    }

    private void checkAndParse(InputStream inputStream) {
        Http.Request current = Http.Request.current();
        String str = current.contentType;
        if (str != null) {
            DataParser dataParser = (DataParser) DataParser.parsers.get(str);
            if (dataParser != null) {
                _mergeWith(dataParser.parse(inputStream));
            } else if (str.startsWith("text/")) {
                _mergeWith(new TextParser().parse(inputStream));
            }
        }
        try {
            current.body.close();
        } catch (Exception e) {
        }
    }

    private Boolean checkCookies(Pattern pattern, Boolean bool) {
        if (this.cookies == null || this.cookies.isEmpty()) {
            return false;
        }
        Iterator<String> it = this.cookies.keySet().iterator();
        while (it.hasNext()) {
            if (_checkData(pattern, this.cookies.get(it.next()).value, bool).booleanValue()) {
                return true;
            }
        }
        return false;
    }

    private Boolean checkReferer(Pattern pattern, Boolean bool) {
        if (this.referer == null || this.referer.isEmpty()) {
            return false;
        }
        if (refererArray != null) {
            for (String str : refererArray) {
                if (this.referer.startsWith(str)) {
                    return false;
                }
            }
        }
        return _checkData(pattern, this.referer, bool).booleanValue();
    }

    private Boolean checkRequest(Pattern pattern, Boolean bool) {
        if (this.parameterMap.isEmpty()) {
            return false;
        }
        Iterator<String> it = this.parameterMap.keySet().iterator();
        while (it.hasNext()) {
            for (String str : this.parameterMap.get(it.next())) {
                if (_checkData(pattern, str, bool).booleanValue()) {
                    return true;
                }
            }
        }
        return false;
    }

    private synchronized void initialize() {
        __SYS_SHOVE_FLAG_IsUsed_InjectionInterceptor = Boolean.valueOf(Convert.strToBoolean(Play.configuration.getProperty("injectionInterceptor", "true"), true));
        if (__SYS_SHOVE_FLAG_IsUsed_InjectionInterceptor.booleanValue() && !haveBeenRunning.booleanValue()) {
            haveBeenRunning = true;
            validImgExtName = new ArrayList();
            validImgExtName.add(".jpg");
            validImgExtName.add(".jpeg");
            validImgExtName.add(".png");
            validImgExtName.add(".bmp");
            validImgExtName.add(".gif");
            validImgExtName.add(".tif");
            validImgExtName.add(".tiff");
        }
    }

    private boolean intercept(Pattern pattern, Boolean bool) throws Exception {
        if (checkCookies(pattern, bool).booleanValue()) {
            writeResponse("Cookie");
            return true;
        }
        if (checkReferer(pattern, bool).booleanValue()) {
            writeResponse("Referer");
            return true;
        }
        if (!checkRequest(pattern, bool).booleanValue()) {
            return false;
        }
        writeResponse("POST、GET");
        return true;
    }

    private void writeResponse(String str) throws Exception {
        String str2 = "InjectionInterceptorError: 系统检测到您提交的数据中存在恶意的注入型攻击数据(或 img 标签的 src 文件类型不合法)，请检查 " + str + " 数据，如果是系统误报，请联系我们处理，谢谢。给您带来了不便，十分抱歉！【技术支持：深圳英迈思文化科技有限公司·EIMS 研究院·云计算实验室与晓风系列产品支撑中心】";
        Logger.warn("InjectionInterceptorError: " + str2 + "\r\n" + this.request.url, new Object[0]);
        throw new Exception(str2);
    }

    void _mergeWith(Map<String, String[]> map) {
        for (Map.Entry<String, String[]> entry : map.entrySet()) {
            Utils.Maps.mergeValueInMap(this.request.params.data, entry.getKey(), entry.getValue());
        }
    }

    public boolean getIsKeepStreamOpen() {
        return this.isKeepStreamOpen;
    }

    public void run() throws Exception {
        SI.go();
        if (__SYS_SHOVE_FLAG_IsUsed_InjectionInterceptor.booleanValue()) {
            if (this.isKeepStreamOpen) {
                InputStream inputStream = this.request.body;
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                try {
                    IOUtils.copy(inputStream, byteArrayOutputStream);
                    checkAndParse(new ByteArrayInputStream(byteArrayOutputStream.toByteArray()));
                    this.request.body = new ByteArrayInputStream(byteArrayOutputStream.toByteArray());
                    try {
                        byteArrayOutputStream.close();
                    } catch (Exception e) {
                    }
                } catch (IOException e2) {
                    try {
                        byteArrayOutputStream.close();
                    } catch (Exception e3) {
                    }
                } catch (Throwable th) {
                    try {
                        byteArrayOutputStream.close();
                    } catch (Exception e4) {
                    }
                    throw th;
                }
                this.parameterMap = this.request.params.data;
            } else {
                this.parameterMap = this.request.params.all();
            }
            this.cookies = this.request.cookies;
            this.referer = new StringBuilder().append(this.request.headers.get("referer")).toString();
            if (this.parameterMap.isEmpty() && this.cookies == null && this.referer == null) {
                return;
            }
            int strToInt = Convert.strToInt(Play.configuration.getProperty(this.request.controller, "0"), 0);
            if (strToInt == 0) {
                intercept(pattern0, false);
            } else if (strToInt == 1) {
                intercept(pattern1, true);
            }
        }
    }

    public void setIsKeepStreamOpen(boolean z) {
        this.isKeepStreamOpen = z;
    }
}
