package jvc.web.filter;

import com.common.util.HttpUtils;
import java.io.File;
import java.io.IOException;
import java.util.Enumeration;
import java.util.List;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import jvc.util.AppUtils;
import jvc.util.FileUtils;
import jvc.util.LogUtils;
import jvc.util.RequestUtils;
import org.apache.commons.fileupload.FileItem;
import org.apache.commons.fileupload.disk.DiskFileItemFactory;
import org.apache.commons.fileupload.servlet.ServletFileUpload;

/* loaded from: classes2.dex */
public class SafeFilter implements Filter {
    private boolean checkParamInject(ServletRequest servletRequest) {
        Enumeration parameterNames = servletRequest.getParameterNames();
        while (parameterNames.hasMoreElements()) {
            String str = (String) parameterNames.nextElement();
            if (!str.equals("d")) {
                String[] parameterValues = servletRequest.getParameterValues(str);
                for (int i = 0; i < parameterValues.length; i++) {
                    if (checkSqlInject(parameterValues[i])) {
                        LogUtils.fatal(String.valueOf(RequestUtils.getIp(servletRequest)) + " not safe param  " + str + HttpUtils.EQUAL_SIGN + parameterValues[i]);
                        LogUtils.fatal("uri:" + ((HttpServletRequest) servletRequest).getRequestURI());
                        return false;
                    }
                    if (checkScriptInject(parameterValues[i])) {
                        LogUtils.fatal(String.valueOf(RequestUtils.getIp(servletRequest)) + " not safe param  " + str + HttpUtils.EQUAL_SIGN + parameterValues[i]);
                        LogUtils.fatal("uri:" + ((HttpServletRequest) servletRequest).getRequestURI());
                        return false;
                    }
                }
            }
        }
        return true;
    }

    private boolean checkScriptInject(String str) {
        for (String str2 : new String[]{"<script", "/etc/", "<iframe", "/passwd"}) {
            if (str.toLowerCase().indexOf(str2) != -1) {
                return true;
            }
        }
        return false;
    }

    private boolean checkSqlInject(String str) {
        if (str == null) {
            return false;
        }
        String lowerCase = str.toLowerCase();
        int i = 0;
        for (String str2 : new String[]{"show ", "union ", "union(", "alter ", "drop ", "='", "and(", "exec ", "insert ", "select", "sleep", " table ", "list ", "delete ", "update ", "count(", " * ", " chr(", " mid(", " master", "truncate ", " char", "declare ", "or ", "or(", "into ", "having ", "databases", "tables", "dump", "use", "where", "table_name", "information_schema"}) {
            if (lowerCase.indexOf(str2) != -1) {
                i++;
            }
            if (i > 2) {
                return true;
            }
        }
        return false;
    }

    private boolean checkUnSafeUpload(ServletRequest servletRequest) {
        String contentType = servletRequest.getContentType();
        if (contentType == null || !contentType.startsWith("multipart/form-data")) {
            return true;
        }
        DiskFileItemFactory diskFileItemFactory = new DiskFileItemFactory();
        diskFileItemFactory.setSizeThreshold(1048576);
        File file = new File(String.valueOf(AppUtils.AppPath) + "/uploadtemp/");
        if (!file.exists()) {
            file.mkdir();
        }
        diskFileItemFactory.setRepository(file);
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        try {
            List<FileItem> parseRequest = new ServletFileUpload(diskFileItemFactory).parseRequest(httpServletRequest);
            servletRequest.setAttribute("jvc.upload.items", parseRequest);
            for (FileItem fileItem : parseRequest) {
                if (!fileItem.isFormField()) {
                    String name = fileItem.getName();
                    if (name.toLowerCase().endsWith("jsp")) {
                        LogUtils.fatal(String.valueOf(RequestUtils.getIp(httpServletRequest)) + " upload file " + name);
                        LogUtils.fatal("uri:" + ((HttpServletRequest) servletRequest).getRequestURI());
                        return false;
                    }
                }
            }
            return true;
        } catch (Exception e) {
            e.printStackTrace();
            return false;
        }
    }

    public static void main(String[] strArr) {
        FileUtils.readFileText("/Users/rufujian/Downloads/1.txt").toLowerCase();
        String[] strArr2 = {"<script", "/etc/", "<iframe", "/passwd"};
        int i = 0;
        while (true) {
            if (i >= strArr2.length) {
                break;
            }
            if ("show union".toLowerCase().indexOf(strArr2[i]) != -1) {
                LogUtils.info("not safe param:" + strArr2[i]);
                break;
            }
            i++;
        }
        String[] strArr3 = {"show ", "union ", "union(", "alter ", "drop ", "='", "and(", "exec ", "insert ", "select ", "sleep", " table ", "list ", "delete ", "update ", "count(", " * ", " chr(", " mid(", " master", "truncate ", " char", "declare ", "or ", "or(", "into ", "having ", "databases", " tables", "dump", "use", "where", "table_name", "information_schema"};
        int i2 = 0;
        for (int i3 = 0; i3 < strArr3.length; i3++) {
            if ("show union".indexOf(strArr3[i3]) != -1) {
                LogUtils.info("not safe param:" + strArr3[i3]);
                i2++;
            }
            if (i2 > 1) {
                return;
            }
        }
    }

    public void destroy() {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        servletRequest.getParameter("abc");
        MyRequestWrapper myRequestWrapper = new MyRequestWrapper((HttpServletRequest) servletRequest);
        if (!checkParamInject(myRequestWrapper)) {
            servletResponse.getWriter().print("not safe param");
        } else if (checkUnSafeUpload(myRequestWrapper)) {
            filterChain.doFilter(myRequestWrapper, servletResponse);
        } else {
            servletResponse.getWriter().print("not safe upload");
        }
    }

    public void init(FilterConfig filterConfig) {
    }
}
