package com.drgou.xss;

import com.drgou.utils.AESUtil;
import com.drgou.utils.ConstantUtils;
import com.drgou.utils.JsonResult;
import com.drgou.utils.JsonUtils;
import java.io.BufferedReader;
import java.io.IOException;
import java.util.HashMap;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:com/drgou/xss/XssAndSqlFilter.class */
public class XssAndSqlFilter implements Filter {
    public void destroy() {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        String str = "GET";
        XssAndSqlHttpServletRequestWrapper xssAndSqlHttpServletRequestWrapper = null;
        if (servletRequest instanceof HttpServletRequest) {
            str = ((HttpServletRequest) servletRequest).getMethod();
            xssAndSqlHttpServletRequestWrapper = new XssAndSqlHttpServletRequestWrapper((HttpServletRequest) servletRequest);
        }
        if ("POST".equalsIgnoreCase(str)) {
            String bodyString = getBodyString(xssAndSqlHttpServletRequestWrapper.getReader());
            if (StringUtils.isNotBlank(bodyString) && XssAndSqlHttpServletRequestWrapper.checkXSSAndSql(bodyString)) {
                servletResponse.setCharacterEncoding(AESUtil.CHARSET_NAME);
                servletResponse.setContentType("application/json;charset=UTF-8");
                servletResponse.getWriter().write(JsonUtils.objectToJson(JsonResult.build(503, "参数错误", new HashMap())));
                return;
            }
        }
        if (!xssAndSqlHttpServletRequestWrapper.checkParameter()) {
            filterChain.doFilter(xssAndSqlHttpServletRequestWrapper, servletResponse);
            return;
        }
        servletResponse.setCharacterEncoding(AESUtil.CHARSET_NAME);
        servletResponse.setContentType("application/json;charset=UTF-8");
        servletResponse.getWriter().write(JsonUtils.objectToJson(JsonResult.build(503, "参数错误", new HashMap())));
    }

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public static String getBodyString(BufferedReader bufferedReader) {
        String str = ConstantUtils.RETURN_URL;
        while (true) {
            try {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    break;
                }
                str = str + readLine;
            } catch (IOException e) {
                System.out.println("IOException: " + e);
            }
        }
        bufferedReader.close();
        return str;
    }
}
