package org.webdroid.catnip.valve;

import java.io.IOException;
import java.util.HashMap;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.catalina.util.ParameterMap;
import org.apache.catalina.valves.RequestFilterValve;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;

/* loaded from: input_file:org/webdroid/catnip/valve/BadInputValve.class */
public class BadInputValve extends RequestFilterValve {
    private static Log log = LogFactory.getLog(BadInputValve.class);
    protected static String info = "com.oreilly.tomcat.valve.BadInputValve/2.0";
    private static final String[] STRING_ARRAY = new String[0];
    protected boolean escapeQuotes = false;
    protected boolean escapeAngleBrackets = false;
    protected boolean escapeJavaScript = false;
    protected HashMap<String, String> quotesHashMap = new HashMap<>();
    protected HashMap<String, String> angleBracketsHashMap = new HashMap<>();
    protected HashMap<String, String> javaScriptHashMap = new HashMap<>();
    protected HashMap<String, String> parameterEscapes = new HashMap<>();

    public BadInputValve() {
        this.quotesHashMap.put("\"", "&quot;");
        this.quotesHashMap.put("'", "&#39;");
        this.quotesHashMap.put("`", "&#96;");
        this.angleBracketsHashMap.put("<", "&lt;");
        this.angleBracketsHashMap.put(">", "&gt;");
        this.javaScriptHashMap.put("document(.*)\\.(.*)cookie", "document&#46;&#99;ookie");
        this.javaScriptHashMap.put("eval(\\s*)\\(", "eval&#40;");
        this.javaScriptHashMap.put("setTimeout(\\s*)\\(", "setTimeout$1&#40;");
        this.javaScriptHashMap.put("setInterval(\\s*)\\(", "setInterval$1&#40;");
        this.javaScriptHashMap.put("execScript(\\s*)\\(", "exexScript$1&#40;");
        this.javaScriptHashMap.put("(?i)javascript(?-i):", "javascript&#58;");
        log.info("BadInputValve instantiated.");
    }

    public boolean getEscapeQuotes() {
        return this.escapeQuotes;
    }

    public void setEscapeQuotes(boolean z) {
        this.escapeQuotes = z;
        if (z) {
            this.parameterEscapes.putAll(this.quotesHashMap);
        }
    }

    public boolean getEscapeAngleBrackets() {
        return this.escapeAngleBrackets;
    }

    public void setEscapeAngleBrackets(boolean z) {
        this.escapeAngleBrackets = z;
        if (z) {
            this.parameterEscapes.putAll(this.angleBracketsHashMap);
        }
    }

    public boolean getEscapeJavaScript() {
        return this.escapeJavaScript;
    }

    public void setEscapeJavaScript(boolean z) {
        this.escapeJavaScript = z;
        if (z) {
            this.parameterEscapes.putAll(this.javaScriptHashMap);
        }
    }

    public String getInfo() {
        return info;
    }

    public void invoke(Request request, Response response) throws IOException, ServletException {
        if (!(request instanceof HttpServletRequest) || !(response instanceof HttpServletResponse)) {
            getNext().invoke(request, response);
        } else if (processAllowsAndDenies(request, response)) {
            filterParameters(request);
            getNext().invoke(request, response);
        }
    }

    public boolean processAllowsAndDenies(Request request, Response response) throws IOException, ServletException {
        for (String str : request.getParameterMap().keySet()) {
            String[] parameterValues = request.getParameterValues(str);
            if (!checkAllowsAndDenies(str, response)) {
                return false;
            }
            if (parameterValues != null) {
                for (String str2 : parameterValues) {
                    if (!checkAllowsAndDenies(str2, response)) {
                        return false;
                    }
                }
            }
        }
        return true;
    }

    public boolean checkAllowsAndDenies(String str, Response response) throws IOException, ServletException {
        if (this.denies.length == 0 && this.allows.length == 0) {
            return true;
        }
        for (int i = 0; i < this.denies.length; i++) {
            if (this.denies[i].matcher(str).find()) {
                HttpServletResponse response2 = response.getResponse();
                if (response2 instanceof HttpServletResponse) {
                    response2.sendError(403);
                    return false;
                }
            }
        }
        for (int i2 = 0; i2 < this.allows.length; i2++) {
            if (this.allows[i2].matcher(str).find()) {
                return true;
            }
        }
        if (this.denies.length > 0 && this.allows.length == 0) {
            return true;
        }
        HttpServletResponse response3 = response.getResponse();
        if (!(response3 instanceof HttpServletResponse)) {
            return false;
        }
        response3.sendError(403);
        return false;
    }

    public void filterParameters(Request request) {
        ParameterMap parameterMap = request.getParameterMap();
        parameterMap.setLocked(false);
        for (String str : this.parameterEscapes.keySet()) {
            Pattern compile = Pattern.compile(str);
            for (String str2 : (String[]) parameterMap.keySet().toArray(STRING_ARRAY)) {
                String[] parameterValues = request.getParameterValues(str2);
                Matcher matcher = compile.matcher(str2);
                if (matcher.find()) {
                    request.addParameter(matcher.replaceAll(this.parameterEscapes.get(str)), parameterValues);
                    parameterMap.remove(str2);
                    log.warn("Parameter name " + str2 + " matched pattern \"" + str + "\".  Remote addr: " + request.getRemoteAddr());
                }
                if (parameterValues != null) {
                    for (int i = 0; i < parameterValues.length; i++) {
                        String str3 = parameterValues[i];
                        Matcher matcher2 = compile.matcher(str3);
                        if (matcher2.find()) {
                            parameterValues[i] = matcher2.replaceAll(this.parameterEscapes.get(str));
                            log.warn("Parameter \"" + str2 + "\"'s value \"" + str3 + "\" matched pattern \"" + str + "\".  Remote addr: " + request.getRemoteAddr());
                        }
                    }
                }
            }
        }
        parameterMap.setLocked(true);
    }

    public String toString() {
        return "BadInputValve";
    }
}
