package top.tangyh.basic.xss.utils;

import cn.hutool.core.collection.CollectionUtil;
import cn.hutool.core.util.StrUtil;
import java.io.IOException;
import java.io.InputStream;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.regex.Pattern;
import org.owasp.validator.html.AntiSamy;
import org.owasp.validator.html.CleanResults;
import org.owasp.validator.html.Policy;
import org.owasp.validator.html.PolicyException;
import org.owasp.validator.html.ScanException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:top/tangyh/basic/xss/utils/XssUtils.class */
public class XssUtils {
    private static final String ANTISAMY_SLASHDOT_XML = "antisamy-slashdot-1.4.4.xml";
    private static Policy policy;
    private static Pattern script;
    private static final Logger log = LoggerFactory.getLogger(XssUtils.class);
    private static final Pattern SCRIPT_BETWEEN_PATTERN = Pattern.compile("<[\r\n| | ]*script[\r\n| | ]*>(.*?)</[\r\n| | ]*script[\r\n| | ]*>", 2);
    private static final Pattern SCRIPT_END_PATTERN = Pattern.compile("</[\r\n| | ]*script[\r\n| | ]*>", 2);
    private static final Pattern SCRIPT_START_PATTERN = Pattern.compile("<[\r\n| | ]*script(.*?)>", 42);
    private static final Pattern EVAL_PATTERN = Pattern.compile("eval\\((.*?)\\)", 42);
    private static final Pattern E_XPRESSION_PATTERN = Pattern.compile("e-xpression\\((.*?)\\)", 42);
    private static final Pattern MOCHA_PATTERN = Pattern.compile("mocha[\r\n| | ]*:[\r\n| | ]*", 42);
    private static final Pattern EXPRESSION_PATTERN = Pattern.compile("expression\\((.*?)\\)", 42);
    private static final Pattern URL_PATTERN = Pattern.compile("url\\((.*?)\\)", 42);
    private static final Pattern VBSCRIPT_PATTERN = Pattern.compile("vbscript[\r\n| | ]*:[\r\n| | ]*", 42);
    private static final Pattern JAVASCRIPT_PATTERN = Pattern.compile("javascript[\r\n| | ]*:[\r\n| | ]*", 2);
    private static final Pattern ONLOAD_PATTERN = Pattern.compile("onload(.*?)=", 42);
    private static final Pattern ONMOUSEOVER_PATTERN = Pattern.compile("onMouseOver=.*?//", 42);
    private static final Pattern ONMOUSEOVER_PATTERN_2 = Pattern.compile("onmouseover(.*)", 42);
    private static final Pattern ONMOUSEOVER_PATTERN_3 = Pattern.compile("onmouseover=.*?", 42);
    private static final Pattern ALERT_PATTERN = Pattern.compile("alert(.*)", 42);
    private static String REPLACE_STRING = "";

    public static String xssClean(String str, List<String> list) {
        AntiSamy antiSamy = new AntiSamy();
        try {
            log.debug("raw value before xssClean: " + str);
            if (isIgnoreParamValue(str, list)) {
                log.debug("ignore the xssClean,keep the raw paramValue: " + str);
                return str;
            }
            CleanResults scan = antiSamy.scan(str, policy);
            List errorMessages = scan.getErrorMessages();
            Logger logger = log;
            Objects.requireNonNull(logger);
            errorMessages.forEach(logger::debug);
            String replaceAll = stripXssAndSql(scan.getCleanHTML()).replaceAll("&quot;", "\"").replaceAll("&amp;", "&").replaceAll("&lt;", "<").replaceAll("&gt;", ">");
            log.debug("xss filter value after xssClean" + replaceAll);
            return replaceAll;
        } catch (PolicyException e) {
            log.error("antisamy convert failed  is [" + str + "]", e);
            return str;
        } catch (ScanException e2) {
            log.error("scan failed is [" + str + "]", e2);
            return str;
        }
    }

    public static String xssClean(String str, List<String> list, String str2) {
        return isIgnoreParamValue(str2, list) ? stripXssAndSql(str) : xssClean(str, list);
    }

    public static String stripXssAndSql(String str) {
        if (StrUtil.isBlank(str)) {
            return str;
        }
        return ALERT_PATTERN.matcher(ONMOUSEOVER_PATTERN_3.matcher(ONMOUSEOVER_PATTERN_2.matcher(ONMOUSEOVER_PATTERN.matcher(ONLOAD_PATTERN.matcher(JAVASCRIPT_PATTERN.matcher(VBSCRIPT_PATTERN.matcher(URL_PATTERN.matcher(EXPRESSION_PATTERN.matcher(MOCHA_PATTERN.matcher(E_XPRESSION_PATTERN.matcher(EVAL_PATTERN.matcher(SCRIPT_START_PATTERN.matcher(SCRIPT_END_PATTERN.matcher(SCRIPT_BETWEEN_PATTERN.matcher(str).replaceAll(REPLACE_STRING)).replaceAll(REPLACE_STRING)).replaceAll(REPLACE_STRING)).replaceAll(REPLACE_STRING)).replaceAll(REPLACE_STRING)).replaceAll(REPLACE_STRING)).replaceAll(REPLACE_STRING)).replaceAll(REPLACE_STRING)).replaceAll(REPLACE_STRING)).replaceAll(REPLACE_STRING)).replaceAll(REPLACE_STRING)).replaceAll(REPLACE_STRING)).replaceAll(REPLACE_STRING)).replaceAll(REPLACE_STRING)).replaceAll(REPLACE_STRING);
    }

    public static void main(String[] strArr) {
    }

    private static boolean isIgnoreParamValue(String str, List<String> list) {
        if (StrUtil.isBlank(str)) {
            return true;
        }
        if (CollectionUtil.isEmpty(list)) {
            return false;
        }
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            if (str.contains(it.next())) {
                return true;
            }
        }
        return false;
    }

    static {
        policy = null;
        script = null;
        script = Pattern.compile("<[\r\n| | ]*script[\r\n| | ]*>(.*?)</[\r\n| | ]*script[\r\n| | ]*>", 2);
        log.debug(" start read XSS config file [antisamy-slashdot-1.4.4.xml]");
        InputStream resourceAsStream = XssUtils.class.getClassLoader().getResourceAsStream(ANTISAMY_SLASHDOT_XML);
        try {
            try {
                policy = Policy.getInstance(resourceAsStream);
                log.debug("read XSS config file [antisamy-slashdot-1.4.4.xml] success");
                if (resourceAsStream != null) {
                    try {
                        resourceAsStream.close();
                    } catch (IOException e) {
                        log.error("close XSS config file [antisamy-slashdot-1.4.4.xml] fail , reason:", e);
                    }
                }
            } catch (PolicyException e2) {
                log.error("read XSS config file [antisamy-slashdot-1.4.4.xml] fail , reason:", e2);
                if (resourceAsStream != null) {
                    try {
                        resourceAsStream.close();
                    } catch (IOException e3) {
                        log.error("close XSS config file [antisamy-slashdot-1.4.4.xml] fail , reason:", e3);
                    }
                }
            }
        } catch (Throwable th) {
            if (resourceAsStream != null) {
                try {
                    resourceAsStream.close();
                } catch (IOException e4) {
                    log.error("close XSS config file [antisamy-slashdot-1.4.4.xml] fail , reason:", e4);
                }
            }
            throw th;
        }
    }
}
