package org.apache.jetspeed.engine.servlet;

import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.jetspeed.Jetspeed;
import org.apache.jetspeed.administration.PortalConfiguration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/jetspeed/engine/servlet/XXSUrlAttackFilter.class */
public class XXSUrlAttackFilter implements Filter {
    private static final Logger log = LoggerFactory.getLogger(XXSUrlAttackFilter.class);
    private PortalConfiguration portalConfiguration = null;
    private boolean xssRequestEnabled = true;
    private boolean xssPostEnabled = false;

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (this.portalConfiguration == null) {
            this.portalConfiguration = Jetspeed.getConfiguration();
            this.xssRequestEnabled = this.portalConfiguration.getBoolean("xss.filter.request", true);
            this.xssPostEnabled = this.portalConfiguration.getBoolean("xss.filter.post", false);
            if (this.xssPostEnabled) {
                XSSRequestWrapper.initPatterns(this.portalConfiguration.getStringArray("xss.filter.regexes"), this.portalConfiguration.getStringArray("xss.filter.flags"));
            }
        }
        if ((servletRequest instanceof HttpServletRequest) && this.xssRequestEnabled) {
            HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
            if (isInvalid(httpServletRequest.getQueryString())) {
                log.error("XSS attack query string found: " + httpServletRequest.getQueryString());
                ((HttpServletResponse) servletResponse).sendError(400);
            }
            if (isInvalid(httpServletRequest.getRequestURI())) {
                log.error("XSS attack URI found: " + httpServletRequest.getRequestURI());
                ((HttpServletResponse) servletResponse).sendError(400);
            }
        }
        if (this.xssPostEnabled) {
            filterChain.doFilter(new XSSRequestWrapper((HttpServletRequest) servletRequest), servletResponse);
        } else {
            filterChain.doFilter(servletRequest, servletResponse);
        }
    }

    private boolean isInvalid(String str) {
        return (str == null || (str.indexOf(60) == -1 && str.indexOf(62) == -1 && str.indexOf("%3C") == -1 && str.indexOf("%3c") == -1 && str.indexOf("%3E") == -1 && str.indexOf("%3e") == -1)) ? false : true;
    }

    public void destroy() {
    }
}
