package com.huawei.hadoop.datasight;

import java.io.IOException;
import java.io.StringReader;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.util.ArrayList;
import java.util.List;
import java.util.Locale;
import java.util.regex.Pattern;
import org.apache.commons.configuration.tree.DefaultExpressionEngine;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:WEB-INF/lib/hadoop-common-2.7.2-mrs-1.6.0.jar:com/huawei/hadoop/datasight/XXSProcessor.class */
public final class XXSProcessor {
    private static final Log LOG = LogFactory.getLog(XXSProcessor.class.getName());
    private static final transient HtmlToJavaConverter PARSER = new HtmlToJavaConverter();
    private static List<String> htmlTagsList = new ArrayList(16);
    private static List<String> jsFunctionCalls = new ArrayList(16);
    private static final Pattern SIMPLECONTENT = Pattern.compile("[-A-Za-z0-9_@$\\s]*");

    private XXSProcessor() {
    }

    public static boolean isXSSpossible(String str) {
        boolean z = false;
        if (null != str) {
            try {
                String str2 = (String) decodeValue(str);
                if (!SIMPLECONTENT.matcher(str2).matches()) {
                    try {
                        StringReader stringReader = new StringReader(hexToAscii(str2.replaceAll("<", "&#60;").toLowerCase(Locale.getDefault())));
                        PARSER.parse(stringReader);
                        stringReader.close();
                        String replaceAll = PARSER.getText().replaceAll("(\\s)+", " ");
                        z = findForHtmlTag(replaceAll);
                        if (!z) {
                            z = findForAlert(replaceAll);
                        }
                        if (!z) {
                            z = replaceAll.contains("document.cookie");
                        }
                        if (!z) {
                            z = replaceAll.contains("javascript:alert");
                        }
                        if (!z) {
                            z = replaceAll.contains("valueof:alert");
                        }
                        if (!z) {
                            z = replaceAll.contains("tostring:alert");
                        }
                    } catch (IOException e) {
                        LOG.debug(e);
                    }
                }
            } catch (UnsupportedEncodingException e2) {
                LOG.error("Error decoding URL", e2);
                return true;
            }
        }
        return z;
    }

    private static boolean findForHtmlTag(String str) {
        boolean z = false;
        int size = htmlTagsList.size();
        for (int i = 0; i < size && !z; i++) {
            int indexOf = str.indexOf(htmlTagsList.get(i));
            if (indexOf != -1) {
                z = str.indexOf(62, indexOf) > indexOf;
            }
        }
        if (!z) {
            int size2 = jsFunctionCalls.size();
            int indexOf2 = str.indexOf(60);
            if (indexOf2 != -1) {
                for (int i2 = 0; i2 < size2 && !z; i2++) {
                    int indexOf3 = str.indexOf(jsFunctionCalls.get(i2), indexOf2);
                    if (indexOf3 > indexOf2) {
                        z = str.indexOf(62, indexOf3) > indexOf3;
                    }
                }
            }
        }
        return z;
    }

    private static String hexToAscii(String str) {
        String replaceAll = str.toLowerCase(Locale.getDefault()).replace("\\u00", "&#x").replaceAll("\\\\", "&#");
        for (int i = 65; i <= 90; i++) {
            replaceAll = replaceAll.replaceAll("x[0]*" + Integer.toHexString(i), String.valueOf(i));
        }
        for (int i2 = 97; i2 <= 122; i2++) {
            replaceAll = replaceAll.replaceAll("x[0]*" + Integer.toHexString(i2), String.valueOf(i2));
        }
        return replaceAll.replaceAll("x[0]*3c", "60").replaceAll("x[0]*3e", "62").replaceAll("x[0]*2f", "47").replaceAll("x[0]*5c", "92").replaceAll("x[0]*28", "40").replaceAll("x[0]*29", "41").replaceAll("x[0]*27", "39").replaceAll("x[0]*22", "34").replaceAll("x[0]*20", "32").replaceAll("x[0]*3a", "58").replaceAll("x[0]*3d", "61").replaceAll("x[0]*2e", "46").replaceAll("x[0]*3b", "59");
    }

    private static boolean findForAlert(String str) {
        int i = -1;
        int indexOf = str.indexOf("alert(");
        if (indexOf != -1) {
            i = str.indexOf(41, indexOf);
        }
        boolean z = i > indexOf;
        if (!z) {
            int indexOf2 = str.indexOf("confirm(");
            if (indexOf2 != -1) {
                i = str.indexOf(41, indexOf2);
            }
            z = i > indexOf2;
        }
        if (!z) {
            int indexOf3 = str.indexOf("prompt(");
            if (indexOf3 != -1) {
                i = str.indexOf(41, indexOf3);
            }
            z = i > indexOf3;
        }
        if (!z) {
            int indexOf4 = str.indexOf("eval(");
            if (indexOf4 != -1) {
                i = str.indexOf(41, indexOf4);
            }
            z = i > indexOf4;
        }
        return z;
    }

    private static Object decodeValue(Object obj) throws UnsupportedEncodingException {
        try {
            return URLDecoder.decode((String) obj, "UTF-8");
        } catch (IllegalArgumentException e) {
            LOG.error("Error decoding URL", e);
            throw e;
        }
    }

    static {
        htmlTagsList.add("<script");
        htmlTagsList.add("</script");
        htmlTagsList.add("<a ");
        htmlTagsList.add("<b ");
        htmlTagsList.add("<frame ");
        htmlTagsList.add("<iframe ");
        htmlTagsList.add("<input ");
        htmlTagsList.add("<img ");
        htmlTagsList.add("<textarea ");
        htmlTagsList.add("<link ");
        htmlTagsList.add("<input ");
        htmlTagsList.add("<table ");
        htmlTagsList.add("<div ");
        htmlTagsList.add("<xml ");
        htmlTagsList.add("<object ");
        htmlTagsList.add("<style ");
        htmlTagsList.add("<body ");
        htmlTagsList.add("<bgsound ");
        htmlTagsList.add("<meta ");
        jsFunctionCalls.add(" onmouseover");
        jsFunctionCalls.add(" onbegin");
        jsFunctionCalls.add(" onblur");
        jsFunctionCalls.add(" onfocus");
        jsFunctionCalls.add(" onselect");
        jsFunctionCalls.add(" onchange");
        jsFunctionCalls.add(" onkeypress");
        jsFunctionCalls.add(" onkeydown");
        jsFunctionCalls.add(" onkeyup");
        jsFunctionCalls.add(" onload");
        jsFunctionCalls.add(" onunload");
        jsFunctionCalls.add(" onsubmit");
        jsFunctionCalls.add(" onreset");
        jsFunctionCalls.add(" onmouseover");
        jsFunctionCalls.add(" onclick");
        jsFunctionCalls.add(" onmousout");
        jsFunctionCalls.add(" src");
        jsFunctionCalls.add(" dynsrc");
        jsFunctionCalls.add(" style");
        jsFunctionCalls.add(" type");
        jsFunctionCalls.add(DefaultExpressionEngine.DEFAULT_INDEX_START);
        jsFunctionCalls.add(DefaultExpressionEngine.DEFAULT_INDEX_END);
    }
}
