package org.appng.core.controller.filter;

import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import org.appng.api.Platform;
import org.appng.api.RequestUtil;
import org.appng.api.Scope;
import org.appng.api.SiteProperties;
import org.appng.api.model.Properties;
import org.appng.api.model.Site;
import org.appng.api.support.XSSHelper;
import org.appng.api.support.environment.DefaultEnvironment;
import org.appng.forms.XSSUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/appng-core-1.24.0-SNAPSHOT.jar:org/appng/core/controller/filter/XSSFilter.class */
public class XSSFilter implements Filter {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) XSSFilter.class);
    private XSSUtil xssUtil;

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        Site site = RequestUtil.getSite(DefaultEnvironment.get(servletRequest.getServletContext()), servletRequest);
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        boolean z = (null == site || null == this.xssUtil) ? false : true;
        if (z) {
            if (this.xssUtil.doProcess(httpServletRequest, site.getProperties().getClob(SiteProperties.XSS_EXCEPTIONS).split("\n"))) {
                httpServletRequest = new HttpServletRequestWrapper((HttpServletRequest) servletRequest) { // from class: org.appng.core.controller.filter.XSSFilter.1
                    public String getParameter(String str) {
                        return XSSFilter.this.xssUtil.stripXss(super.getParameter(str));
                    }

                    public String[] getParameterValues(String str) {
                        return XSSFilter.this.xssUtil.stripXss(super.getParameterValues(str));
                    }
                };
                if (LOGGER.isDebugEnabled()) {
                    LOGGER.debug("XSS protection enabled for {} {}", httpServletRequest.getMethod(), httpServletRequest.getServletPath());
                }
            }
        }
        filterChain.doFilter(httpServletRequest, servletResponse);
        if (z) {
            this.xssUtil.setProcessed(httpServletRequest, z);
        }
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        Properties properties = (Properties) DefaultEnvironment.get(filterConfig.getServletContext()).getAttribute(Scope.PLATFORM, Platform.Environment.PLATFORM_CONFIG);
        if (properties.getBoolean(Platform.Property.XSS_PROTECT).booleanValue()) {
            this.xssUtil = XSSHelper.getXssUtil(properties, new String[0]);
        }
    }

    public void destroy() {
    }
}
