package xyz.erupt.core.util;

import java.io.IOException;
import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import xyz.erupt.core.exception.EruptWebApiRuntimeException;

/* loaded from: input_file:xyz/erupt/core/util/SecurityUtil.class */
public class SecurityUtil {
    public static boolean xssInspect(String str) {
        if (!StringUtils.isNotBlank(str)) {
            return false;
        }
        if (Pattern.compile("<script>(.*?)</script>", 2).matcher(str).matches()) {
            return true;
        }
        Pattern compile = Pattern.compile("src[\r\n]*=[\r\n]*\\'(.*?)\\'", 42);
        return compile.matcher(str).matches() || compile.matcher(str).matches() || Pattern.compile("src[\r\n]*=[\r\n]*\\\"(.*?)\\\"", 42).matcher(str).matches() || Pattern.compile("</script>", 2).matcher(str).matches() || Pattern.compile("<script(.*?)>", 42).matcher(str).matches() || Pattern.compile("eval\\((.*?)\\)", 42).matcher(str).matches() || Pattern.compile("e\u00adxpression\\((.*?)\\)", 42).matcher(str).matches() || Pattern.compile("javascript:", 2).matcher(str).matches() || Pattern.compile("vbscript:", 2).matcher(str).matches() || Pattern.compile("onload(.*?)=", 42).matcher(str).matches() || Pattern.compile("onmouseover(.*?)=", 42).matcher(str).matches() || Pattern.compile("onfocus(.*?)=", 42).matcher(str).matches() || Pattern.compile("onerror(.*?)=", 42).matcher(str).matches();
    }

    public static boolean csrfInspect(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String header = httpServletRequest.getHeader("Origin");
        if (null == header || header.contains(httpServletRequest.getHeader("Host"))) {
            return false;
        }
        httpServletResponse.setCharacterEncoding("UTF-8");
        httpServletResponse.setContentType("text/plain; charset=utf-8");
        try {
            try {
                httpServletResponse.getWriter().append((CharSequence) "非法跨站请求!");
                throw new EruptWebApiRuntimeException("非法跨站请求!");
            } finally {
            }
        } catch (IOException e) {
            e.printStackTrace();
            return true;
        }
    }
}
