package com.synametrics.sradef.servlet.helper;

import com.synametrics.commons.util.logging.LoggingFW;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;

/* loaded from: input_file:com/synametrics/sradef/servlet/helper/FilteredHttpRequest.class */
public class FilteredHttpRequest extends HttpServletRequestWrapper {
    public FilteredHttpRequest(HttpServletRequest httpServletRequest) {
        super(httpServletRequest);
    }

    @Override // javax.servlet.ServletRequestWrapper, javax.servlet.ServletRequest
    public String getParameter(String str) {
        String parameter = super.getParameter(str);
        return noNeedToModify(str) ? parameter : sanitize(parameter);
    }

    @Override // javax.servlet.ServletRequestWrapper, javax.servlet.ServletRequest
    public String[] getParameterValues(String str) {
        String[] parameterValues = super.getParameterValues(str);
        if (noNeedToModify(str)) {
            return parameterValues;
        }
        for (int i2 = 0; i2 < parameterValues.length; i2++) {
            parameterValues[i2] = sanitize(parameterValues[i2]);
        }
        return parameterValues;
    }

    private boolean noNeedToModify(String str) {
        return str.equalsIgnoreCase("pwd") || str.equalsIgnoreCase("password") || str.equalsIgnoreCase("existingPwd") || str.equalsIgnoreCase("newPwd") || str.equalsIgnoreCase("newPwd2") || str.equalsIgnoreCase("extPwd") || str.equalsIgnoreCase("newPwd") || str.equalsIgnoreCase("newPwdC") || str.equalsIgnoreCase("dbPWD") || str.equalsIgnoreCase("encpass") || str.equalsIgnoreCase("adminPassword") || str.equalsIgnoreCase("smtpPassword") || str.equalsIgnoreCase("password1") || str.equalsIgnoreCase("password2") || str.equalsIgnoreCase("pwd1") || str.equalsIgnoreCase("pwd2");
    }

    public boolean sanitationRequired(String str) {
        return (str == null || str.indexOf(60) == -1) ? false : true;
    }

    public String sanitize(String str) {
        if (str == null) {
            return null;
        }
        if (!sanitationRequired(str)) {
            return str;
        }
        StringBuffer stringBuffer = new StringBuffer(str.length() + 20);
        char[] charArray = str.toCharArray();
        for (int i2 = 0; i2 < charArray.length; i2++) {
            switch (charArray[i2]) {
                case '<':
                    stringBuffer.append("&lt;");
                    break;
                case '=':
                default:
                    stringBuffer.append(charArray[i2]);
                    break;
                case '>':
                    stringBuffer.append("&gt;");
                    break;
            }
        }
        LoggingFW.log(30000, this, "HTML tags have been encoded to prevent XSS attack. Original: " + str + ", Modified: " + stringBuffer.toString());
        return stringBuffer.toString();
    }
}
