package com.pay.common.util;

import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.log4j.Logger;

/* loaded from: classes.dex */
public class PreventAttackUtil {
    private static final Logger logger = Logger.getLogger(PreventAttackUtil.class);
    private static final String sqlInjectionRegex = "--|#|%|;|\\*|\\+|\\s+or\\s+|\\s+and\\s+|\\s+by\\s+|\\s+use\\s+|\\s+char\\s+|\\s+chr\\s+|\\s+column_name\\s+|\\s+count\\s+|\\s+create\\s+|\\s+declare\\s+|\\s+delete\\s+|\\s+drop\\s+|\\s+exec\\s+|\\s+execute\\s+|\\s+from\\s+|\\s+grant\\s+|\\s+group_concat\\s+|\\s+information_schema.columns\\s+|\\s+insert\\s+|\\s+like\\s+|\\s+master\\s+|\\s+mid\\s+|\\s+net user\\s+|\\s+order\\s+|\\s+select\\s+|\\s+sitename\\s+|\\s+table\\s+|\\s+table_schema\\s+|\\s+truncate\\s+|\\s+union\\s+|\\s+update\\s+|\\s+where\\s+|\\s+xp_cmdshell\\s+";

    public static String filterSQLInjection(String str) {
        if (str == null || "".equals(str)) {
            return str;
        }
        Matcher matcher = Pattern.compile(sqlInjectionRegex, 2).matcher(str);
        while (matcher.find()) {
            logger.info("remove sql injection keyword:" + matcher.group());
        }
        return matcher.replaceAll("");
    }

    public static String filterXSS(String str) {
        if (str == null || "".equals(str)) {
            return str;
        }
        return Pattern.compile("onload(.*?)=", 42).matcher(Pattern.compile("vbscript:", 2).matcher(Pattern.compile("javascript:", 2).matcher(Pattern.compile("expression\\((.*?)\\)", 42).matcher(Pattern.compile("eval\\((.*?)\\)", 42).matcher(Pattern.compile("<script(.*?)>", 42).matcher(Pattern.compile("</script>", 2).matcher(Pattern.compile("src[\r\n]*=[\r\n]*\\\"(.*?)\\\"", 42).matcher(Pattern.compile("src[\r\n]*=[\r\n]*\\'(.*?)\\'", 42).matcher(Pattern.compile("<script>(.*?)</script>", 2).matcher(str.replaceAll("\u0000", "")).replaceAll("")).replaceAll("")).replaceAll("")).replaceAll("")).replaceAll("")).replaceAll("")).replaceAll("")).replaceAll("")).replaceAll("")).replaceAll("").replaceAll("\\(", "&#40;").replaceAll("\\)", "&#41;").replaceAll("'", "&#39;").replaceAll("<", "&lt;").replaceAll(">", "&gt;");
    }
}
