package blackboard.platform.servlet;

import blackboard.platform.security.event.SecurityEvent;
import blackboard.platform.security.event.SecurityEventManager;
import blackboard.platform.security.event.codes.SecurityEventCode;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Enumeration;
import java.util.regex.Pattern;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;

/* loaded from: input_file:blackboard/platform/servlet/RequestClassParamFilter.class */
public class RequestClassParamFilter implements Filter {
    private static final String REGEX_DEFAULT = "(.*\\.|^|.*|\\[('|\"))(c|C)lass(\\.|('|\")]|\\[).*";
    Pattern pattern = null;

    /* loaded from: input_file:blackboard/platform/servlet/RequestClassParamFilter$ParamFilteredRequest.class */
    static class ParamFilteredRequest extends HttpServletRequestWrapper {
        private Pattern pattern;
        boolean hasFiltered;
        boolean foundMatch;

        public ParamFilteredRequest(ServletRequest servletRequest, Pattern pattern) {
            super((HttpServletRequest) servletRequest);
            this.hasFiltered = false;
            this.foundMatch = false;
            this.pattern = pattern;
        }

        public Enumeration<String> getParameterNames() {
            if (this.hasFiltered && !this.foundMatch) {
                return super.getParameterNames();
            }
            ArrayList<String> list = Collections.list(super.getParameterNames());
            ArrayList arrayList = new ArrayList();
            for (String str : list) {
                if (!this.pattern.matcher(str).matches()) {
                    arrayList.add(str);
                } else if (!this.hasFiltered) {
                    logAttackAttempt(str, super.getParameter(str));
                    this.foundMatch = true;
                }
            }
            this.hasFiltered = true;
            return Collections.enumeration(arrayList);
        }

        private void logAttackAttempt(String str, String str2) {
            if (str2 == null) {
                str2 = "";
            }
            SecurityEventManager iFactory = SecurityEventManager.Factory.getInstance();
            SecurityEvent securityEvent = new SecurityEvent(SecurityEventCode.InvalidInputDetected, "Invalid input detected and dropped.  May be an indicator of attempts to perform attacks against Struts vulnerability CVE-2014-0114.", SecurityEvent.ACTION_IGNORED);
            securityEvent.setRequestParameter(str, str2);
            iFactory.fireEvent(securityEvent);
        }
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        String initParameter = filterConfig.getInitParameter("excludeParams");
        if (initParameter == null) {
            initParameter = REGEX_DEFAULT;
        }
        this.pattern = Pattern.compile(initParameter);
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        filterChain.doFilter(new ParamFilteredRequest(servletRequest, this.pattern), servletResponse);
    }

    public void destroy() {
    }
}
