package com.aurel.track.struts2.interceptor;

import com.aurel.track.GeneralSettings;
import com.aurel.track.security.XssCleaner;
import com.opensymphony.xwork2.interceptor.ParametersInterceptor;
import com.opensymphony.xwork2.util.ValueStack;
import java.util.Map;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.jsoup.safety.Whitelist;

/* loaded from: input_file:lib/tp-core-5.6.0.jar:com/aurel/track/struts2/interceptor/TrackXssInterceptor.class */
public class TrackXssInterceptor extends ParametersInterceptor {
    private static final long serialVersionUID = 340;
    private static final Logger LOGGER = LogManager.getLogger((Class<?>) TrackXssInterceptor.class);

    protected void setParameters(Object obj, ValueStack valueStack, Map<String, Object> map) {
        boolean isXSSParameterCleaning = GeneralSettings.isXSSParameterCleaning();
        LOGGER.debug("The xss parameter cleaning is enabled: " + isXSSParameterCleaning);
        if (isXSSParameterCleaning && map != null) {
            try {
                cleanReqParamValues(map, Whitelist.relaxed());
            } catch (Exception e) {
                LOGGER.error("The system failed to clean request param values against xss!");
                LOGGER.error(e);
            }
        }
        super.setParameters(obj, valueStack, map);
    }

    private void cleanReqParamValues(Map<String, Object> map, Whitelist whitelist) {
        if (map == null || map.isEmpty()) {
            return;
        }
        for (Map.Entry<String, Object> entry : map.entrySet()) {
            Object value = entry.getValue();
            if (value == null || !(value instanceof String[])) {
                LOGGER.debug("Request param values is not String[], the system can't clean it! Param name: " + entry.getKey());
            } else {
                String[] strArr = (String[]) entry.getValue();
                if (strArr != null && strArr.length > 0) {
                    for (int i = 0; i < strArr.length; i++) {
                        String str = strArr[i];
                        LOGGER.debug("The system escapes the passed not valid HTML parameter!");
                        strArr[i] = XssCleaner.getInstance().cleanNonHtml(str);
                    }
                }
            }
        }
    }
}
