package com.usthe.sureness.security;

import java.util.regex.Pattern;

/* loaded from: input_file:BOOT-INF/lib/sureness-core-1.0.8.jar:com/usthe/sureness/security/XssSqlUtil.class */
public class XssSqlUtil {
    private static final String STR_SCRIPT1 = "<script>(.*?)</script>";
    private static final Pattern SCRIPT1_PATTERN = Pattern.compile(STR_SCRIPT1, 2);
    private static final String STR_SCRIPT2 = "</script>";
    private static final Pattern SCRIPT2_PATTERN = Pattern.compile(STR_SCRIPT2, 2);
    private static final String STR_SCRIPT3 = "<script(.*?)>";
    private static final Pattern SCRIPT3_PATTERN = Pattern.compile(STR_SCRIPT3, 42);
    private static final String STR_EVAL = "eval\\((.*?)\\)";
    private static final Pattern STR_EVAL_PATTERN = Pattern.compile(STR_EVAL, 42);
    private static final String STR_EXP = "expression\\((.*?)\\)";
    private static final Pattern STR_EXP_PATTERN = Pattern.compile(STR_EXP, 42);
    private static final String STR_JS = "javascript:";
    private static final Pattern STR_JS_PATTERN = Pattern.compile(STR_JS, 2);
    private static final String STR_VB = "vbscript:";
    private static final Pattern STR_VB_PATTERN = Pattern.compile(STR_VB, 2);
    private static final String STR_ON = "onload(.*?)=";
    private static final Pattern STR_ON_PATTERN = Pattern.compile(STR_ON, 42);
    private static final String SQL = "('.+--)|(%7C)";
    private static final Pattern SQL_PATTERN = Pattern.compile(SQL);

    public static String stripXss(String str) {
        String str2 = null;
        if (null != str) {
            str2 = STR_ON_PATTERN.matcher(STR_VB_PATTERN.matcher(STR_JS_PATTERN.matcher(STR_EXP_PATTERN.matcher(STR_EVAL_PATTERN.matcher(SCRIPT3_PATTERN.matcher(SCRIPT2_PATTERN.matcher(SCRIPT1_PATTERN.matcher(str.replaceAll("", "")).replaceAll("")).replaceAll("")).replaceAll("")).replaceAll("")).replaceAll("")).replaceAll("")).replaceAll("")).replaceAll("");
        }
        return str2;
    }

    public static String stripSqlInjection(String str) {
        if (null == str) {
            return null;
        }
        return SQL_PATTERN.matcher(str).replaceAll("");
    }

    public static String stripSqlXss(String str) {
        return stripXss(stripSqlInjection(str));
    }
}
