package com.nhncorp.lucy.security.xss.listener;

import com.nhncorp.lucy.security.xss.event.ElementListener;
import com.nhncorp.lucy.security.xss.markup.Attribute;
import com.nhncorp.lucy.security.xss.markup.Element;
import java.util.List;
import java.util.regex.Pattern;

/* loaded from: input_file:com/nhncorp/lucy/security/xss/listener/ObjectSecurityListener.class */
public class ObjectSecurityListener implements ElementListener {
    ContentTypeCacheRepo contentTypeCacheRepo = new ContentTypeCacheRepo();
    private static final Pattern INVOKEURLS = Pattern.compile("['\"]?\\s*(?i:invokeURLs)\\s*['\"]?");
    private static final Pattern AUTOSTART = Pattern.compile("['\"]?\\s*(?i:autostart)\\s*['\"]?");
    private static final Pattern ALLOWSCRIPTACCESS = Pattern.compile("['\"]?\\s*(?i:allowScriptAccess)\\s*['\"]?");
    private static final Pattern ALLOWNETWORKING = Pattern.compile("['\"]?\\s*(?i:allowNetworking)\\s*['\"]?");
    private static final Pattern AUTOPLAY = Pattern.compile("['\"]?\\s*(?i:autoplay)\\s*['\"]?");
    private static final Pattern ENABLEHREF = Pattern.compile("['\"]?\\s*(?i:enablehref)\\s*['\"]?");
    private static final Pattern ENABLEJAVASCRIPT = Pattern.compile("['\"]?\\s*(?i:enablejavascript)\\s*['\"]?");
    private static final Pattern NOJAVA = Pattern.compile("['\"]?\\s*(?i:nojava)\\s*['\"]?");
    private static final Pattern ALLOWHTMLPOPUPWINDOW = Pattern.compile("['\"]?\\s*(?i:AllowHtmlPopupwindow)\\s*['\"]?");
    private static final Pattern ENABLEHTMLACCESS = Pattern.compile("['\"]?\\s*(?i:enableHtmlAccess)\\s*['\"]?");
    private static final Pattern[] URLNAMES = {Pattern.compile("['\"]?\\s*(?i:url)\\s*['\"]?"), Pattern.compile("['\"]?\\s*(?i:href)\\s*['\"]?"), Pattern.compile("['\"]?\\s*(?i:src)\\s*['\"]?"), Pattern.compile("['\"]?\\s*(?i:movie)\\s*['\"]?")};

    private static boolean containsURLName(String str) {
        for (Pattern pattern : URLNAMES) {
            if (pattern.matcher(str).matches()) {
                return true;
            }
        }
        return false;
    }

    @Override // com.nhncorp.lucy.security.xss.event.ElementListener
    public void handleElement(Element element) {
        boolean z = false;
        boolean z2 = false;
        boolean z3 = false;
        boolean z4 = false;
        boolean z5 = false;
        boolean z6 = false;
        boolean z7 = false;
        boolean z8 = false;
        boolean z9 = false;
        boolean z10 = false;
        String str = "\"internal\"";
        boolean z11 = false;
        boolean z12 = true;
        if (element.isDisabled()) {
            return;
        }
        Attribute attribute = element.getAttribute("data");
        if (attribute != null) {
            String value = attribute.getValue();
            boolean isWhiteUrl = isWhiteUrl(value);
            if (SecurityUtils.checkVulnerableWithHttp(element, value, isWhiteUrl, this.contentTypeCacheRepo)) {
                element.setEnabled(false);
                return;
            } else if (isWhiteUrl) {
                str = "\"all\"";
            }
        }
        List<Element> elements = element.getElements();
        if (elements != null) {
            for (Element element2 : elements) {
                if ("param".equalsIgnoreCase(element2.getName()) && containsURLName(element2.getAttributeValue("name"))) {
                    String attributeValue = element2.getAttributeValue("value");
                    if (isWhiteUrl(attributeValue)) {
                        z11 = true;
                    } else {
                        z11 = false;
                        z12 = false;
                    }
                    if (SecurityUtils.checkVulnerableWithHttp(element, attributeValue, z11, this.contentTypeCacheRepo)) {
                        element.setEnabled(false);
                        return;
                    }
                }
            }
            if (z11 && z12) {
                str = "\"all\"";
            }
            for (Element element3 : elements) {
                if ("param".equalsIgnoreCase(element3.getName())) {
                    String attributeValue2 = element3.getAttributeValue("name");
                    if (INVOKEURLS.matcher(attributeValue2).matches()) {
                        element3.putAttribute("value", "\"false\"");
                        z = true;
                    } else if (AUTOSTART.matcher(attributeValue2).matches()) {
                        element3.putAttribute("value", "\"false\"");
                        z2 = true;
                    } else if (ALLOWSCRIPTACCESS.matcher(attributeValue2).matches()) {
                        element3.putAttribute("value", "\"never\"");
                        z3 = true;
                    } else if (ALLOWNETWORKING.matcher(attributeValue2).matches()) {
                        element3.putAttribute("value", str);
                        z4 = true;
                    } else if (AUTOPLAY.matcher(attributeValue2).matches()) {
                        element3.putAttribute("value", "\"false\"");
                        z5 = true;
                    } else if (ENABLEHREF.matcher(attributeValue2).matches()) {
                        element3.putAttribute("value", "\"false\"");
                        z6 = true;
                    } else if (ENABLEJAVASCRIPT.matcher(attributeValue2).matches()) {
                        element3.putAttribute("value", "\"false\"");
                        z7 = true;
                    } else if (NOJAVA.matcher(attributeValue2).matches()) {
                        element3.putAttribute("value", "\"true\"");
                        z8 = true;
                    } else if (ALLOWHTMLPOPUPWINDOW.matcher(attributeValue2).matches()) {
                        element3.putAttribute("value", "\"false\"");
                        z9 = true;
                    } else if (ENABLEHTMLACCESS.matcher(attributeValue2).matches()) {
                        element3.putAttribute("value", "\"false\"");
                        z10 = true;
                    }
                }
            }
        }
        if (!z) {
            Element element4 = new Element("param");
            element4.putAttribute("name", "\"invokeURLs\"");
            element4.putAttribute("value", "\"false\"");
            element.addContent(element4);
        }
        if (!z2) {
            Element element5 = new Element("param");
            element5.putAttribute("name", "\"autostart\"");
            element5.putAttribute("value", "\"false\"");
            element.addContent(element5);
        }
        if (!z3) {
            Element element6 = new Element("param");
            element6.putAttribute("name", "\"allowScriptAccess\"");
            element6.putAttribute("value", "\"never\"");
            element.addContent(element6);
        }
        if (!z4) {
            Element element7 = new Element("param");
            element7.putAttribute("name", "\"allowNetworking\"");
            element7.putAttribute("value", str);
            element.addContent(element7);
        }
        if (!z5) {
            Element element8 = new Element("param");
            element8.putAttribute("name", "\"autoplay\"");
            element8.putAttribute("value", "\"false\"");
            element.addContent(element8);
        }
        if (!z6) {
            Element element9 = new Element("param");
            element9.putAttribute("name", "\"enablehref\"");
            element9.putAttribute("value", "\"false\"");
            element.addContent(element9);
        }
        if (!z7) {
            Element element10 = new Element("param");
            element10.putAttribute("name", "\"enablejavascript\"");
            element10.putAttribute("value", "\"false\"");
            element.addContent(element10);
        }
        if (!z8) {
            Element element11 = new Element("param");
            element11.putAttribute("name", "\"nojava\"");
            element11.putAttribute("value", "\"true\"");
            element.addContent(element11);
        }
        if (!z9) {
            Element element12 = new Element("param");
            element12.putAttribute("name", "\"AllowHtmlPopupwindow\"");
            element12.putAttribute("value", "\"false\"");
            element.addContent(element12);
        }
        if (z10) {
            return;
        }
        Element element13 = new Element("param");
        element13.putAttribute("name", "\"enableHtmlAccess\"");
        element13.putAttribute("value", "\"false\"");
        element.addContent(element13);
    }

    private boolean isWhiteUrl(String str) {
        WhiteUrlList whiteUrlList = WhiteUrlList.getInstance();
        return whiteUrlList != null && whiteUrlList.contains(str);
    }
}
