package io.github.devsecops.rest.core.resource;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.node.ArrayNode;
import com.fasterxml.jackson.databind.node.JsonNodeFactory;
import com.fasterxml.jackson.databind.node.JsonNodeType;
import com.fasterxml.jackson.databind.node.ObjectNode;
import io.github.devsecops.rest.core.exception.JSONTechnicalCodeException;
import io.github.devsecops.rest.core.exception.TechnicalException;
import java.lang.annotation.Annotation;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import org.owasp.encoder.Encode;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.converter.json.Jackson2ObjectMapperBuilder;
import org.springframework.stereotype.Component;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RequestPart;

@Component
/* loaded from: input_file:io/github/devsecops/rest/core/resource/XSSSanitizer.class */
public class XSSSanitizer {

    @Autowired
    private Jackson2ObjectMapperBuilder objectMapperBuilder;
    private static final Map<String, String> passThrougCharpMap = new HashMap();

    /* renamed from: io.github.devsecops.rest.core.resource.XSSSanitizer$1, reason: invalid class name */
    /* loaded from: input_file:io/github/devsecops/rest/core/resource/XSSSanitizer$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$io$github$devsecops$rest$core$resource$ParameterType = new int[ParameterType.values().length];
    }

    public Object[] sanitizeRequest(Object[] objArr, Class<?>[] clsArr, Annotation[][] annotationArr) throws Throwable {
        this.objectMapperBuilder.build();
        int length = objArr.length;
        Object[] objArr2 = new Object[length];
        for (int i = 0; i < length; i++) {
            int i2 = AnonymousClass1.$SwitchMap$io$github$devsecops$rest$core$resource$ParameterType[getArgumentType(annotationArr[i]).ordinal()];
        }
        return objArr2;
    }

    private ParameterType getArgumentType(Annotation[] annotationArr) {
        ParameterType parameterType = ParameterType.NONE;
        for (Annotation annotation : annotationArr) {
            if (annotation.annotationType().equals(RequestBody.class)) {
                parameterType = ParameterType.BODY;
            } else if (annotation.annotationType().equals(RequestPart.class)) {
                parameterType = ParameterType.MULTIPART;
            } else if (annotation.annotationType().equals(RequestParam.class)) {
                parameterType = ParameterType.PARAM;
            } else if (annotation.annotationType().equals(PathVariable.class)) {
                parameterType = ParameterType.PATH_VARIABLE;
            }
        }
        return parameterType;
    }

    private String sanitizeVariableOrParam(String str) {
        String forHtml = Encode.forHtml(str);
        for (Map.Entry<String, String> entry : passThrougCharpMap.entrySet()) {
            forHtml = forHtml.replace(entry.getKey(), entry.getValue());
        }
        return forHtml;
    }

    private String sanitizeRequestBody(String str) {
        try {
            return clean(new ObjectMapper().readTree(str)).toString();
        } catch (JsonProcessingException e) {
            throw new TechnicalException(JSONTechnicalCodeException.XSS_PARSING_EXCEPTION, e, str);
        }
    }

    private JsonNode clean(JsonNode jsonNode) {
        if (jsonNode.isValueNode()) {
            return JsonNodeType.STRING == jsonNode.getNodeType() ? JsonNodeFactory.instance.textNode(sanitizeVariableOrParam(jsonNode.asText())) : jsonNode;
        }
        if (jsonNode.isArray()) {
            ArrayNode arrayNode = JsonNodeFactory.instance.arrayNode();
            Iterator it = jsonNode.iterator();
            while (it.hasNext()) {
                arrayNode.add(clean((JsonNode) it.next()));
            }
            return arrayNode;
        }
        ObjectNode objectNode = JsonNodeFactory.instance.objectNode();
        Iterator fields = jsonNode.fields();
        while (fields.hasNext()) {
            Map.Entry entry = (Map.Entry) fields.next();
            objectNode.set(sanitizeVariableOrParam((String) entry.getKey()), clean((JsonNode) entry.getValue()));
        }
        return objectNode;
    }

    public XSSSanitizer(Jackson2ObjectMapperBuilder jackson2ObjectMapperBuilder) {
        this.objectMapperBuilder = jackson2ObjectMapperBuilder;
    }

    static {
        passThrougCharpMap.put("&#34", "\"");
        passThrougCharpMap.put("&amp", "&");
    }
}
