package org.codehaus.plexus.redback.struts2.interceptor;

import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.Interceptor;
import java.util.Map;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/codehaus/plexus/redback/struts2/interceptor/XSSParameterCheckInterceptor.class */
public class XSSParameterCheckInterceptor implements Interceptor {
    private Logger log = LoggerFactory.getLogger(XSSParameterCheckInterceptor.class);
    private static final String SCRIPT_KEYWORD = "<script>";
    private static final String POSSIBLE_XSS_ATTACK = "possible-xss-attack";

    public void destroy() {
    }

    public void init() {
    }

    public String intercept(ActionInvocation actionInvocation) throws Exception {
        Map parameters = actionInvocation.getInvocationContext().getParameters();
        for (String str : parameters.keySet()) {
            Object obj = parameters.get(str);
            if (obj != null) {
                if (obj instanceof String) {
                    if (StringUtils.containsIgnoreCase((String) obj, SCRIPT_KEYWORD)) {
                        this.log.warn("Possible XSS attack detected! A '<script>' tag was found in the request parameter '" + str + "' of your action.");
                        return POSSIBLE_XSS_ATTACK;
                    }
                } else if (obj instanceof String[]) {
                    for (String str2 : (String[]) obj) {
                        if (StringUtils.containsIgnoreCase(str2, SCRIPT_KEYWORD)) {
                            this.log.warn("Possible XSS attack detected! A '<script>' tag was found in the request parameter '" + str + "' of your action.");
                            return POSSIBLE_XSS_ATTACK;
                        }
                    }
                } else {
                    continue;
                }
            }
        }
        return actionInvocation.invoke();
    }
}
