package com.sankuai.security.sdk;

import com.sankuai.security.sdk.core.cmd.OSCmdSanitiser;
import com.sankuai.security.sdk.core.cors.CORSChecker;
import com.sankuai.security.sdk.core.csrf.CSRFChecker;
import com.sankuai.security.sdk.core.deserialization.ObjectInputStreamChecker;
import com.sankuai.security.sdk.core.file.FileChecker;
import com.sankuai.security.sdk.core.sql.SqlChecker;
import com.sankuai.security.sdk.core.sql.SqliSanitiser;
import com.sankuai.security.sdk.core.ssrf.SSRFChecker;
import com.sankuai.security.sdk.core.ssrf.SSRFConfig;
import com.sankuai.security.sdk.core.url.UrlRedirectionChecker;
import com.sankuai.security.sdk.core.xml.XmlChecker;
import com.sankuai.security.sdk.core.xml.XmlSanitiser;
import com.sankuai.security.sdk.core.xss.XssEncoder;
import com.sankuai.security.sdk.core.xss.XssSanitiser;
import com.sankuai.security.sdk.util.StringUtils;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.IOException;
import java.nio.file.Path;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:com/sankuai/security/sdk/SecSdk.class */
public class SecSdk {
    private static final Log logger = LogFactory.getLog(SecSdk.class);
    public static final String VERSION = "1.3.9";

    public static String encodeForHTML(String str) {
        return XssSanitiser.encodeForHTML(str);
    }

    public static String encodeForJavaScript(String str) {
        return XssSanitiser.encodeForJavaScript(str);
    }

    public static String encodeForJavaScriptAllCharacter(String str) {
        return XssEncoder.encodeForJavaScript(str);
    }

    public static String getCleanHTML(String str) {
        return XssSanitiser.getCleanHTML(str);
    }

    public static String stripForHTML(String str) {
        return XssSanitiser.stripForHTML(str);
    }

    public static String encodeForURL(String str) {
        return XssSanitiser.encodeForURL(str);
    }

    public static String encodeForXML(String str) {
        return XmlSanitiser.encodeForXML(str);
    }

    public static String encodeForSQL(String str) {
        return SqliSanitiser.encodeForSQL(str);
    }

    public static boolean isValidSqlIdentifier(String str) {
        return SqlChecker.isValidSqlIdentifier(str);
    }

    public static String encodeForOS(String str) {
        return OSCmdSanitiser.encodeForOS(str);
    }

    public static boolean securityLFI(Path path, Path path2) throws IOException {
        return FileChecker.checkLFI(path, path2);
    }

    public static boolean isValidFileName(String str) {
        return FileChecker.isValidFileName(str);
    }

    public static boolean isValidFileName(String str, String str2) {
        return FileChecker.isValidFileName(str, str2);
    }

    public static boolean isSecurityFilePath(String str) {
        return FileChecker.isSecurityFilePath(str);
    }

    public static List<File> securityFileUploads(HttpServletRequest httpServletRequest, int i, File file, File file2, String str, boolean z) throws Exception {
        return FileChecker.securityFileUpload(httpServletRequest, i, file, file2, str, z);
    }

    public static boolean securityUrlRedirect(String str, String str2) {
        return UrlRedirectionChecker.securityUrlRedirect(str, str2);
    }

    public static boolean securityUrlRedirect(String str, String[] strArr) {
        return UrlRedirectionChecker.securityUrlRedirect(str, strArr);
    }

    public static boolean securityCORS(String str, String str2) {
        return CORSChecker.checkCORS(str, str2);
    }

    public static boolean securityCORS(String str, String[] strArr) {
        for (String str2 : strArr) {
            if (securityCORS(str, str2)) {
                return true;
            }
        }
        return false;
    }

    public static boolean securityCSRF(String str, String[] strArr) {
        return CSRFChecker.checkCSRF(str, strArr);
    }

    public static boolean securityCSRF(String str, String str2) {
        return CSRFChecker.checkCSRF(str, str2);
    }

    public static boolean securitySSRF(String str, String str2) {
        try {
            return SSRFChecker.securitySSRF(str, str2);
        } catch (Throwable th) {
            logger.warn("Error occurs while securitySSRF(url, acceptedDomain), root cause " + th.getMessage());
            return true;
        }
    }

    public static boolean securitySSRF(String str, List<String> list) {
        try {
            return SSRFChecker.securitySSRF(str, list);
        } catch (Throwable th) {
            logger.warn("Error occurs while securitySSRF(url, acceptedDomainList), root cause " + th.getMessage());
            return true;
        }
    }

    public static boolean checkSSRFWithoutRedirect(String str) {
        return SSRFChecker.checkSSRFWithoutRedirect(str);
    }

    public static boolean checkSSRF(String str) {
        try {
            return SSRFChecker.checkSSRF(str);
        } catch (Throwable th) {
            logger.warn("Error occurs while checkSSRF(url), root cause " + th.getMessage());
            return true;
        }
    }

    public static boolean checkSSRF(String str, SSRFConfig sSRFConfig) {
        try {
            return SSRFChecker.checkSSRF(str, sSRFConfig);
        } catch (Throwable th) {
            logger.warn("Error occurs while checkSSRF(url, ssrfConfig), root cause " + th.getMessage());
            return true;
        }
    }

    public static boolean securityXXE(String str) {
        return XmlChecker.checkXXE(str);
    }

    public static String securityRSHeaderInjection(String str) {
        return StringUtils.isBlank(str) ? str : str.replaceAll("(?i)%0d|%0a", "").replaceAll("(?i)\\r|\\n", "");
    }

    public static Object securityDeserialize(ByteArrayInputStream byteArrayInputStream, String[] strArr) throws IOException, ClassNotFoundException {
        return ObjectInputStreamChecker.checkObjectInputStream(byteArrayInputStream, strArr);
    }

    public static Object securityDeserialize(ByteArrayInputStream byteArrayInputStream) throws IOException, ClassNotFoundException {
        return ObjectInputStreamChecker.checkObjectInputStream(byteArrayInputStream);
    }
}
