package cn.com.duibaboot.ext.autoconfigure.security.dpefensivepolicy;

import cn.com.duibaboot.ext.autoconfigure.security.DefensivePolicy;
import cn.com.duibaboot.ext.autoconfigure.security.exception.DuibaSecurityException;
import cn.com.duibaboot.ext.autoconfigure.web.wrapper.BodyReaderHttpServletRequestWrapper;
import com.google.common.collect.Sets;
import java.util.Set;
import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.http.MediaType;

/* loaded from: input_file:BOOT-INF/lib/spring-boot-ext-2.0.0-g7.jar:cn/com/duibaboot/ext/autoconfigure/security/dpefensivepolicy/XmlDefensivePolicy.class */
public class XmlDefensivePolicy implements DefensivePolicy {
    private Pattern pattern = Pattern.compile("DOCTYPE|SYSTEM|ENTITY|PUBLIC");

    @Override // cn.com.duibaboot.ext.autoconfigure.security.DefensivePolicy
    public Set<MediaType> getMediaTypes() {
        return Sets.newHashSet(MediaType.APPLICATION_XML, MediaType.TEXT_XML);
    }

    @Override // cn.com.duibaboot.ext.autoconfigure.security.DefensivePolicy
    public HttpServletRequest preprocessorRequest(HttpServletRequest httpServletRequest) {
        return new BodyReaderHttpServletRequestWrapper(httpServletRequest);
    }

    @Override // cn.com.duibaboot.ext.autoconfigure.security.DefensivePolicy
    public void doDefensive(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws DuibaSecurityException {
        if (this.pattern.matcher(((BodyReaderHttpServletRequestWrapper) httpServletRequest).getBody()).find()) {
            throw new DuibaSecurityException("XXE风险告警！");
        }
    }
}
