package org.zodiac.server.proxy.http.plugin.filter.request;

import io.netty.handler.codec.http.HttpRequest;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.zodiac.server.proxy.http.model.HttpFilterMessage;
import org.zodiac.server.proxy.plugin.api.HttpProxyFlterPluginContext;

/* loaded from: input_file:org/zodiac/server/proxy/http/plugin/filter/request/HttpScannerBlackRequestFilter.class */
public class HttpScannerBlackRequestFilter extends AbstractHttpRequestFilter {
    private static final String PLUGIN_KEY = "httpRequestScannerBlack";

    public HttpScannerBlackRequestFilter() {
        setKey(PLUGIN_KEY);
    }

    @Override // org.zodiac.server.proxy.http.AbstractHttpProxyFilter
    protected HttpFilterMessage doFilter(HttpProxyFlterPluginContext<HttpRequest> httpProxyFlterPluginContext) {
        loggingFilterStart();
        HttpRequest filterRequest = httpProxyFlterPluginContext.getFilterRequest();
        boolean contains = filterRequest.headers().contains("Acunetix-Aspect");
        boolean contains2 = filterRequest.headers().contains("Acunetix-Aspect-Password");
        boolean contains3 = filterRequest.headers().contains("Acunetix-Aspect-Queries");
        boolean contains4 = filterRequest.headers().contains("X-Scan-Memo");
        boolean contains5 = filterRequest.headers().contains("X-Request-Memo");
        boolean contains6 = filterRequest.headers().contains("X-RequestManager-Memo");
        boolean contains7 = filterRequest.headers().contains("X-WIPP");
        Matcher matcher = Pattern.compile("AppScan_fingerprint").matcher(filterRequest.uri());
        boolean contains8 = filterRequest.uri().contains("--%3E%27%22%3E%3CH1%3EXSS%40HERE%3C%2FH1%3E");
        Matcher matcher2 = Pattern.compile("netsparker=").matcher(filterRequest.uri());
        String remoteRealIp = getRemoteRealIp(filterRequest);
        if (contains || contains2 || contains3) {
            hackLogging(remoteRealIp, "scanner", "Acunetix Web Vulnerability");
            obtainBlackFilterMessage(httpProxyFlterPluginContext);
            return null;
        }
        if (contains4 || contains5 || contains6 || contains7) {
            hackLogging(remoteRealIp, "scanner", "HP WebInspect");
            obtainBlackFilterMessage(httpProxyFlterPluginContext);
            return null;
        }
        if (matcher.find()) {
            hackLogging(remoteRealIp, "scanner", "Appscan");
            obtainBlackFilterMessage(httpProxyFlterPluginContext);
            return null;
        }
        if (contains8) {
            hackLogging(remoteRealIp, "scanner", "Bugscan");
            obtainBlackFilterMessage(httpProxyFlterPluginContext);
            return null;
        }
        if (!matcher2.find()) {
            return null;
        }
        hackLogging(remoteRealIp, "scanner", "Netsparker");
        obtainBlackFilterMessage(httpProxyFlterPluginContext);
        return null;
    }
}
