package org.zodiac.server.proxy.http.request;

import io.netty.handler.codec.http.HttpObject;
import io.netty.handler.codec.http.HttpRequest;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.zodiac.commons.model.KeyValuePair;
import org.zodiac.server.proxy.http.model.HttpFilterMessage;
import org.zodiac.server.proxy.http.util.HttpRequestUtil;

/* loaded from: input_file:org/zodiac/server/proxy/http/request/HttpScannerRequestFilter.class */
public class HttpScannerRequestFilter extends HttpRequestFilter {
    @Override // org.zodiac.server.proxy.config.ProxyFilter
    public HttpFilterMessage doFilter(HttpRequest httpRequest, HttpObject httpObject) {
        if (!(httpObject instanceof HttpRequest)) {
            return null;
        }
        this.logger.debug("filter:{}", getClass().getName());
        HttpRequest httpRequest2 = (HttpRequest) httpObject;
        boolean contains = httpRequest2.headers().contains("Acunetix-Aspect");
        boolean contains2 = httpRequest2.headers().contains("Acunetix-Aspect-Password");
        boolean contains3 = httpRequest2.headers().contains("Acunetix-Aspect-Queries");
        boolean contains4 = httpRequest2.headers().contains("X-Scan-Memo");
        boolean contains5 = httpRequest2.headers().contains("X-Request-Memo");
        boolean contains6 = httpRequest2.headers().contains("X-RequestManager-Memo");
        boolean contains7 = httpRequest2.headers().contains("X-WIPP");
        Matcher matcher = Pattern.compile("AppScan_fingerprint").matcher(httpRequest2.uri());
        boolean contains8 = httpRequest2.uri().contains("--%3E%27%22%3E%3CH1%3EXSS%40HERE%3C%2FH1%3E");
        Matcher matcher2 = Pattern.compile("netsparker=").matcher(httpRequest2.uri());
        String realIp = HttpRequestUtil.getRealIp(httpRequest2);
        if (contains || contains2 || contains3) {
            hackLog(this.logger, realIp, "scanner", "Acunetix Web Vulnerability");
            return HttpFilterMessage.of("HttpScannerRequestFilter Black List", new KeyValuePair[0]);
        }
        if (contains4 || contains5 || contains6 || contains7) {
            hackLog(this.logger, realIp, "scanner", "HP WebInspect");
            return HttpFilterMessage.of("HttpScannerRequestFilter Black List", new KeyValuePair[0]);
        }
        if (matcher.find()) {
            hackLog(this.logger, realIp, "scanner", "Appscan");
            return HttpFilterMessage.of("HttpScannerRequestFilter Black List", new KeyValuePair[0]);
        }
        if (contains8) {
            hackLog(this.logger, realIp, "scanner", "Bugscan");
            return HttpFilterMessage.of("HttpScannerRequestFilter Black List", new KeyValuePair[0]);
        }
        if (!matcher2.find()) {
            return null;
        }
        hackLog(this.logger, realIp, "scanner", "Netsparker");
        return HttpFilterMessage.of("HttpScannerRequestFilter Black List", new KeyValuePair[0]);
    }
}
