package com.opensymphony.xwork.util;

import com.opensymphony.xwork.config.Configuration;
import com.opensymphony.xwork.config.ConfigurationManager;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import ognl.Node;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:com/opensymphony/xwork/util/DefaultOgnlGuard.class */
public class DefaultOgnlGuard implements OgnlGuard {
    private static final Log LOG = LogFactory.getLog(DefaultOgnlGuard.class);
    private static final Set<String> BLOCKED_VAR_REFS = Collections.unmodifiableSet(new HashSet(Arrays.asList("#_memberAccess", "#_classResolver", "#_typeConverter", "#context", "#request", "#parameters", "#session", "#application", "#attr")));
    protected Set<String> excludedNodeTypes;
    private int maxExprLength;

    public DefaultOgnlGuard() {
        loadConfig(ConfigurationManager.getConfiguration());
    }

    public void loadConfig(Configuration configuration) {
        this.excludedNodeTypes = configuration.getOgnlExcludedNodeTypes();
        this.maxExprLength = configuration.getOgnlExpressionMaxLength();
    }

    @Override // com.opensymphony.xwork.util.OgnlGuard
    public boolean isRawExpressionBlocked(String str) {
        return isExceedsMaxExprLength(str);
    }

    protected boolean isExceedsMaxExprLength(String str) {
        return str != null && str.length() > this.maxExprLength;
    }

    @Override // com.opensymphony.xwork.util.OgnlGuard
    public boolean isParsedTreeBlocked(Object obj) {
        if (!(obj instanceof Node) || skipTreeCheck((Node) obj)) {
            return false;
        }
        return recurseNodes((Node) obj);
    }

    protected boolean skipTreeCheck(Node node) {
        return false;
    }

    protected boolean recurseNodes(Node node) {
        if (checkNode(node)) {
            return true;
        }
        for (int i = 0; i < node.jjtGetNumChildren(); i++) {
            if (recurseNodes(node.jjtGetChild(i))) {
                return true;
            }
        }
        return false;
    }

    protected boolean checkNode(Node node) {
        return containsExcludedNodeType(node) || isBlockedVarRef(node);
    }

    protected boolean containsExcludedNodeType(Node node) {
        String name = node.getClass().getName();
        if (!this.excludedNodeTypes.contains(name)) {
            return false;
        }
        LOG.warn("Expression contains blocked node type [" + name + "]");
        return true;
    }

    protected boolean isBlockedVarRef(Node node) {
        if (!"ognl.ASTVarRef".equals(node.getClass().getName())) {
            return false;
        }
        String obj = node.toString();
        if (!BLOCKED_VAR_REFS.contains(obj)) {
            return false;
        }
        if ("#attr".equals(obj)) {
            return true;
        }
        LOG.warn("Expression contains blocked var ref [" + obj + "]");
        return true;
    }
}
