package jp.mbsd.struts2;

import java.io.IOException;  
import java.util.Enumeration;
import java.util.regex.Pattern;

import javax.servlet.Filter;  
import javax.servlet.FilterChain;  
import javax.servlet.FilterConfig;  
import javax.servlet.ServletException;  
import javax.servlet.ServletRequest;  
import javax.servlet.ServletResponse;  
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;

public class testFilter implements Filter {
    private static Pattern EXLUDE_PARAMS = Pattern.compile("(^|\\W)[cC]lass\\W");
    
    public void destroy() {
    }

    @Override
    public void doFilter(ServletRequest req, ServletResponse res,
            FilterChain filter) throws IOException, ServletException {
        HttpServletRequest httpreq = (HttpServletRequest)req;
        Enumeration<?> params = httpreq.getParameterNames();
        while (params.hasMoreElements()) {
            String paramName = (String) params.nextElement();
            if (isAttack(paramName)) {
                throw new IllegalArgumentException("Attack: " + paramName);
            }
        }
        Cookie cookies[] = httpreq.getCookies();
        if (cookies != null) {
            for  (Cookie c : cookies) {
                String cookieName = c.getName();
                if (isAttack(cookieName)) {
                    throw new IllegalArgumentException("Attack: " + cookieName);
                }
            }
        }
        filter.doFilter(req, res);
    }
    
    private static boolean isAttack(String target) {
        return EXLUDE_PARAMS.matcher(target).find();
    }

    @Override
    public void init(FilterConfig arg0) throws ServletException {}
}