/** File name: randomString.java
 *  Date:      04-Feb-2013
 *  Author:    Upsorn Praphamontripong & Jeff Offutt
 *  Update January 2016 Jeff Offutt
 *  Add "https" and change port to "8443" for new server protocols
 *  Changed functionality so if a user clicks "with replacement,"
 *  the new screen would also check "with replacement."
 *  Added printScreen() and "withReplace" parameter.
 *  Changed doPost() to call printScreen() instead of doGet()
 *  Update February 2017 Salonika Bose
 *  Added regexp check for script attacks
 *  Update July 2019 Jeff Offutt
 *  Split selectNext() from doPost()
 */

// Import Servlet Libraries
import javax.servlet.*;
import javax.servlet.http.*;

// Import Java Libraries
import java.io.*;
import java.util.*;
import java.lang.*;

import java.io.*;
import static java.lang.System.console; // SB

import javax.servlet.http.*;
import javax.servlet.*;

import java.util.regex.Matcher; // SB
import java.util.regex.Pattern; // SB

//randomString class
//   Allow users to enter a list of strings to be randomly chosen
//   with two options: with replacement or without replacement (default)

//  Is multiple chosen allowed? -- provide a textbox to enter the number of strings needed
//  then, clicking a submit button results in multiple returns of string chosen.

//CONSTRUCTOR: no constructor specified (default)
//
//****************  Methods description  *******************************
//void doPost()    --> Main method for gathering data and sending back
//void doGet()     --> Prints a blank screen
//***********************************************************************

public class randomString extends HttpServlet
{
   private ArrayList<String> selectFrom; // list of strings entered, randomly select from this list
   private ArrayList<String> selected = new ArrayList<String>();  // list of strings already selected
   private String curRandomString = new String(); // Current random string

   // To be changed if redeployed
   private String actionLocation = "https://cs.gmu.edu:8443/offutt/servlet/randomString";

public void doGet(HttpServletRequest req, HttpServletResponse res)
       throws ServletException, IOException
{
   res.setContentType("text/html");
   //Get the response's PrintWriter to return text to the client.
   PrintWriter out = res.getWriter();

   out.println("<!DOCTYPE HTML>");
   out.println("<html>");
   PrintHead(out);
   PrintBody(out, false); // Not with replacement is default
   out.println("</html>");

   out.close();
}  // End doGet()

// similar to doGet except called from doPost
// Allows "with replacement" to be set
private void printScreen(HttpServletRequest req, HttpServletResponse res, Boolean withReplace)
       throws ServletException, IOException
{
   res.setContentType("text/html");
   //Get the response's PrintWriter to return text to the client.
   PrintWriter out = res.getWriter();

   out.println("<!DOCTYPE HTML>");
   out.println("<html>");
   
   PrintHead(out);
   PrintBody(out, withReplace);
   out.println("</html>");
   out.close();
}  // End doGet()

private void PrintHead(PrintWriter out)
{
   out.println("<head>");
   out.println("  <meta http-equiv=\"Content-Type\" content=\"text/html;charset=utf-8\" >");
   out.println("  <link rel=\"stylesheet\" href=\"https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css\" integrity=\"sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u\" crossorigin=\"anonymous\">"); // SB
   out.println("  <link rel=\"stylesheet\" href=\"https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap-theme.min.css\" integrity=\"sha384-rHyoN1iRsVXV4nD0JutlnGaslCJuC7uwjduW9SVrLvRYooPp2bWYgmgJQIXwl/Sp\" crossorigin=\"anonymous\">"); // SB
   out.println("    <title>String Randomization</title>");
   out.println("</head>");
}  // PrintHead()

private void PrintBody(PrintWriter out, Boolean withReplace)
{
   out.println("<body onload=\"setFocus()\">");
   PrintJS(out);
   out.println("<form method=\"POST\"" );
   out.println("      action=\"" + actionLocation + "\">"); // Defined above (Jeff Offutt)
   out.println("    <!-- start main -->");
   out.println("<table border=\"0\" cellpadding=\"2\" cellspacing=\"1\" width=\"70%\" align=\"center\">");
   out.println("<tr>");
   out.println("  <td width=\"90%\" colspan=\"8\">");
   out.println("    <h2 align=\"center\">String Randomization</h2>");
   out.println("    <hr>");
   out.println("  </td>");
   out.println("</tr>");

   out.println("<tr>");
   out.println("  <td bgcolor=\"#CCFFFF\" align=\"center\" width=\"35%\" colspan=\"2\"><b> Enter strings to be chosen </b></br>");
   out.println("    <i>Separate multiple strings by new lines.</i>");
   out.println("  </td>");
   out.println("  <td width=\"2%\" colspan=\"1\">&nbsp;&nbsp;</td>");
   out.println("  <td bgcolor=\"#EEEEEE\" align=\"center\" width=\"35%\" colspan=\"2\">String chosen: ");

   if (curRandomString.length() > 0)
   {
       out.print("    <input type=\"text\" border=\"0\" readonly=\"readonly\" name=\"curRandomString\" id=\"curRandomString\" size=\"30\" value=\"");
       out.println(curRandomString + "\">");
       out.println("</input>");
   }
   else
      out.println("    <input type=\"text\" border=\"0\" readonly=\"readonly\" name=\"curRandomString\" id=\"curRandomString\" size=\"30\"></input>");

   out.println("  </td>");
   out.println("  <td width=\"2%\" colspan=\"1\">&nbsp;&nbsp;</td>");
   out.println("  <td align=\"center\" width=\"25%\" colspan=\"2\">&nbsp;</td>");
   out.println("</tr>");

   out.println("<tr>");
   out.println("  <td bgcolor=\"#CCFFFF\" align=\"center\" width=\"35%\" colspan=\"2\">");

   out.println("    <textarea rows=\"20\" name=\"strEnter\" id=\"strEnter\" cols=\"25\" autofocus=true>");
   if (selectFrom != null && selectFrom.size() > 0) // there is at least one string to print
   {  // Print the remaining input strings
      for (int k=0; k<selectFrom.size(); k++)
      {
         if (selectFrom.get(k).equals('\n') == false && selectFrom.get(k).equals(" ") == false)
            out.println(selectFrom.get(k));
      }
   }
   out.println("</textarea>");
   out.println("  </td>");

   out.println("  <td width=\"2%\" colspan=\"1\">&nbsp;&nbsp;</td>");
   out.println("  <td bgcolor=\"#EEEEEE\" align=\"center\" width=\"35%\" colspan=\"2\">");

   out.println("    <textarea rows=\"20\" name=\"strChosen\" id=\"strChosen\" cols=\"25\" readonly=\"readonly\" >");
   if (selected != null && selected.size() > 0) // there is at least one string to print
   {  // Print the strings that were previously selected
      for (int i=0; i<selected.size(); i++)
         out.println(selected.get(i));
   }
   out.println("</textarea>");
   out.println("  </td>");

   out.println("  <td width=\"2%\" colspan=\"1\">&nbsp;&nbsp;</td>");
   // Print buttons on right of screen.
   out.println("  <td width=\"25%\" colspan=\"2\" align=\"center\">");
   out.println("    <table border=\"0\">");
   out.println("      <tr>");
   out.println("        <td>");

   if (withReplace) // doGet is always without, doPost allows with replacement if WR was checked before
      out.println("          <label><input checked type=\"radio\" value=\"WR\" id = \"replacementOption\" name=\"replacementOption\">With replacement</label>"); // SB
   else
      out.println("          <label><input type=\"radio\" value=\"WR\" id = \"replacementOption\" name=\"replacementOption\">With replacement</label>"); // SB

   out.println("        </td>");
   out.println("      </tr>");
   out.println("      <tr>");
   out.println("        <td>  <!--  this should be set as default option -->");

   if (withReplace) // doGet is always without, doPost allows with
      out.println("          <label><input type=\"radio\" value=\"WO\" id = \"replacementOption\" name=\"replacementOption\">Without replacement</label>"); // SB
   else
      out.println("          <label><input checked type=\"radio\" value=\"WO\" id = \"replacementOption\" name=\"replacementOption\">Without replacement</label>"); // SB

   out.println("        </td>");
   out.println("      </tr>");
   out.println("      <tr cellpadding=\"2\">");
   out.println("        <td align=\"center\">");
   out.println("          <input type=\"submit\" value=\"Submit\" Name=\"btn\" onClick=\"return submitIt(this.form)\">");
   out.println("        </td>");
   out.println("      </tr>");
   out.println("      <tr cellpadding=\"2\">");
   out.println("        <td align=\"center\">&nbsp;</td>");
   out.println("      </tr>");
   out.println("      <tr cellpadding=\"2\">");
   out.println("        <td align=\"center\">&nbsp;</td>");
   out.println("      </tr>");
   out.println("      <tr>");
   out.println("        <td align=\"center\">");
   out.println("          <button type=\"submit\" name=\"btn\" value=\"Restart\">Restart</button>");
   out.println("        </td>");
   out.println("      </tr>");
   out.println("    </table>");
   out.println("  </td>");
   out.println("</tr>");

   out.println("<tr>");
   out.println("  <td bgcolor=\"#CCFFFF\" align=\"center\" width=\"35%\" colspan=\"2\">&nbsp;</td>");
   out.println("  <td width=\"2%\" colspan=\"1\">&nbsp;&nbsp;</td>");
   out.println("  <td bgcolor=\"#EEEEEE\" align=\"center\" width=\"35%\" colspan=\"2\">");
   out.println("     <button type=\"submit\" name=\"btn\" value=\"Clear\">Clear Chosen Strings</button>");
   out.println("  </td>");
   out.println("  <td width=\"2%\" colspan=\"1\">&nbsp;&nbsp;</td>");
   out.println("  <td align=\"center\" width=\"25%\" colspan=\"2\">&nbsp;</td>");
   out.println("</tr>");

   out.println("<tr>");
   out.println("  <td colspan=\"8\"><hr></td>");
   out.println("</tr>");

   out.println("</table>");
   out.println("    <!-- end main -->");
   out.println("</form>");
   out.println("</body>");
}  // PrintBody()

private void PrintJS (PrintWriter out)
{
   out.println("  <!-- start js -->");
   out.println("  <script>");
   out.println("    <!-- hide code");
   out.println("    function submitIt(form)");
   out.println("    {");
   out.println("       errCount=0;");
   out.println("       errorMsg=\"\";");
   out.println("       aVal = form.strEnter.value");
   out.println("       if ( aVal == \"\") ");
   out.println("       {");
   out.println("          errorMsg += \"\\n\\n\"+ \" Enter strings to be chosen.\";");
   out.println("          errCount++;");
   out.println("       }");
   out.println("       if (errCount > 0) ");
   out.println("       {");
   out.println("          alert (\"Please correct the following \" + errCount + \" fields: \" + errorMsg);");
   out.println("          if ( aVal == \"\") ");
   out.println("          {");
   out.println("             document.getElementById(\"strEnter\").focus();");
   out.println("          }");
   out.println("          return false;");
   out.println("       }");
   out.println("       else {");
   out.println("          return true;");
   out.println("       }");
   out.println("    }");

   out.println("    function clearFields() ");
   out.println("    {");
   out.println("      if (confirm(\"Are you sure?\")) ");
   out.println("      {");
   out.println("        document.getElementById(\"strEnter\").value = \"\";");
   out.println("        document.getElementById(\"curRandomString\").value = \"\";");
   out.println("        document.getElementById(\"strChosen\").value = \"\";");
   out.println("      }");
   out.println("    }");

   out.println("    function clearResults() ");
   out.println("    {");
   out.println("        document.getElementById(\"curRandomString\").value = \"\";");
   out.println("        document.getElementById(\"strChosen\").value = \"\";");
   out.println("    }");

   out.println("    function setFocus() ");
   out.println("    {");
   out.println("        document.getElementById(\"strEnter\").focus();");
   out.println("    }");

   out.println("    // end hiding code -->");
   out.println("  </script>");
   out.println("  <!-- end js -->");
}  // PrintJS()

/** **********************************************************
*  doPost()
*  Chooses the next random string and updates list.
************************************************************ */
public void doPost (HttpServletRequest req, HttpServletResponse res)
       throws ServletException, IOException
{
   String data   = req.getParameter("strEnter"); // Left text area, strings to be chosen
   String option = req.getParameter("replacementOption"); // Button on the right
   String str    = new String();
   
   // added by Salonika Bose, February 2017
   // Sanitize the list
   // (?i) make it case insensitive
   // case 1 : <script> are removed
   // case 2 : javascript: call are removed
   // case 3 : remove on* attributes like onLoad or onClick
   data = data.replaceAll("(?i)<script.*?>.*?</script.*?>", ""); //SB
   data = data.replaceAll("(?i)<.*?javascript:.*?>.*?</.*?>", ""); //SB
   data = data.replaceAll("(?i)<.*?\\s+on.*?>.*?</.*?>", ""); //SB
    
   // extract data entry --> list of strings
   // extract data entry -- multiple strings are separated by carriage return
   // reformat the data entry into a list of strings
   // split() and ArrayList() added by Jeff
   selectFrom = new ArrayList(Arrays.asList(data.split("[\\r\\n]+")));

   String button = req.getParameter("btn");
   selectNext(button, option);

   if (option.equals("WR"))
      printScreen(req, res, true);
   else
      printScreen(req, res, false);
} // End of doPost()

/** **********************************************************
*  selectNext()
*  Selects the next random string and updates lists.
*  Updates class level variables selectFrom, selected, and curRandomString
************************************************************ */
private void selectNext (String button, String option)
{
   if (button.equals("Restart"))
   {
      selectFrom      = new ArrayList<String>();
      selected        = new ArrayList<String>();
      curRandomString = new String();
   }
   else if (button.equals("Clear"))
   {
      selected        = new ArrayList<String>();
      curRandomString = new String();
   }
   else if (button.equals("Submit"))
   {
      // if a string is chosen without replacement,
      // a chosen string X will be removed from data
      //     data' = data - {X}
      // if a string is chosen with replacement, data' = data

      if (selectFrom != null && selectFrom.size() > 0)
      {
         ArrayList<String> tempList = selectFrom;
         int n = tempList.size();
         Random generator = new Random();
         if (n > 0)   // there are n strings to be chosen
         {
            int randomIndex = generator.nextInt(n); // index indicating which string will be chosen from a list
            curRandomString = tempList.get(randomIndex);
            if (curRandomString.length() > 0)
               selected.add(curRandomString);

            if (option.equals("WR"))
            {
               // do nothing to entries, i.e., list of string remains the same
            }
            else if (option.equals("WO"))
            {
               tempList.remove(randomIndex);
               selectFrom = tempList;
            }  // end else if
         }  // end if
      }  // end if
   }  // end else if
}  // selectNext()

} // End class