package org.owasp.webgoat.lessons;

import java.util.ArrayList;
import java.util.List;
import java.util.regex.Pattern;

import org.apache.ecs.Element;
import org.apache.ecs.ElementContainer;
import org.apache.ecs.html.BR;
import org.apache.ecs.html.Center;
import org.apache.ecs.html.H1;
import org.apache.ecs.html.HR;
import org.apache.ecs.html.Input;
import org.apache.ecs.html.TD;
import org.apache.ecs.html.TH;
import org.apache.ecs.html.TR;
import org.apache.ecs.html.Table;
import org.owasp.webgoat.session.ECSFactory;
import org.owasp.webgoat.session.WebSession;
import org.owasp.webgoat.util.HtmlEncoder;

/*******************************************************************************
 * 
 * 
 * This file is part of WebGoat, an Open Web Application Security Project
 * utility. For details, please see http://www.owasp.org/
 * 
 * Copyright (c) 2002 - 2007 Bruce Mayhew
 * 
 * This program is free software; you can redistribute it and/or modify it under
 * the terms of the GNU General Public License as published by the Free Software
 * Foundation; either version 2 of the License, or (at your option) any later
 * version.
 * 
 * This program is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
 * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
 * details.
 * 
 * You should have received a copy of the GNU General Public License along with
 * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
 * Place - Suite 330, Boston, MA 02111-1307, USA.
 * 
 * Getting Source ==============
 * 
 * Source for this application is maintained at code.google.com, a repository
 * for free software projects.
 * 
 * For details, please see http://code.google.com/p/webgoat/
 *
 * @author     Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
 * @created    October 28, 2003
 */

public class ReflectedXSS extends LessonAdapter
{
    /**
     *  Description of the Method
     *
     * @param  s  Description of the Parameter
     * @return    Description of the Return Value
     */

    protected Element createContent(WebSession s)
    {

	ElementContainer ec = new ElementContainer();
	String regex1 = "^[0-9]{3}$";// any three digits
	Pattern pattern1 = Pattern.compile(regex1);

	try
	{
	    String param1 = s.getParser().getRawParameter("field1", "111");
	    String param2 = HtmlEncoder.encode(s.getParser().getRawParameter(
		    "field2", "4128 3214 0002 1999"));
	    float quantity = 1.0f;
	    float total = 0.0f;
	    float runningTotal = 0.0f;

	    // test input field1
	    if (!pattern1.matcher(param1).matches())
	    {
		if (param1.toLowerCase().indexOf("script") != -1)
		{
		    makeSuccess(s);
		}

		s
			.setMessage("Whoops! You entered "
				+ param1
				+ " instead of your three digit code.  Please try again.");
	    }

	    // FIXME: encode output of field2, then s.setMessage( field2 );

	    ec.addElement(new HR().setWidth("90%"));
	    ec.addElement(new Center().addElement(new H1()
		    .addElement("Shopping Cart ")));
	    Table t = new Table().setCellSpacing(0).setCellPadding(2)
		    .setBorder(1).setWidth("90%").setAlign("center");

	    if (s.isColor())
	    {
		t.setBorder(1);
	    }

	    TR tr = new TR();
	    tr.addElement(new TH().addElement(
		    "Shopping Cart Items -- To Buy Now").setWidth("80%"));
	    tr.addElement(new TH().addElement("Price").setWidth("10%"));
	    tr.addElement(new TH().addElement("Quantity").setWidth("3%"));
	    tr.addElement(new TH().addElement("Total").setWidth("7%"));
	    t.addElement(tr);

	    tr = new TR();
	    tr
		    .addElement(new TD()
			    .addElement("Studio RTA - Laptop/Reading Cart with Tilting Surface - Cherry "));
	    tr.addElement(new TD().addElement("69.99").setAlign("right"));
	    tr.addElement(new TD().addElement(
		    new Input(Input.TEXT, "QTY1", s.getParser()
			    .getStringParameter("QTY1", "1")))
		    .setAlign("right"));
	    quantity = s.getParser().getFloatParameter("QTY1", 0.0f);
	    total = quantity * 69.99f;
	    runningTotal += total;
	    tr.addElement(new TD().addElement("$" + total));
	    t.addElement(tr);
	    tr = new TR();
	    tr.addElement(new TD()
		    .addElement("Dynex - Traditional Notebook Case"));
	    tr.addElement(new TD().addElement("27.99").setAlign("right"));
	    tr.addElement(new TD().addElement(
		    new Input(Input.TEXT, "QTY2", s.getParser()
			    .getStringParameter("QTY2", "1")))
		    .setAlign("right"));
	    quantity = s.getParser().getFloatParameter("QTY2", 0.0f);
	    total = quantity * 27.99f;
	    runningTotal += total;
	    tr.addElement(new TD().addElement("$" + total));
	    t.addElement(tr);
	    tr = new TR();
	    tr
		    .addElement(new TD()
			    .addElement("Hewlett-Packard - Pavilion Notebook with Intel Centrino"));
	    tr.addElement(new TD().addElement("1599.99").setAlign("right"));
	    tr.addElement(new TD().addElement(
		    new Input(Input.TEXT, "QTY3", s.getParser()
			    .getStringParameter("QTY3", "1")))
		    .setAlign("right"));
	    quantity = s.getParser().getFloatParameter("QTY3", 0.0f);
	    total = quantity * 1599.99f;
	    runningTotal += total;
	    tr.addElement(new TD().addElement("$" + total));
	    t.addElement(tr);
	    tr = new TR();
	    tr
		    .addElement(new TD()
			    .addElement("3 - Year Performance Service Plan $1000 and Over "));
	    tr.addElement(new TD().addElement("299.99").setAlign("right"));

	    tr.addElement(new TD().addElement(
		    new Input(Input.TEXT, "QTY4", s.getParser()
			    .getStringParameter("QTY4", "1")))
		    .setAlign("right"));
	    quantity = s.getParser().getFloatParameter("QTY4", 0.0f);
	    total = quantity * 299.99f;
	    runningTotal += total;
	    tr.addElement(new TD().addElement("$" + total));
	    t.addElement(tr);

	    ec.addElement(t);

	    t = new Table().setCellSpacing(0).setCellPadding(2).setBorder(0)
		    .setWidth("90%").setAlign("center");

	    if (s.isColor())
	    {
		t.setBorder(1);
	    }

	    ec.addElement(new BR());

	    tr = new TR();
	    tr.addElement(new TD()
		    .addElement("The total charged to your credit card:"));
	    tr.addElement(new TD().addElement("$" + runningTotal));
	    tr.addElement(new TD().addElement(ECSFactory
		    .makeButton("Update Cart")));
	    t.addElement(tr);
	    tr = new TR();
	    tr.addElement(new TD().addElement("&nbsp;").setColSpan(2));
	    t.addElement(tr);
	    tr = new TR();
	    tr
		    .addElement(new TD()
			    .addElement("Enter your credit card number:"));
	    tr.addElement(new TD().addElement(new Input(Input.TEXT, "field2",
		    param2)));
	    t.addElement(tr);
	    tr = new TR();
	    tr.addElement(new TD()
		    .addElement("Enter your three digit access code:"));
	    tr.addElement(new TD().addElement("<input name='field1' type='TEXT' value='" + param1 + "'>"));
	    //tr.addElement(new TD().addElement(new Input(Input.TEXT, "field1",param1)));
	    t.addElement(tr);

	    Element b = ECSFactory.makeButton("Purchase");
	    tr = new TR();
	    tr.addElement(new TD().addElement(b).setColSpan(2).setAlign(
		    "center"));
	    t.addElement(tr);

	    ec.addElement(t);
	    ec.addElement(new BR());
	    ec.addElement(new HR().setWidth("90%"));
	}
	catch (Exception e)
	{
	    s.setMessage("Error generating " + this.getClass().getName());
	    e.printStackTrace();
	}
	return (ec);
    }


    /**
     *  DOCUMENT ME!
     *
     * @return    DOCUMENT ME!
     */
    protected Category getDefaultCategory()
    {
	return Category.XSS;
    }


    /**
     *  Gets the hints attribute of the AccessControlScreen object
     *
     * @return    The hints value
     */
    protected List<String> getHints(WebSession s)
    {
	List<String> hints = new ArrayList<String>();
	hints
		.add("A simple script is &lt;SCRIPT&gt;alert('bang!');&lt;/SCRIPT&gt;.");
	hints.add("Can you get the script to disclose the JSESSIONID cookie?");
	hints
		.add("You can use &lt;SCRIPT&gt;alert(document.cookie);&lt;/SCRIPT&gt; to access the session id cookie");
	hints
		.add("Can you get the script to access the credit card form field?");
	hints
		.add("Try a cross site trace (XST) Command:<br>"
			+ "&lt;script type=\"text/javascript\"&gt;if ( navigator.appName.indexOf(\"Microsoft\") !=-1)"
			+ " {var xmlHttp = new ActiveXObject(\"Microsoft.XMLHTTP\");xmlHttp.open(\"TRACE\", \"./\", false);"
			+ " xmlHttp.send();str1=xmlHttp.responseText; while (str1.indexOf(\"\\n\") > -1) str1 = str1.replace(\"\\n\",\"&lt;br&gt;\"); "
			+ "document.write(str1);}&lt;/script&gt;");
	return hints;
    }


    //	<script type="text/javascript">if ( navigator.appName.indexOf("Microsoft") !=-1) {var xmlHttp = new ActiveXObject("Microsoft.XMLHTTP");xmlHttp.open("TRACE", "./", false); xmlHttp.send();str1=xmlHttp.responseText;document.write(str1);}</script>
    /**
     *  Gets the instructions attribute of the WeakAccessControl object
     *
     * @return    The instructions value
     */
    public String getInstructions(WebSession s)
    {
	String instructions = "For this exercise, your mission is to come up with some input containing a script. You have to try to get this page to reflect that input back to your browser, which will execute the script and do something bad.";
	return (instructions);
    }

    private final static Integer DEFAULT_RANKING = new Integer(120);


    protected Integer getDefaultRanking()
    {
	return DEFAULT_RANKING;
    }


    /**
     *  Gets the title attribute of the AccessControlScreen object
     *
     * @return    The title value
     */
    public String getTitle()
    {
	return "Reflected XSS Attacks";
    }
    
}