def delete(challenge):
"""
This method is used to delete the resources used by a challenge.
:param challenge:
:return:
"""
# delete bonus award
# TODO: kinda hack-ish (mod Awards table instead ?)
owner = CommunityChallengeModel.query.filter(
CommunityChallengeModel.id == challenge.id).first().owner
name = "Bonus points for submitting challenge " + challenge.name
Awards.query.filter_by(teamid=owner, name=name,
value=challenge.value).delete()
# delete all other resources
WrongKeys.query.filter_by(chalid=challenge.id).delete()
Solves.query.filter_by(chalid=challenge.id).delete()
Keys.query.filter_by(chal=challenge.id).delete()
files = Files.query.filter_by(chal=challenge.id).all()
for f in files:
utils.delete_file(f.id)
Files.query.filter_by(chal=challenge.id).delete()
Tags.query.filter_by(chal=challenge.id).delete()
Hints.query.filter_by(chal=challenge.id).delete()
CommunityChallengeModel.query.filter_by(id=challenge.id).delete()
Challenges.query.filter_by(id=challenge.id).delete()
db.session.commit()
def delete(challenge):
"""
This method is used to delete the resources used by a challenge.
:param challenge:
:return:
"""
WrongKeys.query.filter_by(chalid=challenge.id).delete()
Solves.query.filter_by(chalid=challenge.id).delete()
Keys.query.filter_by(chal=challenge.id).delete()
files = Files.query.filter_by(chal=challenge.id).all()
for f in files:
utils.delete_file(f.id)
Files.query.filter_by(chal=challenge.id).delete()
Tags.query.filter_by(chal=challenge.id).delete()
Challenges.query.filter_by(id=challenge.id).delete()
# REC FUTURE : Can not understand a f**k about that sqlalchemy crap.
#Awards.query.filter(Awards.name.like(filter_award_name)).delete()
#statement = Awards.delete().where(Awards.c.name.like(filter_award_name))
#db.session.execute(statement)
filter_award_name = 'plugin_intermflag_' + str(challenge.id) + '_%'
awards_to_delete = Awards.query.filter(
Awards.name.like(filter_award_name)).all()
award_ids_to_delete = [award.id for award in awards_to_delete]
for award_id in award_ids_to_delete:
Awards.query.filter_by(id=award_id).delete()
IntermediateFlagPartialSolve.query.filter_by(
chalid=challenge.id).delete()
# REC FUTURE : on en a besoin de ce truc ou pas ?
IntermediateFlagChallengeModel.query.filter_by(
id=challenge.id).delete()
db.session.commit()
def admin_files(chalid):
if request.method == 'GET':
files = Files.query.filter_by(chal=chalid).all()
json_data = {'files': [], 'file_generators': []}
for x in files:
if x.dynamic:
json_data['file_generators'].append({
'id': x.id,
'file': x.location
})
else:
json_data['files'].append({'id': x.id, 'file': x.location})
return jsonify(json_data)
if request.method == 'POST':
if request.form['method'] == "delete":
utils.delete_file(request.form['file'])
db.session.commit()
db.session.close()
return '1'
elif request.form['method'] == "upload":
files = request.files.getlist('files[]')
for f in files:
utils.upload_file(file=f, chalid=chalid)
file_generators = request.files.getlist('file_generators[]')
for g in file_generators:
utils.upload_file(file=g, chalid=chalid, isgenerator=True)
db.session.commit()
db.session.close()
return '1'
def admin_delete_chal():
challenge = Challenges.query.filter_by(id=request.form['id']).first_or_404()
WrongKeys.query.filter_by(chalid=challenge.id).delete()
Solves.query.filter_by(chalid=challenge.id).delete()
Keys.query.filter_by(chal=challenge.id).delete()
files = Files.query.filter_by(chal=challenge.id).all()
for f in files:
utils.delete_file(f.id)
Files.query.filter_by(chal=challenge.id).delete()
Tags.query.filter_by(chal=challenge.id).delete()
Challenges.query.filter_by(id=challenge.id).delete()
db.session.commit()
db.session.close()
return '1'
def admin_delete_chal():
challenge = Challenges.query.filter_by(id=request.form['id']).first_or_404()
WrongKeys.query.filter_by(chalid=challenge.id).delete()
Solves.query.filter_by(chalid=challenge.id).delete()
Keys.query.filter_by(chal=challenge.id).delete()
files = Files.query.filter_by(chal=challenge.id).all()
for f in files:
utils.delete_file(f.id)
Files.query.filter_by(chal=challenge.id).delete()
Tags.query.filter_by(chal=challenge.id).delete()
Challenges.query.filter_by(id=challenge.id).delete()
db.session.commit()
db.session.close()
return '1'
def delete(challenge):
"""
This method is used to delete the resources used by a challenge.
:param challenge:
:return:
"""
WrongKeys.query.filter_by(chalid=challenge.id).delete()
Solves.query.filter_by(chalid=challenge.id).delete()
Keys.query.filter_by(chal=challenge.id).delete()
files = Files.query.filter_by(chal=challenge.id).all()
for f in files:
utils.delete_file(f.id)
Files.query.filter_by(chal=challenge.id).delete()
Tags.query.filter_by(chal=challenge.id).delete()
Challenges.query.filter_by(id=challenge.id).delete()
db.session.commit()
def admin_pages_media():
if request.method == 'POST':
files = request.files.getlist('files[]')
uploaded = []
for f in files:
data = utils.upload_file(file=f, chalid=None)
if data:
uploaded.append({'id': data[0], 'location': data[1]})
return jsonify({'results': uploaded})
elif request.method == 'DELETE':
file_ids = request.form.getlist('file_ids[]')
for file_id in file_ids:
utils.delete_file(file_id)
return True
else:
files = [{'id': f.id, 'location': f.location} for f in Files.query.filter_by(chal=None).all()]
return jsonify({'results': files})
def admin_pages_media():
if request.method == 'POST':
files = request.files.getlist('files[]')
uploaded = []
for f in files:
data = utils.upload_file(file=f, chalid=None)
if data:
uploaded.append({'id': data[0], 'location': data[1]})
return jsonify({'results': uploaded})
elif request.method == 'DELETE':
file_ids = request.form.getlist('file_ids[]')
for file_id in file_ids:
utils.delete_file(file_id)
return True
else:
files = [{'id': f.id, 'location': f.location} for f in Files.query.filter_by(chal=None).all()]
return jsonify({'results': files})
def admin_files(chalid):
if request.method == 'GET':
files = Files.query.filter_by(chal=chalid).all()
json_data = {'files': []}
for x in files:
json_data['files'].append({'id': x.id, 'file': x.location})
return jsonify(json_data)
if request.method == 'POST':
if request.form['method'] == "delete":
utils.delete_file(request.form['file'])
db.session.commit()
db.session.close()
return '1'
elif request.form['method'] == "upload":
files = request.files.getlist('files[]')
for f in files:
utils.upload_file(file=f, chalid=chalid)
db.session.commit()
db.session.close()
return '1'
def import_challenges(in_file, dst_attachments, exit_on_error=True, move=False):
from CTFd.models import db, Challenges, Keys, Tags, Files, Hints, Unlocks
with open(in_file, 'r') as in_stream:
chals = yaml.safe_load_all(in_stream)
for chal in chals:
# ensure all required fields are present before adding or updating a challenge
try:
validate_yaml(chal)
except MissingFieldError as err:
if exit_on_error:
raise
else:
print "Skipping challenge: " + str(err)
continue
# if the challenge already exists, update it
chal_db = Challenges.query.filter_by(name=chal['name']).first()
if chal_db is not None:
print "Updating {}".format(chal['name'].encode('utf8'))
chal_db.description = chal['description']
chal_db.value = chal['value']
chal_db.category = chal['category']
else:
print "Adding {}".format(chal['name'].encode('utf8'))
chal_db = Challenges(
chal['name'],
chal['description'],
chal['value'],
chal['category'])
chal_db.type = chal['type']
chal_db.hidden = chal['hidden']
db.session.add(chal_db)
db.session.commit()
# delete all tags and re-add them
Tags.query.filter_by(chal=chal_db.id).delete()
for tag in chal['tags']:
tag_dbobj = Tags(chal_db.id, tag)
db.session.add(tag_dbobj)
# delete all flags and re-add them
Keys.query.filter_by(chal=chal_db.id).delete()
for flag in chal['flags']:
flag_db = Keys(chal_db.id, flag['flag'], flag['type'])
db.session.add(flag_db)
# delete or update existing hints
hints = {h['id']: h for h in chal['hints']}
hints_db = Hints.query.filter_by(chal=chal_db.id).all()
for hint_db in hints_db:
if hint_db.type in hints:
# the hint is being updated
hint_db.hint = hints[hint_db.type]['hint']
hint_db.cost = hints[hint_db.type]['cost']
del hints[hint_db.type]
else:
# the hint is being deleted - delete the hint and any related unlocks
print " Removing hint {:d}".format(hint_db.type)
Unlocks.query.filter_by(model='hints', itemid=hint_db.id).delete()
Hints.query.filter_by(id=hint_db.id).delete()
# add new hints
for hint in hints.values():
print " Adding hint {:d}".format(hint['id'])
hint_db = Hints(chal_db.id, hint['hint'], cost=hint['cost'], type=hint['id'])
db.session.add(hint_db)
# hash and compare existing files with the new uploaded files
hashes_db = {}
files_db = Files.query.filter_by(chal=chal_db.id).all()
for file_db in files_db:
with open(os.path.join(dst_attachments, file_db.location), 'rb') as f:
h = hashlib.md5(f.read()).digest()
hashes_db[h] = file_db
to_upload = []
for file in chal['files']:
path = os.path.join(os.path.dirname(in_file), file)
with open(path, "rb") as f:
h = hashlib.md5(f.read()).digest()
if h in hashes_db and os.path.basename(file) == os.path.basename(hashes_db[h].location):
# the file is up to date
del hashes_db[h]
else:
# the file has changed name or content
to_upload.append(path)
# remove out of date files and add new uploads
for file_db in hashes_db.values():
print " Removing file {}".format(file_db.location)
utils.delete_file(file_db.id)
for path in to_upload:
basename = os.path.basename(path)
print " Adding file {}".format(basename)
with open(path, "rb") as f:
f = FileStorage(stream=f, filename=basename)
utils.upload_file(file=f, chalid=chal_db.id)
if move:
os.unlink(path)
db.session.commit()
db.session.commit()
db.session.close()
