def _mkflag(self, flag_type, is_file=False):
''' Creates the flag in the database '''
box = Box.by_uuid(self.get_argument('box_uuid', ''))
if box is None:
raise ValidationError('Box does not exist')
if is_file:
if not hasattr(self.request,
'files') or not 'flag' in self.request.files:
raise ValidationError('No file in request')
token = self.request.files['flag'][0]['body']
else:
token = self.get_argument('token', '')
name = self.get_argument('flag_name', '')
description = self.get_argument('description', '')
reward = self.get_argument('reward', '')
flag = Flag.create_flag(flag_type, box, name, token, description,
reward)
flag.capture_message = self.get_argument('capture_message', '')
flag.case_sensitive = self.get_argument('case-sensitive', 1)
lock = Flag.by_uuid(self.get_argument('lock_uuid', ''))
if lock:
flag.lock_id = lock.id
else:
flag.lock_id = None
self.add_attachments(flag)
self.dbsession.add(flag)
self.dbsession.commit()
choices = self.get_arguments('addmore[]', strip=True)
if choices is not None:
for item in choices:
FlagChoice.create_choice(flag, item)
self.redirect("/admin/view/game_objects#%s" % box.uuid)
def edit_flags(self):
""" Edit existing flags in the database """
try:
flag = Flag.by_uuid(self.get_argument("uuid", ""))
if flag is None:
raise ValidationError("Flag does not exist")
# Name
name = self.get_argument("name", "")
if flag._name != name:
logging.info("Updated flag name %s -> %s" % (flag._name, name))
flag.name = name
token = self.get_argument("token", "")
if flag.token != token:
flag.token = token
# Description
description = self.get_argument("description", "")
if flag._description != description:
logging.info("Updated %s's description %s -> %s" %
(flag.name, flag._description, description))
flag.description = description
# Value
flag.value = self.get_argument("value", "")
flag.original_value = self.get_argument("value", "")
flag.capture_message = self.get_argument("capture_message", "")
flag.case_sensitive = self.get_argument("case-sensitive", 1)
# Type
flag_type = self.get_argument("flag_type", None)
if flag_type and flag_type != flag.type:
logging.info("Updated %s's type %s -> %s" %
(flag.name, flag.type, flag_type))
flag.type = flag_type
# Dependency Lock
lock = Flag.by_uuid(self.get_argument("lock_uuid", ""))
if lock:
flag.lock_id = lock.id
else:
flag.lock_id = None
box = Box.by_uuid(self.get_argument("box_uuid", ""))
if box is not None and flag not in box.flags:
logging.info("Updated %s's box %d -> %d" %
(flag.name, flag.box_id, box.id))
flag.box_id = box.id
for fl in box.flags:
fl.order
self.dbsession.add(fl)
flag.order = len(box.flags) + 1 # place flag at end
for hint in flag.hints:
hint.box_id = box.id
self.dbsession.add(hint)
elif box is None:
raise ValidationError("Box does not exist")
self.dbsession.add(flag)
self.dbsession.commit()
if flag.type == FLAG_CHOICE:
self.edit_choices(flag, self.request.arguments)
self.redirect("/admin/view/game_objects#%s" % box.uuid)
except ValidationError as error:
self.render("admin/view/game_objects.html",
success=None,
errors=["%s" % error])
def setUp(self):
self.box, self.corp = create_box()
self.static_flag = Flag.create_flag(
_type=FLAG_STATIC,
box=self.box,
name="Static Flag",
raw_token="statictoken",
description="A static test token",
value=100,
)
self.regex_flag = Flag.create_flag(
_type=FLAG_REGEX,
box=self.box,
name="Regex Flag",
raw_token="(f|F)oobar",
description="A regex test token",
value=200,
)
self.file_flag = Flag.create_flag(
_type=FLAG_FILE,
box=self.box,
name="File Flag",
raw_token="fdata",
description="A file test token",
value=300,
)
dbsession.add(self.static_flag)
dbsession.add(self.regex_flag)
dbsession.add(self.file_flag)
dbsession.commit()
def _mkflag(self, flag_type, is_file=False):
""" Creates the flag in the database """
box = Box.by_uuid(self.get_argument("box_uuid", ""))
if box is None:
raise ValidationError("Box does not exist")
if is_file:
if not hasattr(self.request,
"files") or not "flag" in self.request.files:
raise ValidationError("No file in request")
token = self.request.files["flag"][0]["body"]
else:
token = self.get_argument("token", "")
name = self.get_argument("flag_name", "")
description = self.get_argument("description", "")
reward = self.get_argument("reward", "")
flag = Flag.create_flag(flag_type, box, name, token, description,
reward)
flag.capture_message = self.get_argument("capture_message", "")
flag.case_sensitive = self.get_argument("case-sensitive", 1)
flag.order = len(box.flags) + 1
lock = Flag.by_uuid(self.get_argument("lock_uuid", ""))
if lock:
flag.lock_id = lock.id
else:
flag.lock_id = None
self.add_attachments(flag)
self.dbsession.add(flag)
self.dbsession.commit()
choices = self.get_arguments("addmore[]", strip=True)
if choices is not None:
for item in choices:
FlagChoice.create_choice(flag, item)
self.redirect("/admin/view/game_objects#%s" % box.uuid)
def _mkflag(self, flag_type, is_file=False):
''' Creates the flag in the database '''
box = Box.by_uuid(self.get_argument('box_uuid', ''))
if box is None:
raise ValidationError('Box does not exist')
if is_file:
if not hasattr(self.request, 'files') or not 'flag' in self.request.files:
raise ValidationError('No file in request')
token = self.request.files['flag'][0]['body']
else:
token = self.get_argument('token', '')
name = self.get_argument('flag_name', '')
description = self.get_argument('description', '')
reward = self.get_argument('reward', '')
flag = Flag.create_flag(
flag_type, box, name, token, description, reward)
flag.capture_message = self.get_argument('capture_message', '')
flag.case_sensitive = self.get_argument('case-sensitive', 1)
lock = Flag.by_uuid(self.get_argument('lock_uuid', ''))
if lock:
flag.lock_id = lock.id
else:
flag.lock_id = None
self.add_attachments(flag)
self.dbsession.add(flag)
self.dbsession.commit()
choices = self.get_arguments('addmore[]', strip=True)
if choices is not None:
for item in choices:
FlagChoice.create_choice(flag, item)
self.redirect("/admin/view/game_objects#%s" % box.uuid)
def setUp(self):
self.box, self.corp = create_box()
self.static_flag = Flag.create_flag(
_type=FLAG_STATIC,
box=self.box,
name="Static Flag",
raw_token="statictoken",
description="A static test token",
value=100,
)
self.regex_flag = Flag.create_flag(
_type=FLAG_REGEX,
box=self.box,
name="Regex Flag",
raw_token="(f|F)oobar",
description="A regex test token",
value=200,
)
self.file_flag = Flag.create_flag(
_type=FLAG_FILE,
box=self.box,
name="File Flag",
raw_token="fdata",
description="A file test token",
value=300,
)
dbsession.add(self.static_flag)
dbsession.add(self.regex_flag)
dbsession.add(self.file_flag)
dbsession.commit()
def post(self, *args, **kwargs):
game_objects = {
"game_level": GameLevel,
"corporation": Corporation,
"flag": Flag,
"box": Box,
"hint": Hint,
}
obj_name = self.get_argument("obj", "")
uuid = self.get_argument("uuid", "")
if obj_name in game_objects.keys():
obj = game_objects[obj_name].by_uuid(uuid)
if obj is not None:
self.write(obj.to_dict())
else:
self.write({"Error": "Invalid uuid."})
elif obj_name == "stats":
flag = Flag.by_uuid(uuid)
if flag is not None:
if options.banking:
price = "$" + str(flag.value)
else:
price = str(flag.value) + " points"
flaginfo = [
{
"name": flag.name,
"description": flag.description,
"token": flag.token,
"price": price,
}
]
captures = []
for item in Flag.captures(flag.id):
team = Team.by_id(item[0])
if team:
captures.append({"name": team.name})
attempts = self.attempts(flag)
hints = []
for item in Hint.taken_by_flag(flag.id):
team = Team.by_id(item.team_id)
hint = Hint.by_id(item.hint_id)
if team:
if options.banking:
price = "$" + str(hint.price)
else:
price = str(hint.price) + " points"
hints.append({"name": team.name, "price": price})
obj = {
"flag": flaginfo,
"captures": captures,
"attempts": attempts,
"hints": hints,
}
self.write(obj)
else:
self.write({"Error": "Invalid uuid."})
else:
self.write({"Error": "Invalid object type."})
self.finish()
def post(self, *args, **kwargs):
game_objects = {
'game_level': GameLevel,
'corporation': Corporation,
'flag': Flag,
'box': Box,
'hint': Hint,
}
obj_name = self.get_argument('obj', '')
uuid = self.get_argument('uuid', '')
if obj_name in game_objects.keys():
obj = game_objects[obj_name].by_uuid(uuid)
if obj is not None:
self.write(obj.to_dict())
else:
self.write({'Error': 'Invalid uuid.'})
elif obj_name == "stats":
flag = Flag.by_uuid(uuid)
if flag is not None:
if options.banking:
flaginfo = [{"name": flag.name, "token": flag.token, "price": "$" + str(flag.value)}]
else:
flaginfo = [{"name": flag.name, "token": flag.token, "price": str(flag.value) + " points"}]
captures = []
for item in Flag.captures(flag.id):
team = Team.by_id(item[0])
if team:
captures.append({"name": team.name})
attempts = []
for item in Penalty.by_flag_id(flag.id):
team = Team.by_id(item.team_id)
if team:
attempts.append({"name": team.name, "token": item.token})
hints = []
for item in Hint.taken_by_flag(flag.id):
team = Team.by_id(item.team_id)
hint = Hint.by_id(item.hint_id)
if team:
if options.banking:
hints.append({"name": team.name, "price": "$" + str(hint.price)})
else:
hints.append({"name": team.name, "price": str(hint.price) + " points"})
obj = {
"flag": flaginfo,
"captures": captures,
"attempts": attempts,
"hints": hints,
}
self.write(obj)
else:
self.write({'Error': 'Invalid uuid.'})
else:
self.write({'Error': 'Invalid object type.'})
self.finish()
def post(self, *args, **kwargs):
game_objects = {
'game_level': GameLevel,
'corporation': Corporation,
'flag': Flag,
'box': Box,
'hint': Hint,
}
obj_name = self.get_argument('obj', '')
uuid = self.get_argument('uuid', '')
if obj_name in game_objects.keys():
obj = game_objects[obj_name].by_uuid(uuid)
if obj is not None:
self.write(obj.to_dict())
else:
self.write({'Error': 'Invalid uuid.'})
elif obj_name == "stats":
flag = Flag.by_uuid(uuid)
if flag is not None:
if options.banking:
flaginfo = [{"name": flag.name, "token": flag.token, "price": "$" + str(flag.value)}]
else:
flaginfo = [{"name": flag.name, "token": flag.token, "price": str(flag.value) + " points"}]
captures = []
for item in Flag.captures(flag.id):
team = Team.by_id(item[0])
if team:
captures.append({"name": team.name})
attempts = []
for item in Penalty.by_flag_id(flag.id):
team = Team.by_id(item.team_id)
if team:
attempts.append({"name": team.name, "token": item.token})
hints = []
for item in Hint.taken_by_flag(flag.id):
team = Team.by_id(item.team_id)
hint = Hint.by_id(item.hint_id)
if team:
if options.banking:
hints.append({"name": team.name, "price": "$" + str(hint.price)})
else:
hints.append({"name": team.name, "price": str(hint.price) + " points"})
obj = {
"flag": flaginfo,
"captures": captures,
"attempts": attempts,
"hints": hints,
}
self.write(obj)
else:
self.write({'Error': 'Invalid uuid.'})
else:
self.write({'Error': 'Invalid object type.'})
self.finish()
def edit_flags(self):
''' Edit existing flags in the database '''
try:
flag = Flag.by_uuid(self.get_argument('uuid', ''))
if flag is None:
raise ValidationError("Flag does not exist")
# Name
name = self.get_argument('name', '')
if flag.name != name:
logging.info("Updated flag name %s -> %s" % (
flag.name,
name,
))
flag.name = name
token = self.get_argument('token', '')
if flag.token != token:
flag.token = token
# Description
description = self.get_argument('description', '')
if flag._description != description:
logging.info("Updated %s's description %s -> %s" % (
flag.name,
flag._description,
description,
))
flag.description = description
# Value
flag.value = self.get_argument('value', '')
flag.original_value = self.get_argument('value', '')
flag.capture_message = self.get_argument('capture_message', '')
flag.case_sensitive = self.get_argument('case-sensitive', 1)
# Dependency Lock
lock = Flag.by_uuid(self.get_argument('lock_uuid', ''))
if lock:
flag.lock_id = lock.id
else:
flag.lock_id = None
box = Box.by_uuid(self.get_argument('box_uuid', ''))
if box is not None and flag not in box.flags:
logging.info("Updated %s's box %d -> %d" %
(flag.name, flag.box_id, box.id))
flag.box_id = box.id
elif box is None:
raise ValidationError("Box does not exist")
self.dbsession.add(flag)
self.dbsession.commit()
if flag.type == FLAG_CHOICE:
self.edit_choices(flag, self.request.arguments)
self.redirect("/admin/view/game_objects#%s" % box.uuid)
except ValidationError as error:
self.render("admin/view/game_objects.html", errors=["%s" % error])
def setUp(self):
self.box, self.corp = create_box()
self.static_flag = Flag.create_flag(
_type=FLAG_STATIC,
box=self.box,
name="Static Flag",
raw_token="statictoken",
description="A static test token",
value=100,
)
self.regex_flag = Flag.create_flag(
_type=FLAG_REGEX,
box=self.box,
name="Regex Flag",
raw_token="(f|F)oobar",
description="A regex test token",
value=200,
)
self.file_flag = Flag.create_flag(
_type=FLAG_FILE,
box=self.box,
name="File Flag",
raw_token="fdata",
description="A file test token",
value=300,
)
self.choice_flag = Flag.create_flag(
_type=FLAG_CHOICE,
box=self.box,
name="Choice Flag",
raw_token="fdata",
description="A choice test token",
value=400,
)
self.datetime_flag = Flag.create_flag(
_type=FLAG_DATETIME,
box=self.box,
name="Datetime Flag",
raw_token="2018-06-22 18:00:00",
description="A datetime test token",
value=500,
)
dbsession.add(self.static_flag)
dbsession.add(self.regex_flag)
dbsession.add(self.file_flag)
dbsession.add(self.choice_flag)
dbsession.add(self.datetime_flag)
dbsession.commit()
def edit_flags(self):
''' Edit existing flags in the database '''
try:
flag = Flag.by_uuid(self.get_argument('uuid', ''))
if flag is None:
raise ValidationError("Flag does not exist")
# Name
name = self.get_argument('name', '')
if flag.name != name:
logging.info("Updated flag name %s -> %s" % (
flag.name, name,
))
flag.name = name
token = self.get_argument('token', '')
if flag.token != token:
flag.token = token
# Description
description = self.get_argument('description', '')
if flag._description != description:
logging.info("Updated %s's description %s -> %s" % (
flag.name, flag._description, description,
))
flag.description = description
# Value
flag.value = self.get_argument('value', '')
flag.original_value = self.get_argument('value', '')
flag.capture_message = self.get_argument('capture_message', '')
flag.case_sensitive = self.get_argument('case-sensitive', 1)
# Dependency Lock
lock = Flag.by_uuid(self.get_argument('lock_uuid', ''))
if lock:
flag.lock_id = lock.id
else:
flag.lock_id = None
box = Box.by_uuid(self.get_argument('box_uuid', ''))
if box is not None and flag not in box.flags:
logging.info("Updated %s's box %d -> %d" % (
flag.name, flag.box_id, box.id
))
flag.box_id = box.id
elif box is None:
raise ValidationError("Box does not exist")
self.dbsession.add(flag)
self.dbsession.commit()
if flag.type == FLAG_CHOICE:
self.edit_choices(flag, self.request.arguments)
self.redirect("/admin/view/game_objects#%s" % box.uuid)
except ValidationError as error:
self.render("admin/view/game_objects.html", errors=["%s" % error])
def edit_flags(self):
''' Super ugly code, yes - Edit existing flags in the database '''
flag = Flag.by_uuid(self.get_argument('uuid', ''))
if flag is not None:
try:
name = self.get_argument('name', '')
if flag.name != name:
if Flag.by_name(name) is None:
logging.info("Updated flag name %s -> %s" %
(flag.name, name,)
)
flag.name = name
else:
raise ValueError("Flag name already exists")
token = self.get_argument('token', '')
if flag.token != token:
if Flag.by_token(token) is None:
logging.info("Updated %s's token %s -> %s" %
(flag.name, flag.token, token)
)
flag.token = token
else:
raise ValueError("Token is not unique")
description = self.get_argument('description', '')
if flag._description != description:
logging.info("Updated %s's description %s -> %s" %
(flag.name, flag._description, description,)
)
flag.description = description
flag.value = self.get_argument('value', '')
flag.capture_message = self.get_argument('capture_message', '')
box = Box.by_uuid(self.get_argument('box_uuid', ''))
if box is not None and flag not in box.flags:
logging.info("Updated %s's box %d -> %d" %
(flag.name, flag.box_id, box.id)
)
flag.box_id = box.id
elif box is None:
raise ValueError("Box does not exist")
self.dbsession.add(flag)
self.dbsession.commit()
self.redirect("/admin/view/game_objects")
except ValueError as error:
self.render("admin/view/game_objects.html", errors=["%s" % error])
else:
self.render("admin/view/game_objects.html",
errors=["Flag does not exist"]
)
def post(self, *args, **kwargs):
'''
Reset the Game
'''
errors = []
success = None
try:
users = User.all()
for user in users:
user.money = 0
teams = Team.all()
for team in teams:
if options.banking:
team.money = options.starting_team_money
else:
team.money = 0
team.flags = []
team.hints = []
team.boxes = []
team.items = []
team.purchased_source_code = []
level_0 = GameLevel.by_number(0)
if not level_0:
level_0 = GameLevel.all()[0]
team.game_levels = [level_0]
self.dbsession.add(team)
self.dbsession.commit()
self.dbsession.flush()
for team in teams:
for paste in team.pastes:
self.dbsession.delete(paste)
for shared_file in team.files:
shared_file.delete_data()
self.dbsession.delete(shared_file)
self.dbsession.commit()
self.dbsession.flush()
Penalty.clear()
Notification.clear()
snapshot = Snapshot.all()
for snap in snapshot:
self.dbsession.delete(snap)
self.dbsession.commit()
snapshot_team = SnapshotTeam.all()
for snap in snapshot_team:
self.dbsession.delete(snap)
self.dbsession.commit()
game_history = GameHistory.instance()
game_history.take_snapshot() # Take starting snapshot
flags = Flag.all()
for flag in flags:
flag.value = flag._original_value if flag._original_value else flag.value
self.dbsession.add(flag)
self.dbsession.commit()
self.dbsession.flush()
success = "Successfully Reset Game"
self.render('admin/reset.html', success=success, errors=errors)
except BaseException as e:
errors.append("Failed to Reset Game")
logging.error(str(e))
self.render('admin/reset.html', success=None, errors=errors)
def failed_capture(self, flag, submission):
user = self.get_current_user()
if submission is not None and flag not in user.team.flags:
if flag.is_file:
submission = Flag.digest(submission)
Penalty.create_attempt(team=user.team,
flag=flag,
submission=submission)
if not self.config.penalize_flag_value:
return False
attempts = Penalty.by_count(flag, user.team)
if attempts < self.config.flag_start_penalty:
return False
if attempts >= self.config.flag_stop_penalty:
return False
penalty = int(
flag.dynamic_value(user.team) * self.config.flag_penalty_cost *
0.01)
logging.info("%s (%s) capture failed '%s' - lost %s" %
(user.handle, user.team.name, flag.name, penalty))
user.team.money -= penalty
user.money -= penalty
self.dbsession.add(user.team)
self.dbsession.flush()
self.event_manager.flag_penalty(user, flag)
self.dbsession.commit()
# Fire capture failed webhook
send_capture_failed_webhook(user, flag)
return penalty
return False
def edit_hint(self):
""" Edit a hint object """
try:
hint = Hint.by_uuid(self.get_argument("uuid", ""))
if hint is None:
raise ValidationError("Hint does not exist")
logging.debug("Edit hint object with uuid of %s" % hint.uuid)
price = self.get_argument("price", "")
if hint.price != price:
hint.price = price
description = self.get_argument("description", "")
hint.description = description
flag = Flag.by_uuid(self.get_argument("hint-flag_uuid", ""))
if flag:
flag_id = flag.id
else:
flag_id = None
hint.flag_id = flag_id
box = Box.by_id(flag.box_id)
self.dbsession.add(hint)
self.dbsession.commit()
self.redirect("/admin/view/game_objects#%s" % box.uuid)
except ValidationError as error:
self.render("admin/view/game_objects.html",
success=None,
errors=[str(error)])
def post(self, *args, **kwargs):
''' Check validity of flag submissions '''
flag = Flag.by_uuid(self.get_argument('uuid', ''))
user = self.get_current_user()
if flag and flag in user.team.flags:
self.render_page(flag)
elif flag is not None and flag.game_level in user.team.game_levels:
submission = ''
if flag.is_file:
if hasattr(self.request,
'files') and 'flag' in self.request.files:
submission = self.request.files['flag'][0]['body']
else:
submission = self.get_argument('token', '')
old_reward = flag.value
if self.attempt_capture(flag, submission):
self.add_content_policy('script', "'unsafe-eval'")
if self.config.story_mode:
self.render('missions/captured.html',
flag=flag,
reward=old_reward)
else:
success = self.success_capture(flag)
self.render_page(flag, success=success)
else:
if Penalty.by_token_count(flag, user.team, submission) == 0:
if self.config.teams:
teamval = "team's "
else:
teamval = ""
penalty = self.failed_capture(flag, submission)
penalty_dialog = "Sorry - Try Again"
if penalty:
if self.config.banking:
penalty_dialog = "$" + str(
penalty
) + " has been deducted from your " + teamval + "account."
else:
if penalty == 1:
point = " point has"
else:
point = " points have"
penalty_dialog = str(
penalty
) + point + " been deducted from your " + teamval + "score."
self.render_page(flag, errors=[penalty_dialog])
else:
if self.config.teams:
teamdup = " by your team. Try Again"
else:
teamdup = " by you. Try Again"
self.render_page(
flag,
info=[
"Duplicate submission - this answer has already been attempted"
+ teamdup
])
else:
self.render('public/404.html')
def attempt_capture(self, flag, submission):
""" Compares a user provided token to the token in the db """
user = self.get_current_user()
team = user.team
logging.info("%s (%s) capture the flag '%s'" %
(user.handle, team.name, flag.name))
if submission is not None and flag not in team.flags:
if flag.capture(submission):
flag_value = flag.dynamic_value(team)
if (self.config.dynamic_flag_value
and self.config.dynamic_flag_type == "decay_all"):
for item in Flag.captures(flag.id):
tm = Team.by_id(item[0])
deduction = flag.dynamic_value(tm) - flag_value
tm.money = int(tm.money - deduction)
self.dbsession.add(tm)
self.event_manager.flag_decayed(tm, flag)
team.money += flag_value
user.money += flag_value
team.flags.append(flag)
self.dbsession.add(user)
self.dbsession.add(team)
self.dbsession.commit()
self.event_manager.flag_captured(team, flag)
return True
return False
def get(self, *args, **kwargs):
fuuid = self.get_argument("flag", None)
buuid = self.get_argument("box", None)
try:
reward = int(self.get_argument("reward", 0))
except ValueError:
reward = 0
user = self.get_current_user()
box = Box.by_uuid(buuid)
flag = Flag.by_uuid(fuuid)
if box is not None and box.is_complete(user):
if self.config.story_mode and len(box.capture_message) > 0:
self.add_content_policy("script", "'unsafe-eval'")
self.render("missions/captured.html",
box=box,
flag=None,
reward=reward)
return
elif flag is not None and flag in user.team.flags:
if self.config.story_mode and len(flag.capture_message) > 0:
self.add_content_policy("script", "'unsafe-eval'")
self.render("missions/captured.html",
box=None,
flag=flag,
reward=reward)
return
self.render("public/404.html")
def failed_capture(self, flag, submission):
user = self.get_current_user()
if submission is not None and flag not in user.team.flags:
if flag.is_file:
submission = Flag.digest(submission)
Penalty.create_attempt(
team=user.team,
flag=flag,
submission=submission,
)
if not self.config.penalize_flag_value:
return False
attempts = Penalty.by_count(flag, user.team)
if attempts < self.config.flag_start_penalty:
return False
if attempts >= self.config.flag_stop_penalty:
return False
penalty = int(flag.value * self.config.flag_penalty_cost * .01)
logging.info("%s (%s) capture failed '%s' - lost %s" % (
user.handle, user.team.name, flag.name, penalty
))
user.team.money -= penalty
user.money -= penalty
self.dbsession.add(user.team)
self.dbsession.flush()
self.event_manager.flag_penalty(user, flag)
self.dbsession.commit()
return penalty
return False
def edit_flag_order(self):
""" Edit flag order in the database """
try:
flag = Flag.by_uuid(self.get_argument("uuid", ""))
if flag is None:
raise ValidationError("Flag does not exist")
flag.order = self.get_argument("order", "")
self.dbsession.add(flag)
self.dbsession.commit()
except ValidationError as error:
logging.error("Failed to reorder flag: %s" % error)
def edit_flag_order(self):
''' Edit flag order in the database '''
try:
flag = Flag.by_uuid(self.get_argument('uuid', ''))
if flag is None:
raise ValidationError("Flag does not exist")
flag.order = self.get_argument('order', '')
self.dbsession.add(flag)
self.dbsession.commit()
except ValidationError as error:
logging.error("Failed to reorder flag: %s" % error)
def get(self, *args, **kwargs):
uuid = self.get_argument('flag', None)
reward = self.get_argument('reward', None)
user = self.get_current_user()
flag = Flag.by_uuid(uuid)
if flag is not None and flag in user.team.flags:
self.add_content_policy('script', "'unsafe-eval'")
if self.config.story_mode and flag.capture_message and len(
flag.capture_message) > 0:
self.render('missions/captured.html', flag=flag, reward=reward)
return
self.render('public/404.html')
def to_dict(self):
flag = Flag.by_id(self.flag_id)
if flag:
flag_uuid = flag.uuid
else:
flag_uuid = ""
return {
"price": str(self.price),
"description": self.description,
"flag_uuid": flag_uuid,
"uuid": self.uuid,
"flaglist": Box.flaglist(self.box_id),
}
def del_flag(self):
''' Delete a flag object from the database '''
flag = Flag.by_uuid(self.get_argument('uuid', ''))
if flag is not None:
logging.info("Deleted flag: %s " % flag.name)
self.dbsession.delete(flag)
self.dbsession.commit()
self.redirect('/admin/view/game_objects')
else:
logging.info("Flag (%r) does not exist in the database" %
(self.get_argument('uuid', '')))
self.render("admin/view/game_objects.html",
errors=["Flag does not exist in database."])
def to_dict(self):
flag = Flag.by_id(self.flag_id)
if flag:
flag_uuid = flag.uuid
else:
flag_uuid = ""
return {
'price': str(self.price),
'description': self.description,
'flag_uuid': flag_uuid,
'uuid': self.uuid,
'flaglist': Box.flaglist(self.box_id)
}
def get(self, *args, **kwargs):
uuid = self.get_argument('flag', None)
reward = self.get_argument('reward', None)
user = self.get_current_user()
flag = Flag.by_uuid(uuid)
if flag is not None and flag in user.team.flags:
self.add_content_policy('script', "'unsafe-eval'")
if self.config.story_mode and flag.capture_message and len(flag.capture_message) > 0:
self.render('missions/captured.html',
flag=flag,
reward=reward)
return
self.render('public/404.html')
def to_dict(self):
flag = Flag.by_id(self.flag_id)
if flag:
flag_uuid = flag.uuid
else:
flag_uuid = ""
return {
'price': str(self.price),
'description': self.description,
'flag_uuid': flag_uuid,
'uuid': self.uuid,
'flaglist': Box.flaglist(self.box_id)
}
def del_flag(self):
''' Delete a flag object from the database '''
flag = Flag.by_uuid(self.get_argument('uuid', ''))
if flag is not None:
logging.info("Deleted flag: %s " % flag.name)
self.dbsession.delete(flag)
self.dbsession.commit()
self.redirect('/admin/view/game_objects')
else:
logging.info("Flag (%r) does not exist in the database" %
self.get_argument('uuid', '')
)
self.render("admin/view/game_objects.html",
errors=["Flag does not exist in database."]
)
def del_flag(self):
""" Delete a flag object from the database """
flag = Flag.by_uuid(self.get_argument("uuid", ""))
if flag is not None:
logging.info("Deleted flag: %s " % flag.name)
self.dbsession.delete(flag)
self.dbsession.commit()
self.redirect("/admin/view/game_objects")
else:
logging.info("Flag (%r) does not exist in the database" %
(self.get_argument("uuid", "")))
self.render(
"admin/view/game_objects.html",
success=None,
errors=["Flag does not exist in database."],
)
def _mkflag(self, flag_type, is_file=False):
name = self.get_argument('flag_name', '')
if is_file:
if not 'flag' in self.request.files:
raise ValueError('No file in request')
token = self.request.files['flag'][0]['body']
else:
token = self.get_argument('token', '')
description = self.get_argument('description', '')
reward = int(self.get_argument('reward', ''))
box = Box.by_uuid(self.get_argument('box_uuid', ''))
if box is None:
raise ValueError('Box does not exist')
flag = Flag.create_flag(flag_type, box, name, token, description, reward)
flag.capture_message = self.get_argument('capture_message', '')
self.dbsession.add(flag)
self.dbsession.commit()
self.redirect('/admin/view/game_objects')
def create_hint(self):
''' Add hint to database '''
try:
box = Box.by_uuid(self.get_argument('box_uuid', ''))
if box is None:
raise ValidationError("Box does not exist")
hint = Hint(box_id=box.id)
hint.price = self.get_argument('price', '')
hint.description = self.get_argument('description', '')
flag = Flag.by_uuid(self.get_argument('flag_uuid', ''))
if flag:
hint.flag_id = flag.id
else:
hint.flag_id = None
self.dbsession.add(hint)
self.dbsession.commit()
self.redirect("/admin/view/game_objects#%s" % box.uuid)
except ValidationError as error:
self.render('admin/create/hint.html', errors=[str(error), ])
def create_hint(self):
""" Add hint to database """
try:
box = Box.by_uuid(self.get_argument("box_uuid", ""))
if box is None:
raise ValidationError("Box does not exist")
hint = Hint(box_id=box.id)
hint.price = self.get_argument("price", "")
hint.description = self.get_argument("description", "")
flag = Flag.by_uuid(self.get_argument("flag_uuid", ""))
if flag:
hint.flag_id = flag.id
else:
hint.flag_id = None
self.dbsession.add(hint)
self.dbsession.commit()
self.redirect("/admin/view/game_objects#%s" % box.uuid)
except ValidationError as error:
self.render("admin/create/hint.html", errors=[str(error)])
def create_hint(self):
''' Add hint to database '''
try:
box = Box.by_uuid(self.get_argument('box_uuid', ''))
if box is None:
raise ValidationError("Box does not exist")
hint = Hint(box_id=box.id)
hint.price = self.get_argument('price', '')
hint.description = self.get_argument('description', '')
flag = Flag.by_uuid(self.get_argument('flag_uuid', ''))
if flag:
hint.flag_id = flag.id
else:
hint.flag_id = None
self.dbsession.add(hint)
self.dbsession.commit()
self.redirect("/admin/view/game_objects#%s" % box.uuid)
except ValidationError as error:
self.render('admin/create/hint.html', errors=[str(error), ])
def post(self, *args, **kwargs):
''' Check validity of flag submissions '''
flag = Flag.by_uuid(self.get_argument('uuid', ''))
user = self.get_current_user()
if flag is not None and flag.game_level in user.team.game_levels:
if flag.is_file and 'flag' in self.request.files:
submission = self.request.files['flag'][0]['body']
elif not flag.is_file:
submission = self.get_argument('token', '')
else:
submission = None
old_reward = flag.value
if self.attempt_capture(flag, submission):
self.set_header("Content-Security-Policy", self.relaxed_csp)
self.render('missions/captured.html', flag=flag, reward=old_reward)
else:
self.render_page(flag, errors=["Invalid flag submission"])
else:
self.render('public/404.html')
def edit_flags(self):
''' Edit existing flags in the database '''
try:
flag = Flag.by_uuid(self.get_argument('uuid', ''))
if flag is None:
raise ValidationError("Flag does not exist")
# Name
name = self.get_argument('name', '')
if flag.name != name:
logging.info("Updated flag name %s -> %s" % (
flag.name,
name,
))
flag.name = name
token = self.get_argument('token', '')
if flag.token != token:
flag.token = token
# Description
description = self.get_argument('description', '')
if flag._description != description:
logging.info("Updated %s's description %s -> %s" % (
flag.name,
flag._description,
description,
))
flag.description = description
# Value
flag.value = self.get_argument('value', '')
flag.capture_message = self.get_argument('capture_message', '')
box = Box.by_uuid(self.get_argument('box_uuid', ''))
if box is not None and flag not in box.flags:
logging.info("Updated %s's box %d -> %d" %
(flag.name, flag.box_id, box.id))
flag.box_id = box.id
elif box is None:
raise ValidationError("Box does not exist")
self.dbsession.add(flag)
self.dbsession.commit()
self.redirect("/admin/view/game_objects")
except ValidationError as error:
self.render("admin/view/game_objects.html", errors=["%s" % error])
def post(self, *args, **kwargs):
''' Check validity of flag submissions '''
flag = Flag.by_uuid(self.get_argument('uuid', ''))
user = self.get_current_user()
if flag is not None and flag.game_level in user.team.game_levels:
submission = ''
if flag.is_file:
if hasattr(self.request, 'files') and 'flag' in self.request.files:
submission = self.request.files['flag'][0]['body']
else:
submission = self.get_argument('token', '')
old_reward = flag.value
if self.attempt_capture(flag, submission):
self.add_content_policy('script', "'unsafe-eval'")
self.render('missions/captured.html',
flag=flag,
reward=old_reward)
else:
self.render_page(flag, errors=["Invalid flag submission"])
else:
self.render('public/404.html')
def edit_flags(self):
''' Edit existing flags in the database '''
try:
flag = Flag.by_uuid(self.get_argument('uuid', ''))
if flag is None:
raise ValidationError("Flag does not exist")
# Name
name = self.get_argument('name', '')
if flag.name != name:
logging.info("Updated flag name %s -> %s" % (
flag.name, name,
))
flag.name = name
token = self.get_argument('token', '')
if flag.token != token:
flag.token = token
# Description
description = self.get_argument('description', '')
if flag._description != description:
logging.info("Updated %s's description %s -> %s" % (
flag.name, flag._description, description,
))
flag.description = description
# Value
flag.value = self.get_argument('value', '')
flag.capture_message = self.get_argument('capture_message', '')
box = Box.by_uuid(self.get_argument('box_uuid', ''))
if box is not None and flag not in box.flags:
logging.info("Updated %s's box %d -> %d" % (
flag.name, flag.box_id, box.id
))
flag.box_id = box.id
elif box is None:
raise ValidationError("Box does not exist")
self.dbsession.add(flag)
self.dbsession.commit()
self.redirect("/admin/view/game_objects")
except ValidationError as error:
self.render("admin/view/game_objects.html", errors=["%s" % error])
def post(self, *args, **kwargs):
''' Check validity of flag submissions '''
flag = Flag.by_uuid(self.get_argument('uuid', ''))
user = self.get_current_user()
if flag is not None and flag.game_level in user.team.game_levels:
submission = ''
if flag.is_file:
if hasattr(self.request,
'files') and 'flag' in self.request.files:
submission = self.request.files['flag'][0]['body']
else:
submission = self.get_argument('token', '')
old_reward = flag.value
if self.attempt_capture(flag, submission):
self.add_content_policy('script', "'unsafe-eval'")
self.render('missions/captured.html',
flag=flag,
reward=old_reward)
else:
self.render_page(flag, errors=["Invalid flag submission"])
else:
self.render('public/404.html')
def edit_hint(self):
''' Edit a hint object '''
try:
hint = Hint.by_uuid(self.get_argument('uuid', ''))
if hint is None:
raise ValidationError("Hint does not exist")
logging.debug("Edit hint object with uuid of %s" % hint.uuid)
price = self.get_argument('price', '')
if hint.price != price:
hint.price = price
description = self.get_argument('description', '')
hint.description = description
flag = Flag.by_uuid(self.get_argument('hint-flag_uuid', ''))
if flag:
flag_id = flag.id
else:
flag_id = None
hint.flag_id = flag_id
box = Box.by_id(flag.box_id)
self.dbsession.add(hint)
self.dbsession.commit()
self.redirect("/admin/view/game_objects#%s" % box.uuid)
except ValidationError as error:
self.render("admin/view/game_objects.html", errors=[str(error), ])
def post(self, *args, **kwargs):
if args[0] == "statistics" or args[0] == "game_objects":
uri = {
"game_objects": "admin/view/game_objects.html",
"statistics": "admin/view/statistics.html",
}
flag_uuid = self.get_argument("flag_uuid", "")
team_uuid = self.get_argument("team_uuid", "")
flag = Flag.by_uuid(flag_uuid)
team = Team.by_uuid(team_uuid)
errors = []
success = []
if flag:
point_restore = self.get_argument("point_restore", "")
accept_answer = self.get_argument("accept_answer", "")
answer_token = self.get_argument("answer_token", "")
if point_restore == "on" and options.penalize_flag_value and team:
value = int(
flag.dynamic_value(team) *
(options.flag_penalty_cost * 0.01))
team.money += value
penalty = Penalty.by_team_token(flag, team, answer_token)
if penalty:
self.dbsession.delete(penalty)
self.dbsession.add(team)
self.dbsession.commit()
self.event_manager.admin_score_update(
team,
"%s penalty reversed - score has been updated." %
team.name,
value,
)
if flag not in team.flags:
flag_value = flag.dynamic_value(team)
if (self.config.dynamic_flag_value and
self.config.dynamic_flag_type == "decay_all"):
for item in Flag.captures(flag.id):
tm = Team.by_id(item[0])
deduction = flag.dynamic_value(tm) - flag_value
tm.money = int(tm.money - deduction)
self.dbsession.add(tm)
self.event_manager.flag_decayed(tm, flag)
team.money += flag_value
team.flags.append(flag)
self.dbsession.add(team)
self.dbsession.commit()
self.event_manager.flag_captured(team, flag)
self._check_level(flag, team)
success.append("%s awarded %d" % (team.name, flag_value))
if (accept_answer == "on"
and (flag.type == "static" or flag.type == "regex")
and not flag.capture(answer_token)):
flag.type = "regex"
if flag.token.startswith("(") and flag.token.endwith(")"):
token = "%s|(%s)" % (flag.token, answer_token)
else:
token = "(%s)|(%s)" % (flag.token, answer_token)
if len(token) < 256:
flag.token = token
self.dbsession.add(flag)
self.dbsession.commit()
success.append("Token successfully added for Flag %s" %
flag.name)
else:
errors.append(
"Flag token too long. Can not expand token.")
self.render(uri[args[0]], errors=errors, success=success)
else:
self.render("public/404.html")
def post(self, *args, **kwargs):
""" Check validity of flag submissions """
box_id = self.get_argument("box_id", None)
uuid = self.get_argument("uuid", "")
token = self.get_argument("token", "")
user = self.get_current_user()
if (box_id and Box.by_id(box_id).locked) or (
box_id is None and uuid and Flag.by_uuid(uuid).box.locked):
self.render(
"missions/status.html",
errors=None,
info=["This box is currently locked by the Admin."],
)
return
if (token is not None and box_id is not None
and Box.by_id(box_id).flag_submission_type
== FlagsSubmissionType.SINGLE_SUBMISSION_BOX):
flag = Flag.by_token_and_box_id(token, box_id)
else:
flag = Flag.by_uuid(uuid)
if (flag is not None and Penalty.by_count(flag, user.team) >=
self.config.max_flag_attempts):
self.render_page_by_flag(
flag,
info=[
"Max attempts reached - you can no longer answer this flag."
],
)
return
if flag and flag in user.team.flags:
self.render_page_by_flag(flag)
return
elif (flag is None or flag.game_level.type == "none"
or flag.game_level in user.team.game_levels):
submission = ""
if flag is not None and flag.is_file:
if hasattr(self.request,
"files") and "flag" in self.request.files:
submission = self.request.files["flag"][0]["body"]
else:
submission = self.get_argument("token",
"").replace("__quote__", '"')
if len(submission) == 0:
self.render_page_by_flag(
flag, info=["No flag was provided - try again."])
return
old_reward = flag.dynamic_value(
user.team) if flag is not None else 0
if flag is not None and self.attempt_capture(flag, submission):
self.add_content_policy("script", "'unsafe-eval'")
success = self.success_capture(flag, old_reward)
if self.config.story_mode:
box = flag.box
if not (len(box.capture_message) > 0
and box.is_complete(user)):
box = None
has_capture_message = (len(flag.capture_message) > 0
or box is not None)
if has_capture_message:
self.render(
"missions/captured.html",
flag=flag,
box=box,
reward=old_reward,
success=success,
)
return
self.render_page_by_flag(flag, success=success)
return
else:
self.failed_attempt(flag, user, submission, box_id)
else:
self.render("public/404.html")
def post(self, *args, **kwargs):
"""
Reset the Game
"""
errors = []
success = None
try:
users = User.all()
for user in users:
user.money = 0
teams = Team.all()
for team in teams:
if options.banking:
team.money = options.starting_team_money
else:
team.money = 0
team.flags = []
team.hints = []
team.boxes = []
team.items = []
team.purchased_source_code = []
level_0 = GameLevel.by_number(0)
if not level_0:
level_0 = GameLevel.all()[0]
team.game_levels = [level_0]
self.dbsession.add(team)
self.dbsession.commit()
self.dbsession.flush()
for team in teams:
for paste in team.pastes:
self.dbsession.delete(paste)
for shared_file in team.files:
shared_file.delete_data()
self.dbsession.delete(shared_file)
self.dbsession.commit()
self.dbsession.flush()
Penalty.clear()
Notification.clear()
snapshot = Snapshot.all()
for snap in snapshot:
self.dbsession.delete(snap)
self.dbsession.commit()
snapshot_team = SnapshotTeam.all()
for snap in snapshot_team:
self.dbsession.delete(snap)
self.dbsession.commit()
game_history = GameHistory.instance()
game_history.take_snapshot() # Take starting snapshot
flags = Flag.all()
for flag in flags:
# flag.value = flag.value allows a fallback to when original_value was used
# Allows for the flag value to be reset if dynamic scoring was used
# Can be removed after depreciation timeframe
flag.value = flag.value
self.dbsession.add(flag)
self.dbsession.commit()
self.dbsession.flush()
self.event_manager.push_score_update()
self.flush_memcached()
success = "Successfully Reset Game"
self.render("admin/reset.html", success=success, errors=errors)
except BaseException as e:
errors.append("Failed to Reset Game")
logging.error(str(e))
self.render("admin/reset.html", success=None, errors=errors)
def post(self, *args, **kwargs):
''' Check validity of flag submissions '''
box_id = self.get_argument('box_id', None)
uuid = self.get_argument('uuid', '')
token = self.get_argument('token', '')
user = self.get_current_user()
if not self.application.settings['game_started'] and not user.is_admin():
self.render('missions/status.html', errors=None, info=["The game has not started yet"])
return
if(box_id is not None and token is not None):
flag = Flag.by_token_and_box_id(token, box_id)
else:
flag = Flag.by_uuid(uuid)
if flag is not None and Penalty.by_count(flag, user.team) >= self.config.max_flag_attempts:
self.render_page_by_flag(flag, info=["Max attempts reached - you can no longer answer this flag."])
return
if flag and flag in user.team.flags:
self.render_page_by_flag(flag)
elif flag is None or flag.game_level.type == 'none' or flag.game_level in user.team.game_levels:
submission = ''
if flag is not None and flag.is_file:
if hasattr(self.request, 'files') and 'flag' in self.request.files:
submission = self.request.files['flag'][0]['body']
else:
submission = self.get_argument('token', '')
if len(submission) == 0:
self.render_page_by_flag(flag, info=["No flag was provided - try again."])
old_reward = flag.value if flag is not None else 0
if flag is not None and self.attempt_capture(flag, submission):
self.add_content_policy('script', "'unsafe-eval'")
if self.config.story_mode and flag.capture_message and len(flag.capture_message) > 0:
self.render('missions/captured.html',
flag=flag,
reward=old_reward)
else:
success = self.success_capture(flag, old_reward)
self.render_page_by_flag(flag, success=success)
else:
if flag is None or Penalty.by_token_count(flag, user.team, submission) == 0:
if self.config.teams:
teamval = "team's "
else:
teamval = ""
penalty = self.failed_capture(flag, submission) if flag is not None else 0
penalty_dialog = "Sorry - Try Again"
if penalty:
if self.config.banking:
penalty_dialog = "$" + str(penalty) + " has been deducted from your " + teamval + "account."
else:
if penalty == 1:
point = " point has"
else:
point = " points have"
penalty_dialog = str(penalty) + point + " been deducted from your " + teamval + "score."
if flag is None:
self.render_page_by_box_id(box_id, errors=[penalty_dialog])
else:
self.render_page_by_flag(flag, errors=[penalty_dialog])
else:
if self.config.teams:
teamdup = " by your team. Try Again"
else:
teamdup = " by you. Try Again"
self.render_page_by_flag(flag, info=["Duplicate submission - this answer has already been attempted" + teamdup])
else:
self.render('public/404.html')
def flag(self):
return Flag.by_id(self.flag_id)
