def _mkflag(self, flag_type, is_file=False): ''' Creates the flag in the database ''' box = Box.by_uuid(self.get_argument('box_uuid', '')) if box is None: raise ValidationError('Box does not exist') if is_file: if not hasattr(self.request, 'files') or not 'flag' in self.request.files: raise ValidationError('No file in request') token = self.request.files['flag'][0]['body'] else: token = self.get_argument('token', '') name = self.get_argument('flag_name', '') description = self.get_argument('description', '') reward = self.get_argument('reward', '') flag = Flag.create_flag(flag_type, box, name, token, description, reward) flag.capture_message = self.get_argument('capture_message', '') flag.case_sensitive = self.get_argument('case-sensitive', 1) lock = Flag.by_uuid(self.get_argument('lock_uuid', '')) if lock: flag.lock_id = lock.id else: flag.lock_id = None self.add_attachments(flag) self.dbsession.add(flag) self.dbsession.commit() choices = self.get_arguments('addmore[]', strip=True) if choices is not None: for item in choices: FlagChoice.create_choice(flag, item) self.redirect("/admin/view/game_objects#%s" % box.uuid)
def edit_flags(self): """ Edit existing flags in the database """ try: flag = Flag.by_uuid(self.get_argument("uuid", "")) if flag is None: raise ValidationError("Flag does not exist") # Name name = self.get_argument("name", "") if flag._name != name: logging.info("Updated flag name %s -> %s" % (flag._name, name)) flag.name = name token = self.get_argument("token", "") if flag.token != token: flag.token = token # Description description = self.get_argument("description", "") if flag._description != description: logging.info("Updated %s's description %s -> %s" % (flag.name, flag._description, description)) flag.description = description # Value flag.value = self.get_argument("value", "") flag.original_value = self.get_argument("value", "") flag.capture_message = self.get_argument("capture_message", "") flag.case_sensitive = self.get_argument("case-sensitive", 1) # Type flag_type = self.get_argument("flag_type", None) if flag_type and flag_type != flag.type: logging.info("Updated %s's type %s -> %s" % (flag.name, flag.type, flag_type)) flag.type = flag_type # Dependency Lock lock = Flag.by_uuid(self.get_argument("lock_uuid", "")) if lock: flag.lock_id = lock.id else: flag.lock_id = None box = Box.by_uuid(self.get_argument("box_uuid", "")) if box is not None and flag not in box.flags: logging.info("Updated %s's box %d -> %d" % (flag.name, flag.box_id, box.id)) flag.box_id = box.id for fl in box.flags: fl.order self.dbsession.add(fl) flag.order = len(box.flags) + 1 # place flag at end for hint in flag.hints: hint.box_id = box.id self.dbsession.add(hint) elif box is None: raise ValidationError("Box does not exist") self.dbsession.add(flag) self.dbsession.commit() if flag.type == FLAG_CHOICE: self.edit_choices(flag, self.request.arguments) self.redirect("/admin/view/game_objects#%s" % box.uuid) except ValidationError as error: self.render("admin/view/game_objects.html", success=None, errors=["%s" % error])
def setUp(self): self.box, self.corp = create_box() self.static_flag = Flag.create_flag( _type=FLAG_STATIC, box=self.box, name="Static Flag", raw_token="statictoken", description="A static test token", value=100, ) self.regex_flag = Flag.create_flag( _type=FLAG_REGEX, box=self.box, name="Regex Flag", raw_token="(f|F)oobar", description="A regex test token", value=200, ) self.file_flag = Flag.create_flag( _type=FLAG_FILE, box=self.box, name="File Flag", raw_token="fdata", description="A file test token", value=300, ) dbsession.add(self.static_flag) dbsession.add(self.regex_flag) dbsession.add(self.file_flag) dbsession.commit()
def _mkflag(self, flag_type, is_file=False): """ Creates the flag in the database """ box = Box.by_uuid(self.get_argument("box_uuid", "")) if box is None: raise ValidationError("Box does not exist") if is_file: if not hasattr(self.request, "files") or not "flag" in self.request.files: raise ValidationError("No file in request") token = self.request.files["flag"][0]["body"] else: token = self.get_argument("token", "") name = self.get_argument("flag_name", "") description = self.get_argument("description", "") reward = self.get_argument("reward", "") flag = Flag.create_flag(flag_type, box, name, token, description, reward) flag.capture_message = self.get_argument("capture_message", "") flag.case_sensitive = self.get_argument("case-sensitive", 1) flag.order = len(box.flags) + 1 lock = Flag.by_uuid(self.get_argument("lock_uuid", "")) if lock: flag.lock_id = lock.id else: flag.lock_id = None self.add_attachments(flag) self.dbsession.add(flag) self.dbsession.commit() choices = self.get_arguments("addmore[]", strip=True) if choices is not None: for item in choices: FlagChoice.create_choice(flag, item) self.redirect("/admin/view/game_objects#%s" % box.uuid)
def _mkflag(self, flag_type, is_file=False): ''' Creates the flag in the database ''' box = Box.by_uuid(self.get_argument('box_uuid', '')) if box is None: raise ValidationError('Box does not exist') if is_file: if not hasattr(self.request, 'files') or not 'flag' in self.request.files: raise ValidationError('No file in request') token = self.request.files['flag'][0]['body'] else: token = self.get_argument('token', '') name = self.get_argument('flag_name', '') description = self.get_argument('description', '') reward = self.get_argument('reward', '') flag = Flag.create_flag( flag_type, box, name, token, description, reward) flag.capture_message = self.get_argument('capture_message', '') flag.case_sensitive = self.get_argument('case-sensitive', 1) lock = Flag.by_uuid(self.get_argument('lock_uuid', '')) if lock: flag.lock_id = lock.id else: flag.lock_id = None self.add_attachments(flag) self.dbsession.add(flag) self.dbsession.commit() choices = self.get_arguments('addmore[]', strip=True) if choices is not None: for item in choices: FlagChoice.create_choice(flag, item) self.redirect("/admin/view/game_objects#%s" % box.uuid)
def post(self, *args, **kwargs): game_objects = { "game_level": GameLevel, "corporation": Corporation, "flag": Flag, "box": Box, "hint": Hint, } obj_name = self.get_argument("obj", "") uuid = self.get_argument("uuid", "") if obj_name in game_objects.keys(): obj = game_objects[obj_name].by_uuid(uuid) if obj is not None: self.write(obj.to_dict()) else: self.write({"Error": "Invalid uuid."}) elif obj_name == "stats": flag = Flag.by_uuid(uuid) if flag is not None: if options.banking: price = "$" + str(flag.value) else: price = str(flag.value) + " points" flaginfo = [ { "name": flag.name, "description": flag.description, "token": flag.token, "price": price, } ] captures = [] for item in Flag.captures(flag.id): team = Team.by_id(item[0]) if team: captures.append({"name": team.name}) attempts = self.attempts(flag) hints = [] for item in Hint.taken_by_flag(flag.id): team = Team.by_id(item.team_id) hint = Hint.by_id(item.hint_id) if team: if options.banking: price = "$" + str(hint.price) else: price = str(hint.price) + " points" hints.append({"name": team.name, "price": price}) obj = { "flag": flaginfo, "captures": captures, "attempts": attempts, "hints": hints, } self.write(obj) else: self.write({"Error": "Invalid uuid."}) else: self.write({"Error": "Invalid object type."}) self.finish()
def post(self, *args, **kwargs): game_objects = { 'game_level': GameLevel, 'corporation': Corporation, 'flag': Flag, 'box': Box, 'hint': Hint, } obj_name = self.get_argument('obj', '') uuid = self.get_argument('uuid', '') if obj_name in game_objects.keys(): obj = game_objects[obj_name].by_uuid(uuid) if obj is not None: self.write(obj.to_dict()) else: self.write({'Error': 'Invalid uuid.'}) elif obj_name == "stats": flag = Flag.by_uuid(uuid) if flag is not None: if options.banking: flaginfo = [{"name": flag.name, "token": flag.token, "price": "$" + str(flag.value)}] else: flaginfo = [{"name": flag.name, "token": flag.token, "price": str(flag.value) + " points"}] captures = [] for item in Flag.captures(flag.id): team = Team.by_id(item[0]) if team: captures.append({"name": team.name}) attempts = [] for item in Penalty.by_flag_id(flag.id): team = Team.by_id(item.team_id) if team: attempts.append({"name": team.name, "token": item.token}) hints = [] for item in Hint.taken_by_flag(flag.id): team = Team.by_id(item.team_id) hint = Hint.by_id(item.hint_id) if team: if options.banking: hints.append({"name": team.name, "price": "$" + str(hint.price)}) else: hints.append({"name": team.name, "price": str(hint.price) + " points"}) obj = { "flag": flaginfo, "captures": captures, "attempts": attempts, "hints": hints, } self.write(obj) else: self.write({'Error': 'Invalid uuid.'}) else: self.write({'Error': 'Invalid object type.'}) self.finish()
def edit_flags(self): ''' Edit existing flags in the database ''' try: flag = Flag.by_uuid(self.get_argument('uuid', '')) if flag is None: raise ValidationError("Flag does not exist") # Name name = self.get_argument('name', '') if flag.name != name: logging.info("Updated flag name %s -> %s" % ( flag.name, name, )) flag.name = name token = self.get_argument('token', '') if flag.token != token: flag.token = token # Description description = self.get_argument('description', '') if flag._description != description: logging.info("Updated %s's description %s -> %s" % ( flag.name, flag._description, description, )) flag.description = description # Value flag.value = self.get_argument('value', '') flag.original_value = self.get_argument('value', '') flag.capture_message = self.get_argument('capture_message', '') flag.case_sensitive = self.get_argument('case-sensitive', 1) # Dependency Lock lock = Flag.by_uuid(self.get_argument('lock_uuid', '')) if lock: flag.lock_id = lock.id else: flag.lock_id = None box = Box.by_uuid(self.get_argument('box_uuid', '')) if box is not None and flag not in box.flags: logging.info("Updated %s's box %d -> %d" % (flag.name, flag.box_id, box.id)) flag.box_id = box.id elif box is None: raise ValidationError("Box does not exist") self.dbsession.add(flag) self.dbsession.commit() if flag.type == FLAG_CHOICE: self.edit_choices(flag, self.request.arguments) self.redirect("/admin/view/game_objects#%s" % box.uuid) except ValidationError as error: self.render("admin/view/game_objects.html", errors=["%s" % error])
def setUp(self): self.box, self.corp = create_box() self.static_flag = Flag.create_flag( _type=FLAG_STATIC, box=self.box, name="Static Flag", raw_token="statictoken", description="A static test token", value=100, ) self.regex_flag = Flag.create_flag( _type=FLAG_REGEX, box=self.box, name="Regex Flag", raw_token="(f|F)oobar", description="A regex test token", value=200, ) self.file_flag = Flag.create_flag( _type=FLAG_FILE, box=self.box, name="File Flag", raw_token="fdata", description="A file test token", value=300, ) self.choice_flag = Flag.create_flag( _type=FLAG_CHOICE, box=self.box, name="Choice Flag", raw_token="fdata", description="A choice test token", value=400, ) self.datetime_flag = Flag.create_flag( _type=FLAG_DATETIME, box=self.box, name="Datetime Flag", raw_token="2018-06-22 18:00:00", description="A datetime test token", value=500, ) dbsession.add(self.static_flag) dbsession.add(self.regex_flag) dbsession.add(self.file_flag) dbsession.add(self.choice_flag) dbsession.add(self.datetime_flag) dbsession.commit()
def edit_flags(self): ''' Edit existing flags in the database ''' try: flag = Flag.by_uuid(self.get_argument('uuid', '')) if flag is None: raise ValidationError("Flag does not exist") # Name name = self.get_argument('name', '') if flag.name != name: logging.info("Updated flag name %s -> %s" % ( flag.name, name, )) flag.name = name token = self.get_argument('token', '') if flag.token != token: flag.token = token # Description description = self.get_argument('description', '') if flag._description != description: logging.info("Updated %s's description %s -> %s" % ( flag.name, flag._description, description, )) flag.description = description # Value flag.value = self.get_argument('value', '') flag.original_value = self.get_argument('value', '') flag.capture_message = self.get_argument('capture_message', '') flag.case_sensitive = self.get_argument('case-sensitive', 1) # Dependency Lock lock = Flag.by_uuid(self.get_argument('lock_uuid', '')) if lock: flag.lock_id = lock.id else: flag.lock_id = None box = Box.by_uuid(self.get_argument('box_uuid', '')) if box is not None and flag not in box.flags: logging.info("Updated %s's box %d -> %d" % ( flag.name, flag.box_id, box.id )) flag.box_id = box.id elif box is None: raise ValidationError("Box does not exist") self.dbsession.add(flag) self.dbsession.commit() if flag.type == FLAG_CHOICE: self.edit_choices(flag, self.request.arguments) self.redirect("/admin/view/game_objects#%s" % box.uuid) except ValidationError as error: self.render("admin/view/game_objects.html", errors=["%s" % error])
def edit_flags(self): ''' Super ugly code, yes - Edit existing flags in the database ''' flag = Flag.by_uuid(self.get_argument('uuid', '')) if flag is not None: try: name = self.get_argument('name', '') if flag.name != name: if Flag.by_name(name) is None: logging.info("Updated flag name %s -> %s" % (flag.name, name,) ) flag.name = name else: raise ValueError("Flag name already exists") token = self.get_argument('token', '') if flag.token != token: if Flag.by_token(token) is None: logging.info("Updated %s's token %s -> %s" % (flag.name, flag.token, token) ) flag.token = token else: raise ValueError("Token is not unique") description = self.get_argument('description', '') if flag._description != description: logging.info("Updated %s's description %s -> %s" % (flag.name, flag._description, description,) ) flag.description = description flag.value = self.get_argument('value', '') flag.capture_message = self.get_argument('capture_message', '') box = Box.by_uuid(self.get_argument('box_uuid', '')) if box is not None and flag not in box.flags: logging.info("Updated %s's box %d -> %d" % (flag.name, flag.box_id, box.id) ) flag.box_id = box.id elif box is None: raise ValueError("Box does not exist") self.dbsession.add(flag) self.dbsession.commit() self.redirect("/admin/view/game_objects") except ValueError as error: self.render("admin/view/game_objects.html", errors=["%s" % error]) else: self.render("admin/view/game_objects.html", errors=["Flag does not exist"] )
def post(self, *args, **kwargs): ''' Reset the Game ''' errors = [] success = None try: users = User.all() for user in users: user.money = 0 teams = Team.all() for team in teams: if options.banking: team.money = options.starting_team_money else: team.money = 0 team.flags = [] team.hints = [] team.boxes = [] team.items = [] team.purchased_source_code = [] level_0 = GameLevel.by_number(0) if not level_0: level_0 = GameLevel.all()[0] team.game_levels = [level_0] self.dbsession.add(team) self.dbsession.commit() self.dbsession.flush() for team in teams: for paste in team.pastes: self.dbsession.delete(paste) for shared_file in team.files: shared_file.delete_data() self.dbsession.delete(shared_file) self.dbsession.commit() self.dbsession.flush() Penalty.clear() Notification.clear() snapshot = Snapshot.all() for snap in snapshot: self.dbsession.delete(snap) self.dbsession.commit() snapshot_team = SnapshotTeam.all() for snap in snapshot_team: self.dbsession.delete(snap) self.dbsession.commit() game_history = GameHistory.instance() game_history.take_snapshot() # Take starting snapshot flags = Flag.all() for flag in flags: flag.value = flag._original_value if flag._original_value else flag.value self.dbsession.add(flag) self.dbsession.commit() self.dbsession.flush() success = "Successfully Reset Game" self.render('admin/reset.html', success=success, errors=errors) except BaseException as e: errors.append("Failed to Reset Game") logging.error(str(e)) self.render('admin/reset.html', success=None, errors=errors)
def failed_capture(self, flag, submission): user = self.get_current_user() if submission is not None and flag not in user.team.flags: if flag.is_file: submission = Flag.digest(submission) Penalty.create_attempt(team=user.team, flag=flag, submission=submission) if not self.config.penalize_flag_value: return False attempts = Penalty.by_count(flag, user.team) if attempts < self.config.flag_start_penalty: return False if attempts >= self.config.flag_stop_penalty: return False penalty = int( flag.dynamic_value(user.team) * self.config.flag_penalty_cost * 0.01) logging.info("%s (%s) capture failed '%s' - lost %s" % (user.handle, user.team.name, flag.name, penalty)) user.team.money -= penalty user.money -= penalty self.dbsession.add(user.team) self.dbsession.flush() self.event_manager.flag_penalty(user, flag) self.dbsession.commit() # Fire capture failed webhook send_capture_failed_webhook(user, flag) return penalty return False
def edit_hint(self): """ Edit a hint object """ try: hint = Hint.by_uuid(self.get_argument("uuid", "")) if hint is None: raise ValidationError("Hint does not exist") logging.debug("Edit hint object with uuid of %s" % hint.uuid) price = self.get_argument("price", "") if hint.price != price: hint.price = price description = self.get_argument("description", "") hint.description = description flag = Flag.by_uuid(self.get_argument("hint-flag_uuid", "")) if flag: flag_id = flag.id else: flag_id = None hint.flag_id = flag_id box = Box.by_id(flag.box_id) self.dbsession.add(hint) self.dbsession.commit() self.redirect("/admin/view/game_objects#%s" % box.uuid) except ValidationError as error: self.render("admin/view/game_objects.html", success=None, errors=[str(error)])
def post(self, *args, **kwargs): ''' Check validity of flag submissions ''' flag = Flag.by_uuid(self.get_argument('uuid', '')) user = self.get_current_user() if flag and flag in user.team.flags: self.render_page(flag) elif flag is not None and flag.game_level in user.team.game_levels: submission = '' if flag.is_file: if hasattr(self.request, 'files') and 'flag' in self.request.files: submission = self.request.files['flag'][0]['body'] else: submission = self.get_argument('token', '') old_reward = flag.value if self.attempt_capture(flag, submission): self.add_content_policy('script', "'unsafe-eval'") if self.config.story_mode: self.render('missions/captured.html', flag=flag, reward=old_reward) else: success = self.success_capture(flag) self.render_page(flag, success=success) else: if Penalty.by_token_count(flag, user.team, submission) == 0: if self.config.teams: teamval = "team's " else: teamval = "" penalty = self.failed_capture(flag, submission) penalty_dialog = "Sorry - Try Again" if penalty: if self.config.banking: penalty_dialog = "$" + str( penalty ) + " has been deducted from your " + teamval + "account." else: if penalty == 1: point = " point has" else: point = " points have" penalty_dialog = str( penalty ) + point + " been deducted from your " + teamval + "score." self.render_page(flag, errors=[penalty_dialog]) else: if self.config.teams: teamdup = " by your team. Try Again" else: teamdup = " by you. Try Again" self.render_page( flag, info=[ "Duplicate submission - this answer has already been attempted" + teamdup ]) else: self.render('public/404.html')
def attempt_capture(self, flag, submission): """ Compares a user provided token to the token in the db """ user = self.get_current_user() team = user.team logging.info("%s (%s) capture the flag '%s'" % (user.handle, team.name, flag.name)) if submission is not None and flag not in team.flags: if flag.capture(submission): flag_value = flag.dynamic_value(team) if (self.config.dynamic_flag_value and self.config.dynamic_flag_type == "decay_all"): for item in Flag.captures(flag.id): tm = Team.by_id(item[0]) deduction = flag.dynamic_value(tm) - flag_value tm.money = int(tm.money - deduction) self.dbsession.add(tm) self.event_manager.flag_decayed(tm, flag) team.money += flag_value user.money += flag_value team.flags.append(flag) self.dbsession.add(user) self.dbsession.add(team) self.dbsession.commit() self.event_manager.flag_captured(team, flag) return True return False
def get(self, *args, **kwargs): fuuid = self.get_argument("flag", None) buuid = self.get_argument("box", None) try: reward = int(self.get_argument("reward", 0)) except ValueError: reward = 0 user = self.get_current_user() box = Box.by_uuid(buuid) flag = Flag.by_uuid(fuuid) if box is not None and box.is_complete(user): if self.config.story_mode and len(box.capture_message) > 0: self.add_content_policy("script", "'unsafe-eval'") self.render("missions/captured.html", box=box, flag=None, reward=reward) return elif flag is not None and flag in user.team.flags: if self.config.story_mode and len(flag.capture_message) > 0: self.add_content_policy("script", "'unsafe-eval'") self.render("missions/captured.html", box=None, flag=flag, reward=reward) return self.render("public/404.html")
def failed_capture(self, flag, submission): user = self.get_current_user() if submission is not None and flag not in user.team.flags: if flag.is_file: submission = Flag.digest(submission) Penalty.create_attempt( team=user.team, flag=flag, submission=submission, ) if not self.config.penalize_flag_value: return False attempts = Penalty.by_count(flag, user.team) if attempts < self.config.flag_start_penalty: return False if attempts >= self.config.flag_stop_penalty: return False penalty = int(flag.value * self.config.flag_penalty_cost * .01) logging.info("%s (%s) capture failed '%s' - lost %s" % ( user.handle, user.team.name, flag.name, penalty )) user.team.money -= penalty user.money -= penalty self.dbsession.add(user.team) self.dbsession.flush() self.event_manager.flag_penalty(user, flag) self.dbsession.commit() return penalty return False
def edit_flag_order(self): """ Edit flag order in the database """ try: flag = Flag.by_uuid(self.get_argument("uuid", "")) if flag is None: raise ValidationError("Flag does not exist") flag.order = self.get_argument("order", "") self.dbsession.add(flag) self.dbsession.commit() except ValidationError as error: logging.error("Failed to reorder flag: %s" % error)
def edit_flag_order(self): ''' Edit flag order in the database ''' try: flag = Flag.by_uuid(self.get_argument('uuid', '')) if flag is None: raise ValidationError("Flag does not exist") flag.order = self.get_argument('order', '') self.dbsession.add(flag) self.dbsession.commit() except ValidationError as error: logging.error("Failed to reorder flag: %s" % error)
def get(self, *args, **kwargs): uuid = self.get_argument('flag', None) reward = self.get_argument('reward', None) user = self.get_current_user() flag = Flag.by_uuid(uuid) if flag is not None and flag in user.team.flags: self.add_content_policy('script', "'unsafe-eval'") if self.config.story_mode and flag.capture_message and len( flag.capture_message) > 0: self.render('missions/captured.html', flag=flag, reward=reward) return self.render('public/404.html')
def to_dict(self): flag = Flag.by_id(self.flag_id) if flag: flag_uuid = flag.uuid else: flag_uuid = "" return { "price": str(self.price), "description": self.description, "flag_uuid": flag_uuid, "uuid": self.uuid, "flaglist": Box.flaglist(self.box_id), }
def del_flag(self): ''' Delete a flag object from the database ''' flag = Flag.by_uuid(self.get_argument('uuid', '')) if flag is not None: logging.info("Deleted flag: %s " % flag.name) self.dbsession.delete(flag) self.dbsession.commit() self.redirect('/admin/view/game_objects') else: logging.info("Flag (%r) does not exist in the database" % (self.get_argument('uuid', ''))) self.render("admin/view/game_objects.html", errors=["Flag does not exist in database."])
def to_dict(self): flag = Flag.by_id(self.flag_id) if flag: flag_uuid = flag.uuid else: flag_uuid = "" return { 'price': str(self.price), 'description': self.description, 'flag_uuid': flag_uuid, 'uuid': self.uuid, 'flaglist': Box.flaglist(self.box_id) }
def get(self, *args, **kwargs): uuid = self.get_argument('flag', None) reward = self.get_argument('reward', None) user = self.get_current_user() flag = Flag.by_uuid(uuid) if flag is not None and flag in user.team.flags: self.add_content_policy('script', "'unsafe-eval'") if self.config.story_mode and flag.capture_message and len(flag.capture_message) > 0: self.render('missions/captured.html', flag=flag, reward=reward) return self.render('public/404.html')
def del_flag(self): ''' Delete a flag object from the database ''' flag = Flag.by_uuid(self.get_argument('uuid', '')) if flag is not None: logging.info("Deleted flag: %s " % flag.name) self.dbsession.delete(flag) self.dbsession.commit() self.redirect('/admin/view/game_objects') else: logging.info("Flag (%r) does not exist in the database" % self.get_argument('uuid', '') ) self.render("admin/view/game_objects.html", errors=["Flag does not exist in database."] )
def del_flag(self): """ Delete a flag object from the database """ flag = Flag.by_uuid(self.get_argument("uuid", "")) if flag is not None: logging.info("Deleted flag: %s " % flag.name) self.dbsession.delete(flag) self.dbsession.commit() self.redirect("/admin/view/game_objects") else: logging.info("Flag (%r) does not exist in the database" % (self.get_argument("uuid", ""))) self.render( "admin/view/game_objects.html", success=None, errors=["Flag does not exist in database."], )
def _mkflag(self, flag_type, is_file=False): name = self.get_argument('flag_name', '') if is_file: if not 'flag' in self.request.files: raise ValueError('No file in request') token = self.request.files['flag'][0]['body'] else: token = self.get_argument('token', '') description = self.get_argument('description', '') reward = int(self.get_argument('reward', '')) box = Box.by_uuid(self.get_argument('box_uuid', '')) if box is None: raise ValueError('Box does not exist') flag = Flag.create_flag(flag_type, box, name, token, description, reward) flag.capture_message = self.get_argument('capture_message', '') self.dbsession.add(flag) self.dbsession.commit() self.redirect('/admin/view/game_objects')
def create_hint(self): ''' Add hint to database ''' try: box = Box.by_uuid(self.get_argument('box_uuid', '')) if box is None: raise ValidationError("Box does not exist") hint = Hint(box_id=box.id) hint.price = self.get_argument('price', '') hint.description = self.get_argument('description', '') flag = Flag.by_uuid(self.get_argument('flag_uuid', '')) if flag: hint.flag_id = flag.id else: hint.flag_id = None self.dbsession.add(hint) self.dbsession.commit() self.redirect("/admin/view/game_objects#%s" % box.uuid) except ValidationError as error: self.render('admin/create/hint.html', errors=[str(error), ])
def create_hint(self): """ Add hint to database """ try: box = Box.by_uuid(self.get_argument("box_uuid", "")) if box is None: raise ValidationError("Box does not exist") hint = Hint(box_id=box.id) hint.price = self.get_argument("price", "") hint.description = self.get_argument("description", "") flag = Flag.by_uuid(self.get_argument("flag_uuid", "")) if flag: hint.flag_id = flag.id else: hint.flag_id = None self.dbsession.add(hint) self.dbsession.commit() self.redirect("/admin/view/game_objects#%s" % box.uuid) except ValidationError as error: self.render("admin/create/hint.html", errors=[str(error)])
def post(self, *args, **kwargs): ''' Check validity of flag submissions ''' flag = Flag.by_uuid(self.get_argument('uuid', '')) user = self.get_current_user() if flag is not None and flag.game_level in user.team.game_levels: if flag.is_file and 'flag' in self.request.files: submission = self.request.files['flag'][0]['body'] elif not flag.is_file: submission = self.get_argument('token', '') else: submission = None old_reward = flag.value if self.attempt_capture(flag, submission): self.set_header("Content-Security-Policy", self.relaxed_csp) self.render('missions/captured.html', flag=flag, reward=old_reward) else: self.render_page(flag, errors=["Invalid flag submission"]) else: self.render('public/404.html')
def edit_flags(self): ''' Edit existing flags in the database ''' try: flag = Flag.by_uuid(self.get_argument('uuid', '')) if flag is None: raise ValidationError("Flag does not exist") # Name name = self.get_argument('name', '') if flag.name != name: logging.info("Updated flag name %s -> %s" % ( flag.name, name, )) flag.name = name token = self.get_argument('token', '') if flag.token != token: flag.token = token # Description description = self.get_argument('description', '') if flag._description != description: logging.info("Updated %s's description %s -> %s" % ( flag.name, flag._description, description, )) flag.description = description # Value flag.value = self.get_argument('value', '') flag.capture_message = self.get_argument('capture_message', '') box = Box.by_uuid(self.get_argument('box_uuid', '')) if box is not None and flag not in box.flags: logging.info("Updated %s's box %d -> %d" % (flag.name, flag.box_id, box.id)) flag.box_id = box.id elif box is None: raise ValidationError("Box does not exist") self.dbsession.add(flag) self.dbsession.commit() self.redirect("/admin/view/game_objects") except ValidationError as error: self.render("admin/view/game_objects.html", errors=["%s" % error])
def post(self, *args, **kwargs): ''' Check validity of flag submissions ''' flag = Flag.by_uuid(self.get_argument('uuid', '')) user = self.get_current_user() if flag is not None and flag.game_level in user.team.game_levels: submission = '' if flag.is_file: if hasattr(self.request, 'files') and 'flag' in self.request.files: submission = self.request.files['flag'][0]['body'] else: submission = self.get_argument('token', '') old_reward = flag.value if self.attempt_capture(flag, submission): self.add_content_policy('script', "'unsafe-eval'") self.render('missions/captured.html', flag=flag, reward=old_reward) else: self.render_page(flag, errors=["Invalid flag submission"]) else: self.render('public/404.html')
def edit_flags(self): ''' Edit existing flags in the database ''' try: flag = Flag.by_uuid(self.get_argument('uuid', '')) if flag is None: raise ValidationError("Flag does not exist") # Name name = self.get_argument('name', '') if flag.name != name: logging.info("Updated flag name %s -> %s" % ( flag.name, name, )) flag.name = name token = self.get_argument('token', '') if flag.token != token: flag.token = token # Description description = self.get_argument('description', '') if flag._description != description: logging.info("Updated %s's description %s -> %s" % ( flag.name, flag._description, description, )) flag.description = description # Value flag.value = self.get_argument('value', '') flag.capture_message = self.get_argument('capture_message', '') box = Box.by_uuid(self.get_argument('box_uuid', '')) if box is not None and flag not in box.flags: logging.info("Updated %s's box %d -> %d" % ( flag.name, flag.box_id, box.id )) flag.box_id = box.id elif box is None: raise ValidationError("Box does not exist") self.dbsession.add(flag) self.dbsession.commit() self.redirect("/admin/view/game_objects") except ValidationError as error: self.render("admin/view/game_objects.html", errors=["%s" % error])
def edit_hint(self): ''' Edit a hint object ''' try: hint = Hint.by_uuid(self.get_argument('uuid', '')) if hint is None: raise ValidationError("Hint does not exist") logging.debug("Edit hint object with uuid of %s" % hint.uuid) price = self.get_argument('price', '') if hint.price != price: hint.price = price description = self.get_argument('description', '') hint.description = description flag = Flag.by_uuid(self.get_argument('hint-flag_uuid', '')) if flag: flag_id = flag.id else: flag_id = None hint.flag_id = flag_id box = Box.by_id(flag.box_id) self.dbsession.add(hint) self.dbsession.commit() self.redirect("/admin/view/game_objects#%s" % box.uuid) except ValidationError as error: self.render("admin/view/game_objects.html", errors=[str(error), ])
def post(self, *args, **kwargs): if args[0] == "statistics" or args[0] == "game_objects": uri = { "game_objects": "admin/view/game_objects.html", "statistics": "admin/view/statistics.html", } flag_uuid = self.get_argument("flag_uuid", "") team_uuid = self.get_argument("team_uuid", "") flag = Flag.by_uuid(flag_uuid) team = Team.by_uuid(team_uuid) errors = [] success = [] if flag: point_restore = self.get_argument("point_restore", "") accept_answer = self.get_argument("accept_answer", "") answer_token = self.get_argument("answer_token", "") if point_restore == "on" and options.penalize_flag_value and team: value = int( flag.dynamic_value(team) * (options.flag_penalty_cost * 0.01)) team.money += value penalty = Penalty.by_team_token(flag, team, answer_token) if penalty: self.dbsession.delete(penalty) self.dbsession.add(team) self.dbsession.commit() self.event_manager.admin_score_update( team, "%s penalty reversed - score has been updated." % team.name, value, ) if flag not in team.flags: flag_value = flag.dynamic_value(team) if (self.config.dynamic_flag_value and self.config.dynamic_flag_type == "decay_all"): for item in Flag.captures(flag.id): tm = Team.by_id(item[0]) deduction = flag.dynamic_value(tm) - flag_value tm.money = int(tm.money - deduction) self.dbsession.add(tm) self.event_manager.flag_decayed(tm, flag) team.money += flag_value team.flags.append(flag) self.dbsession.add(team) self.dbsession.commit() self.event_manager.flag_captured(team, flag) self._check_level(flag, team) success.append("%s awarded %d" % (team.name, flag_value)) if (accept_answer == "on" and (flag.type == "static" or flag.type == "regex") and not flag.capture(answer_token)): flag.type = "regex" if flag.token.startswith("(") and flag.token.endwith(")"): token = "%s|(%s)" % (flag.token, answer_token) else: token = "(%s)|(%s)" % (flag.token, answer_token) if len(token) < 256: flag.token = token self.dbsession.add(flag) self.dbsession.commit() success.append("Token successfully added for Flag %s" % flag.name) else: errors.append( "Flag token too long. Can not expand token.") self.render(uri[args[0]], errors=errors, success=success) else: self.render("public/404.html")
def post(self, *args, **kwargs): """ Check validity of flag submissions """ box_id = self.get_argument("box_id", None) uuid = self.get_argument("uuid", "") token = self.get_argument("token", "") user = self.get_current_user() if (box_id and Box.by_id(box_id).locked) or ( box_id is None and uuid and Flag.by_uuid(uuid).box.locked): self.render( "missions/status.html", errors=None, info=["This box is currently locked by the Admin."], ) return if (token is not None and box_id is not None and Box.by_id(box_id).flag_submission_type == FlagsSubmissionType.SINGLE_SUBMISSION_BOX): flag = Flag.by_token_and_box_id(token, box_id) else: flag = Flag.by_uuid(uuid) if (flag is not None and Penalty.by_count(flag, user.team) >= self.config.max_flag_attempts): self.render_page_by_flag( flag, info=[ "Max attempts reached - you can no longer answer this flag." ], ) return if flag and flag in user.team.flags: self.render_page_by_flag(flag) return elif (flag is None or flag.game_level.type == "none" or flag.game_level in user.team.game_levels): submission = "" if flag is not None and flag.is_file: if hasattr(self.request, "files") and "flag" in self.request.files: submission = self.request.files["flag"][0]["body"] else: submission = self.get_argument("token", "").replace("__quote__", '"') if len(submission) == 0: self.render_page_by_flag( flag, info=["No flag was provided - try again."]) return old_reward = flag.dynamic_value( user.team) if flag is not None else 0 if flag is not None and self.attempt_capture(flag, submission): self.add_content_policy("script", "'unsafe-eval'") success = self.success_capture(flag, old_reward) if self.config.story_mode: box = flag.box if not (len(box.capture_message) > 0 and box.is_complete(user)): box = None has_capture_message = (len(flag.capture_message) > 0 or box is not None) if has_capture_message: self.render( "missions/captured.html", flag=flag, box=box, reward=old_reward, success=success, ) return self.render_page_by_flag(flag, success=success) return else: self.failed_attempt(flag, user, submission, box_id) else: self.render("public/404.html")
def post(self, *args, **kwargs): """ Reset the Game """ errors = [] success = None try: users = User.all() for user in users: user.money = 0 teams = Team.all() for team in teams: if options.banking: team.money = options.starting_team_money else: team.money = 0 team.flags = [] team.hints = [] team.boxes = [] team.items = [] team.purchased_source_code = [] level_0 = GameLevel.by_number(0) if not level_0: level_0 = GameLevel.all()[0] team.game_levels = [level_0] self.dbsession.add(team) self.dbsession.commit() self.dbsession.flush() for team in teams: for paste in team.pastes: self.dbsession.delete(paste) for shared_file in team.files: shared_file.delete_data() self.dbsession.delete(shared_file) self.dbsession.commit() self.dbsession.flush() Penalty.clear() Notification.clear() snapshot = Snapshot.all() for snap in snapshot: self.dbsession.delete(snap) self.dbsession.commit() snapshot_team = SnapshotTeam.all() for snap in snapshot_team: self.dbsession.delete(snap) self.dbsession.commit() game_history = GameHistory.instance() game_history.take_snapshot() # Take starting snapshot flags = Flag.all() for flag in flags: # flag.value = flag.value allows a fallback to when original_value was used # Allows for the flag value to be reset if dynamic scoring was used # Can be removed after depreciation timeframe flag.value = flag.value self.dbsession.add(flag) self.dbsession.commit() self.dbsession.flush() self.event_manager.push_score_update() self.flush_memcached() success = "Successfully Reset Game" self.render("admin/reset.html", success=success, errors=errors) except BaseException as e: errors.append("Failed to Reset Game") logging.error(str(e)) self.render("admin/reset.html", success=None, errors=errors)
def post(self, *args, **kwargs): ''' Check validity of flag submissions ''' box_id = self.get_argument('box_id', None) uuid = self.get_argument('uuid', '') token = self.get_argument('token', '') user = self.get_current_user() if not self.application.settings['game_started'] and not user.is_admin(): self.render('missions/status.html', errors=None, info=["The game has not started yet"]) return if(box_id is not None and token is not None): flag = Flag.by_token_and_box_id(token, box_id) else: flag = Flag.by_uuid(uuid) if flag is not None and Penalty.by_count(flag, user.team) >= self.config.max_flag_attempts: self.render_page_by_flag(flag, info=["Max attempts reached - you can no longer answer this flag."]) return if flag and flag in user.team.flags: self.render_page_by_flag(flag) elif flag is None or flag.game_level.type == 'none' or flag.game_level in user.team.game_levels: submission = '' if flag is not None and flag.is_file: if hasattr(self.request, 'files') and 'flag' in self.request.files: submission = self.request.files['flag'][0]['body'] else: submission = self.get_argument('token', '') if len(submission) == 0: self.render_page_by_flag(flag, info=["No flag was provided - try again."]) old_reward = flag.value if flag is not None else 0 if flag is not None and self.attempt_capture(flag, submission): self.add_content_policy('script', "'unsafe-eval'") if self.config.story_mode and flag.capture_message and len(flag.capture_message) > 0: self.render('missions/captured.html', flag=flag, reward=old_reward) else: success = self.success_capture(flag, old_reward) self.render_page_by_flag(flag, success=success) else: if flag is None or Penalty.by_token_count(flag, user.team, submission) == 0: if self.config.teams: teamval = "team's " else: teamval = "" penalty = self.failed_capture(flag, submission) if flag is not None else 0 penalty_dialog = "Sorry - Try Again" if penalty: if self.config.banking: penalty_dialog = "$" + str(penalty) + " has been deducted from your " + teamval + "account." else: if penalty == 1: point = " point has" else: point = " points have" penalty_dialog = str(penalty) + point + " been deducted from your " + teamval + "score." if flag is None: self.render_page_by_box_id(box_id, errors=[penalty_dialog]) else: self.render_page_by_flag(flag, errors=[penalty_dialog]) else: if self.config.teams: teamdup = " by your team. Try Again" else: teamdup = " by you. Try Again" self.render_page_by_flag(flag, info=["Duplicate submission - this answer has already been attempted" + teamdup]) else: self.render('public/404.html')
def flag(self): return Flag.by_id(self.flag_id)