def setUp(self):
self.box, self.corp = create_box()
self.static_flag = Flag.create_flag(
_type=FLAG_STATIC,
box=self.box,
name="Static Flag",
raw_token="statictoken",
description="A static test token",
value=100,
)
self.regex_flag = Flag.create_flag(
_type=FLAG_REGEX,
box=self.box,
name="Regex Flag",
raw_token="(f|F)oobar",
description="A regex test token",
value=200,
)
self.file_flag = Flag.create_flag(
_type=FLAG_FILE,
box=self.box,
name="File Flag",
raw_token="fdata",
description="A file test token",
value=300,
)
dbsession.add(self.static_flag)
dbsession.add(self.regex_flag)
dbsession.add(self.file_flag)
dbsession.commit()
def _mkflag(self, flag_type, is_file=False):
''' Creates the flag in the database '''
box = Box.by_uuid(self.get_argument('box_uuid', ''))
if box is None:
raise ValidationError('Box does not exist')
if is_file:
if not hasattr(self.request, 'files') or not 'flag' in self.request.files:
raise ValidationError('No file in request')
token = self.request.files['flag'][0]['body']
else:
token = self.get_argument('token', '')
name = self.get_argument('flag_name', '')
description = self.get_argument('description', '')
reward = self.get_argument('reward', '')
flag = Flag.create_flag(
flag_type, box, name, token, description, reward)
flag.capture_message = self.get_argument('capture_message', '')
flag.case_sensitive = self.get_argument('case-sensitive', 1)
lock = Flag.by_uuid(self.get_argument('lock_uuid', ''))
if lock:
flag.lock_id = lock.id
else:
flag.lock_id = None
self.add_attachments(flag)
self.dbsession.add(flag)
self.dbsession.commit()
choices = self.get_arguments('addmore[]', strip=True)
if choices is not None:
for item in choices:
FlagChoice.create_choice(flag, item)
self.redirect("/admin/view/game_objects#%s" % box.uuid)
def post(self, *args, **kwargs):
game_objects = {
'game_level': GameLevel,
'corporation': Corporation,
'flag': Flag,
'box': Box,
'hint': Hint,
}
obj_name = self.get_argument('obj', '')
uuid = self.get_argument('uuid', '')
if obj_name in game_objects.keys():
obj = game_objects[obj_name].by_uuid(uuid)
if obj is not None:
self.write(obj.to_dict())
else:
self.write({'Error': 'Invalid uuid.'})
elif obj_name == "stats":
flag = Flag.by_uuid(uuid)
if flag is not None:
if options.banking:
flaginfo = [{"name": flag.name, "token": flag.token, "price": "$" + str(flag.value)}]
else:
flaginfo = [{"name": flag.name, "token": flag.token, "price": str(flag.value) + " points"}]
captures = []
for item in Flag.captures(flag.id):
team = Team.by_id(item[0])
if team:
captures.append({"name": team.name})
attempts = []
for item in Penalty.by_flag_id(flag.id):
team = Team.by_id(item.team_id)
if team:
attempts.append({"name": team.name, "token": item.token})
hints = []
for item in Hint.taken_by_flag(flag.id):
team = Team.by_id(item.team_id)
hint = Hint.by_id(item.hint_id)
if team:
if options.banking:
hints.append({"name": team.name, "price": "$" + str(hint.price)})
else:
hints.append({"name": team.name, "price": str(hint.price) + " points"})
obj = {
"flag": flaginfo,
"captures": captures,
"attempts": attempts,
"hints": hints,
}
self.write(obj)
else:
self.write({'Error': 'Invalid uuid.'})
else:
self.write({'Error': 'Invalid object type.'})
self.finish()
def edit_flags(self):
''' Edit existing flags in the database '''
try:
flag = Flag.by_uuid(self.get_argument('uuid', ''))
if flag is None:
raise ValidationError("Flag does not exist")
# Name
name = self.get_argument('name', '')
if flag.name != name:
logging.info("Updated flag name %s -> %s" % (
flag.name, name,
))
flag.name = name
token = self.get_argument('token', '')
if flag.token != token:
flag.token = token
# Description
description = self.get_argument('description', '')
if flag._description != description:
logging.info("Updated %s's description %s -> %s" % (
flag.name, flag._description, description,
))
flag.description = description
# Value
flag.value = self.get_argument('value', '')
flag.original_value = self.get_argument('value', '')
flag.capture_message = self.get_argument('capture_message', '')
flag.case_sensitive = self.get_argument('case-sensitive', 1)
# Dependency Lock
lock = Flag.by_uuid(self.get_argument('lock_uuid', ''))
if lock:
flag.lock_id = lock.id
else:
flag.lock_id = None
box = Box.by_uuid(self.get_argument('box_uuid', ''))
if box is not None and flag not in box.flags:
logging.info("Updated %s's box %d -> %d" % (
flag.name, flag.box_id, box.id
))
flag.box_id = box.id
elif box is None:
raise ValidationError("Box does not exist")
self.dbsession.add(flag)
self.dbsession.commit()
if flag.type == FLAG_CHOICE:
self.edit_choices(flag, self.request.arguments)
self.redirect("/admin/view/game_objects#%s" % box.uuid)
except ValidationError as error:
self.render("admin/view/game_objects.html", errors=["%s" % error])
def setUp(self):
self.box, self.corp = create_box()
self.static_flag = Flag.create_flag(
_type=FLAG_STATIC,
box=self.box,
name="Static Flag",
raw_token="statictoken",
description="A static test token",
value=100,
)
self.regex_flag = Flag.create_flag(
_type=FLAG_REGEX,
box=self.box,
name="Regex Flag",
raw_token="(f|F)oobar",
description="A regex test token",
value=200,
)
self.file_flag = Flag.create_flag(
_type=FLAG_FILE,
box=self.box,
name="File Flag",
raw_token="fdata",
description="A file test token",
value=300,
)
self.choice_flag = Flag.create_flag(
_type=FLAG_CHOICE,
box=self.box,
name="Choice Flag",
raw_token="fdata",
description="A choice test token",
value=400,
)
self.datetime_flag = Flag.create_flag(
_type=FLAG_DATETIME,
box=self.box,
name="Datetime Flag",
raw_token="2018-06-22 18:00:00",
description="A datetime test token",
value=500,
)
dbsession.add(self.static_flag)
dbsession.add(self.regex_flag)
dbsession.add(self.file_flag)
dbsession.add(self.choice_flag)
dbsession.add(self.datetime_flag)
dbsession.commit()
def edit_flags(self):
''' Super ugly code, yes - Edit existing flags in the database '''
flag = Flag.by_uuid(self.get_argument('uuid', ''))
if flag is not None:
try:
name = self.get_argument('name', '')
if flag.name != name:
if Flag.by_name(name) is None:
logging.info("Updated flag name %s -> %s" %
(flag.name, name,)
)
flag.name = name
else:
raise ValueError("Flag name already exists")
token = self.get_argument('token', '')
if flag.token != token:
if Flag.by_token(token) is None:
logging.info("Updated %s's token %s -> %s" %
(flag.name, flag.token, token)
)
flag.token = token
else:
raise ValueError("Token is not unique")
description = self.get_argument('description', '')
if flag._description != description:
logging.info("Updated %s's description %s -> %s" %
(flag.name, flag._description, description,)
)
flag.description = description
flag.value = self.get_argument('value', '')
flag.capture_message = self.get_argument('capture_message', '')
box = Box.by_uuid(self.get_argument('box_uuid', ''))
if box is not None and flag not in box.flags:
logging.info("Updated %s's box %d -> %d" %
(flag.name, flag.box_id, box.id)
)
flag.box_id = box.id
elif box is None:
raise ValueError("Box does not exist")
self.dbsession.add(flag)
self.dbsession.commit()
self.redirect("/admin/view/game_objects")
except ValueError as error:
self.render("admin/view/game_objects.html", errors=["%s" % error])
else:
self.render("admin/view/game_objects.html",
errors=["Flag does not exist"]
)
def failed_capture(self, flag, submission):
user = self.get_current_user()
if submission is not None and flag not in user.team.flags:
if flag.is_file:
submission = Flag.digest(submission)
Penalty.create_attempt(
team=user.team,
flag=flag,
submission=submission,
)
if not self.config.penalize_flag_value:
return False
attempts = Penalty.by_count(flag, user.team)
if attempts < self.config.flag_start_penalty:
return False
if attempts >= self.config.flag_stop_penalty:
return False
penalty = int(flag.value * self.config.flag_penalty_cost * .01)
logging.info("%s (%s) capture failed '%s' - lost %s" % (
user.handle, user.team.name, flag.name, penalty
))
user.team.money -= penalty
user.money -= penalty
self.dbsession.add(user.team)
self.dbsession.flush()
self.event_manager.flag_penalty(user, flag)
self.dbsession.commit()
return penalty
return False
def edit_flag_order(self):
''' Edit flag order in the database '''
try:
flag = Flag.by_uuid(self.get_argument('uuid', ''))
if flag is None:
raise ValidationError("Flag does not exist")
flag.order = self.get_argument('order', '')
self.dbsession.add(flag)
self.dbsession.commit()
except ValidationError as error:
logging.error("Failed to reorder flag: %s" % error)
def to_dict(self):
flag = Flag.by_id(self.flag_id)
if flag:
flag_uuid = flag.uuid
else:
flag_uuid = ""
return {
'price': str(self.price),
'description': self.description,
'flag_uuid': flag_uuid,
'uuid': self.uuid,
'flaglist': Box.flaglist(self.box_id)
}
def get(self, *args, **kwargs):
uuid = self.get_argument('flag', None)
reward = self.get_argument('reward', None)
user = self.get_current_user()
flag = Flag.by_uuid(uuid)
if flag is not None and flag in user.team.flags:
self.add_content_policy('script', "'unsafe-eval'")
if self.config.story_mode and flag.capture_message and len(flag.capture_message) > 0:
self.render('missions/captured.html',
flag=flag,
reward=reward)
return
self.render('public/404.html')
def del_flag(self):
''' Delete a flag object from the database '''
flag = Flag.by_uuid(self.get_argument('uuid', ''))
if flag is not None:
logging.info("Deleted flag: %s " % flag.name)
self.dbsession.delete(flag)
self.dbsession.commit()
self.redirect('/admin/view/game_objects')
else:
logging.info("Flag (%r) does not exist in the database" %
self.get_argument('uuid', '')
)
self.render("admin/view/game_objects.html",
errors=["Flag does not exist in database."]
)
def _mkflag(self, flag_type, is_file=False):
name = self.get_argument('flag_name', '')
if is_file:
if not 'flag' in self.request.files:
raise ValueError('No file in request')
token = self.request.files['flag'][0]['body']
else:
token = self.get_argument('token', '')
description = self.get_argument('description', '')
reward = int(self.get_argument('reward', ''))
box = Box.by_uuid(self.get_argument('box_uuid', ''))
if box is None:
raise ValueError('Box does not exist')
flag = Flag.create_flag(flag_type, box, name, token, description, reward)
flag.capture_message = self.get_argument('capture_message', '')
self.dbsession.add(flag)
self.dbsession.commit()
self.redirect('/admin/view/game_objects')
def post(self, *args, **kwargs):
''' Check validity of flag submissions '''
flag = Flag.by_uuid(self.get_argument('uuid', ''))
user = self.get_current_user()
if flag is not None and flag.game_level in user.team.game_levels:
if flag.is_file and 'flag' in self.request.files:
submission = self.request.files['flag'][0]['body']
elif not flag.is_file:
submission = self.get_argument('token', '')
else:
submission = None
old_reward = flag.value
if self.attempt_capture(flag, submission):
self.set_header("Content-Security-Policy", self.relaxed_csp)
self.render('missions/captured.html', flag=flag, reward=old_reward)
else:
self.render_page(flag, errors=["Invalid flag submission"])
else:
self.render('public/404.html')
def create_hint(self):
''' Add hint to database '''
try:
box = Box.by_uuid(self.get_argument('box_uuid', ''))
if box is None:
raise ValidationError("Box does not exist")
hint = Hint(box_id=box.id)
hint.price = self.get_argument('price', '')
hint.description = self.get_argument('description', '')
flag = Flag.by_uuid(self.get_argument('flag_uuid', ''))
if flag:
hint.flag_id = flag.id
else:
hint.flag_id = None
self.dbsession.add(hint)
self.dbsession.commit()
self.redirect("/admin/view/game_objects#%s" % box.uuid)
except ValidationError as error:
self.render('admin/create/hint.html', errors=[str(error), ])
def post(self, *args, **kwargs):
''' Check validity of flag submissions '''
flag = Flag.by_uuid(self.get_argument('uuid', ''))
user = self.get_current_user()
if flag is not None and flag.game_level in user.team.game_levels:
submission = ''
if flag.is_file:
if hasattr(self.request, 'files') and 'flag' in self.request.files:
submission = self.request.files['flag'][0]['body']
else:
submission = self.get_argument('token', '')
old_reward = flag.value
if self.attempt_capture(flag, submission):
self.add_content_policy('script', "'unsafe-eval'")
self.render('missions/captured.html',
flag=flag,
reward=old_reward)
else:
self.render_page(flag, errors=["Invalid flag submission"])
else:
self.render('public/404.html')
def edit_flags(self):
''' Edit existing flags in the database '''
try:
flag = Flag.by_uuid(self.get_argument('uuid', ''))
if flag is None:
raise ValidationError("Flag does not exist")
# Name
name = self.get_argument('name', '')
if flag.name != name:
logging.info("Updated flag name %s -> %s" % (
flag.name, name,
))
flag.name = name
token = self.get_argument('token', '')
if flag.token != token:
flag.token = token
# Description
description = self.get_argument('description', '')
if flag._description != description:
logging.info("Updated %s's description %s -> %s" % (
flag.name, flag._description, description,
))
flag.description = description
# Value
flag.value = self.get_argument('value', '')
flag.capture_message = self.get_argument('capture_message', '')
box = Box.by_uuid(self.get_argument('box_uuid', ''))
if box is not None and flag not in box.flags:
logging.info("Updated %s's box %d -> %d" % (
flag.name, flag.box_id, box.id
))
flag.box_id = box.id
elif box is None:
raise ValidationError("Box does not exist")
self.dbsession.add(flag)
self.dbsession.commit()
self.redirect("/admin/view/game_objects")
except ValidationError as error:
self.render("admin/view/game_objects.html", errors=["%s" % error])
def edit_hint(self):
''' Edit a hint object '''
try:
hint = Hint.by_uuid(self.get_argument('uuid', ''))
if hint is None:
raise ValidationError("Hint does not exist")
logging.debug("Edit hint object with uuid of %s" % hint.uuid)
price = self.get_argument('price', '')
if hint.price != price:
hint.price = price
description = self.get_argument('description', '')
hint.description = description
flag = Flag.by_uuid(self.get_argument('hint-flag_uuid', ''))
if flag:
flag_id = flag.id
else:
flag_id = None
hint.flag_id = flag_id
box = Box.by_id(flag.box_id)
self.dbsession.add(hint)
self.dbsession.commit()
self.redirect("/admin/view/game_objects#%s" % box.uuid)
except ValidationError as error:
self.render("admin/view/game_objects.html", errors=[str(error), ])
def flag(self):
return Flag.by_id(self.flag_id)
def post(self, *args, **kwargs):
''' Check validity of flag submissions '''
box_id = self.get_argument('box_id', None)
uuid = self.get_argument('uuid', '')
token = self.get_argument('token', '')
user = self.get_current_user()
if not self.application.settings['game_started'] and not user.is_admin():
self.render('missions/status.html', errors=None, info=["The game has not started yet"])
return
if(box_id is not None and token is not None):
flag = Flag.by_token_and_box_id(token, box_id)
else:
flag = Flag.by_uuid(uuid)
if flag is not None and Penalty.by_count(flag, user.team) >= self.config.max_flag_attempts:
self.render_page_by_flag(flag, info=["Max attempts reached - you can no longer answer this flag."])
return
if flag and flag in user.team.flags:
self.render_page_by_flag(flag)
elif flag is None or flag.game_level.type == 'none' or flag.game_level in user.team.game_levels:
submission = ''
if flag is not None and flag.is_file:
if hasattr(self.request, 'files') and 'flag' in self.request.files:
submission = self.request.files['flag'][0]['body']
else:
submission = self.get_argument('token', '')
if len(submission) == 0:
self.render_page_by_flag(flag, info=["No flag was provided - try again."])
old_reward = flag.value if flag is not None else 0
if flag is not None and self.attempt_capture(flag, submission):
self.add_content_policy('script', "'unsafe-eval'")
if self.config.story_mode and flag.capture_message and len(flag.capture_message) > 0:
self.render('missions/captured.html',
flag=flag,
reward=old_reward)
else:
success = self.success_capture(flag, old_reward)
self.render_page_by_flag(flag, success=success)
else:
if flag is None or Penalty.by_token_count(flag, user.team, submission) == 0:
if self.config.teams:
teamval = "team's "
else:
teamval = ""
penalty = self.failed_capture(flag, submission) if flag is not None else 0
penalty_dialog = "Sorry - Try Again"
if penalty:
if self.config.banking:
penalty_dialog = "$" + str(penalty) + " has been deducted from your " + teamval + "account."
else:
if penalty == 1:
point = " point has"
else:
point = " points have"
penalty_dialog = str(penalty) + point + " been deducted from your " + teamval + "score."
if flag is None:
self.render_page_by_box_id(box_id, errors=[penalty_dialog])
else:
self.render_page_by_flag(flag, errors=[penalty_dialog])
else:
if self.config.teams:
teamdup = " by your team. Try Again"
else:
teamdup = " by you. Try Again"
self.render_page_by_flag(flag, info=["Duplicate submission - this answer has already been attempted" + teamdup])
else:
self.render('public/404.html')
