Example #1
0
 def setUp(self):
     self.box, self.corp = create_box()
     self.static_flag = Flag.create_flag(
         _type=FLAG_STATIC,
         box=self.box,
         name="Static Flag",
         raw_token="statictoken",
         description="A static test token",
         value=100,
     )
     self.regex_flag = Flag.create_flag(
         _type=FLAG_REGEX,
         box=self.box,
         name="Regex Flag",
         raw_token="(f|F)oobar",
         description="A regex test token",
         value=200,
     )
     self.file_flag = Flag.create_flag(
         _type=FLAG_FILE,
         box=self.box,
         name="File Flag",
         raw_token="fdata",
         description="A file test token",
         value=300,
     )
     dbsession.add(self.static_flag)
     dbsession.add(self.regex_flag)
     dbsession.add(self.file_flag)
     dbsession.commit()
 def _mkflag(self, flag_type, is_file=False):
     ''' Creates the flag in the database '''
     box = Box.by_uuid(self.get_argument('box_uuid', ''))
     if box is None:
         raise ValidationError('Box does not exist')
     if is_file:
         if not hasattr(self.request, 'files') or not 'flag' in self.request.files:
             raise ValidationError('No file in request')
         token = self.request.files['flag'][0]['body']
     else:
         token = self.get_argument('token', '')
     name = self.get_argument('flag_name', '')
     description = self.get_argument('description', '')
     reward = self.get_argument('reward', '')
     flag = Flag.create_flag(
         flag_type, box, name, token, description, reward)
     flag.capture_message = self.get_argument('capture_message', '')
     flag.case_sensitive = self.get_argument('case-sensitive', 1)
     lock = Flag.by_uuid(self.get_argument('lock_uuid', ''))
     if lock:
         flag.lock_id = lock.id
     else:
         flag.lock_id = None
     self.add_attachments(flag)
     self.dbsession.add(flag)
     self.dbsession.commit()
     choices = self.get_arguments('addmore[]', strip=True)
     if choices is not None:
         for item in choices:
             FlagChoice.create_choice(flag, item)
     self.redirect("/admin/view/game_objects#%s" % box.uuid)
 def post(self, *args, **kwargs):
     game_objects = {
         'game_level': GameLevel,
         'corporation': Corporation,
         'flag': Flag,
         'box': Box,
         'hint': Hint,
     }
     obj_name = self.get_argument('obj', '')
     uuid = self.get_argument('uuid', '')
     if obj_name in game_objects.keys():
         obj = game_objects[obj_name].by_uuid(uuid)
         if obj is not None:
             self.write(obj.to_dict())
         else:
             self.write({'Error': 'Invalid uuid.'})
     elif obj_name == "stats":
         flag = Flag.by_uuid(uuid)
         if flag is not None:
             if options.banking:
                 flaginfo = [{"name": flag.name, "token": flag.token, "price": "$" + str(flag.value)}]
             else:
                 flaginfo = [{"name": flag.name, "token": flag.token, "price": str(flag.value) + " points"}]
             captures = []
             for item in Flag.captures(flag.id):
                 team = Team.by_id(item[0])
                 if team:
                     captures.append({"name": team.name})
             attempts = []
             for item in Penalty.by_flag_id(flag.id):
                 team = Team.by_id(item.team_id)
                 if team:
                     attempts.append({"name": team.name, "token": item.token})
             hints = []
             for item in Hint.taken_by_flag(flag.id):
                 team = Team.by_id(item.team_id)
                 hint = Hint.by_id(item.hint_id)
                 if team:
                     if options.banking:
                         hints.append({"name": team.name, "price": "$" + str(hint.price)})
                     else:
                         hints.append({"name": team.name, "price": str(hint.price) + " points"})
             obj = {
                 "flag": flaginfo,
                 "captures": captures, 
                 "attempts": attempts, 
                 "hints": hints,
                 }
             self.write(obj)
         else:
             self.write({'Error': 'Invalid uuid.'})
     else:
         self.write({'Error': 'Invalid object type.'})
     self.finish()
 def edit_flags(self):
     ''' Edit existing flags in the database '''
     try:
         flag = Flag.by_uuid(self.get_argument('uuid', ''))
         if flag is None:
             raise ValidationError("Flag does not exist")
         # Name
         name = self.get_argument('name', '')
         if flag.name != name:
             logging.info("Updated flag name %s -> %s" % (
                 flag.name, name,
             ))
             flag.name = name
         token = self.get_argument('token', '')
         if flag.token != token:
             flag.token = token
         # Description
         description = self.get_argument('description', '')
         if flag._description != description:
             logging.info("Updated %s's description %s -> %s" % (
                 flag.name, flag._description, description,
             ))
             flag.description = description
         # Value
         flag.value = self.get_argument('value', '')
         flag.original_value = self.get_argument('value', '')
         flag.capture_message = self.get_argument('capture_message', '')
         flag.case_sensitive = self.get_argument('case-sensitive', 1)
         # Dependency Lock
         lock = Flag.by_uuid(self.get_argument('lock_uuid', ''))
         if lock:
             flag.lock_id = lock.id
         else:
             flag.lock_id = None
         box = Box.by_uuid(self.get_argument('box_uuid', ''))
         if box is not None and flag not in box.flags:
             logging.info("Updated %s's box %d -> %d" % (
                 flag.name, flag.box_id, box.id
             ))
             flag.box_id = box.id
         elif box is None:
             raise ValidationError("Box does not exist")
         self.dbsession.add(flag)
         self.dbsession.commit()
         if flag.type == FLAG_CHOICE:
             self.edit_choices(flag, self.request.arguments)
         self.redirect("/admin/view/game_objects#%s" % box.uuid)
     except ValidationError as error:
         self.render("admin/view/game_objects.html", errors=["%s" % error])
Example #5
0
 def setUp(self):
     self.box, self.corp = create_box()
     self.static_flag = Flag.create_flag(
         _type=FLAG_STATIC,
         box=self.box,
         name="Static Flag",
         raw_token="statictoken",
         description="A static test token",
         value=100,
     )
     self.regex_flag = Flag.create_flag(
         _type=FLAG_REGEX,
         box=self.box,
         name="Regex Flag",
         raw_token="(f|F)oobar",
         description="A regex test token",
         value=200,
     )
     self.file_flag = Flag.create_flag(
         _type=FLAG_FILE,
         box=self.box,
         name="File Flag",
         raw_token="fdata",
         description="A file test token",
         value=300,
     )
     self.choice_flag = Flag.create_flag(
         _type=FLAG_CHOICE,
         box=self.box,
         name="Choice Flag",
         raw_token="fdata",
         description="A choice test token",
         value=400,
     )
     self.datetime_flag = Flag.create_flag(
         _type=FLAG_DATETIME,
         box=self.box,
         name="Datetime Flag",
         raw_token="2018-06-22 18:00:00",
         description="A datetime test token",
         value=500,
     )
     
     dbsession.add(self.static_flag)
     dbsession.add(self.regex_flag)
     dbsession.add(self.file_flag)
     dbsession.add(self.choice_flag)
     dbsession.add(self.datetime_flag)
     dbsession.commit()
Example #6
0
 def edit_flags(self):
     ''' Super ugly code, yes - Edit existing flags in the database '''
     flag = Flag.by_uuid(self.get_argument('uuid', ''))
     if flag is not None:
         try:
             name = self.get_argument('name', '')
             if flag.name != name:
                 if Flag.by_name(name) is None:
                     logging.info("Updated flag name %s -> %s" %
                         (flag.name, name,)
                     )
                     flag.name = name
                 else:
                     raise ValueError("Flag name already exists")
             token = self.get_argument('token', '')
             if flag.token != token:
                 if Flag.by_token(token) is None:
                     logging.info("Updated %s's token %s -> %s" %
                         (flag.name, flag.token, token)
                     )
                     flag.token = token
                 else:
                     raise ValueError("Token is not unique")
             description = self.get_argument('description', '')
             if flag._description != description:
                 logging.info("Updated %s's description %s -> %s" %
                     (flag.name, flag._description, description,)
                 )
                 flag.description = description
             flag.value = self.get_argument('value', '')
             flag.capture_message = self.get_argument('capture_message', '')
             box = Box.by_uuid(self.get_argument('box_uuid', ''))
             if box is not None and flag not in box.flags:
                 logging.info("Updated %s's box %d -> %d" %
                     (flag.name, flag.box_id, box.id)
                 )
                 flag.box_id = box.id
             elif box is None:
                 raise ValueError("Box does not exist")
             self.dbsession.add(flag)
             self.dbsession.commit()
             self.redirect("/admin/view/game_objects")
         except ValueError as error:
             self.render("admin/view/game_objects.html", errors=["%s" % error])
     else:
         self.render("admin/view/game_objects.html",
             errors=["Flag does not exist"]
         )
Example #7
0
 def failed_capture(self, flag, submission):
     user = self.get_current_user()
     if submission is not None and flag not in user.team.flags:
         if flag.is_file:
             submission = Flag.digest(submission)
         Penalty.create_attempt(
             team=user.team,
             flag=flag,
             submission=submission,
         )
         if not self.config.penalize_flag_value:
             return False
         attempts = Penalty.by_count(flag, user.team)
         if attempts < self.config.flag_start_penalty:
             return False
         if attempts >= self.config.flag_stop_penalty:
             return False
         penalty = int(flag.value * self.config.flag_penalty_cost * .01)
         logging.info("%s (%s) capture failed '%s' - lost %s" % (
             user.handle, user.team.name, flag.name, penalty
         ))
         user.team.money -= penalty
         user.money -= penalty
         self.dbsession.add(user.team)
         self.dbsession.flush()
         self.event_manager.flag_penalty(user, flag)
         self.dbsession.commit()
         return penalty
     return False
 def edit_flag_order(self):
     ''' Edit flag order in the database '''
     try:
         flag = Flag.by_uuid(self.get_argument('uuid', ''))
         if flag is None:
             raise ValidationError("Flag does not exist")
         flag.order = self.get_argument('order', '')
         self.dbsession.add(flag)
         self.dbsession.commit()
     except ValidationError as error:
         logging.error("Failed to reorder flag: %s" % error)
Example #9
0
 def to_dict(self):
     flag = Flag.by_id(self.flag_id)
     if flag:
         flag_uuid = flag.uuid
     else:
         flag_uuid = ""
     return {
         'price': str(self.price),
         'description': self.description,
         'flag_uuid': flag_uuid,
         'uuid': self.uuid,
         'flaglist': Box.flaglist(self.box_id)
     }
Example #10
0
 def get(self, *args, **kwargs):
     uuid = self.get_argument('flag', None)
     reward = self.get_argument('reward', None)
     user = self.get_current_user()
     flag = Flag.by_uuid(uuid)
     if flag is not None and flag in user.team.flags:
         self.add_content_policy('script', "'unsafe-eval'")
         if self.config.story_mode and flag.capture_message and len(flag.capture_message) > 0:
             self.render('missions/captured.html',
                         flag=flag,
                         reward=reward)
             return
     self.render('public/404.html')
Example #11
0
 def del_flag(self):
     ''' Delete a flag object from the database '''
     flag = Flag.by_uuid(self.get_argument('uuid', ''))
     if flag is not None:
         logging.info("Deleted flag: %s " % flag.name)
         self.dbsession.delete(flag)
         self.dbsession.commit()
         self.redirect('/admin/view/game_objects')
     else:
         logging.info("Flag (%r) does not exist in the database" %
             self.get_argument('uuid', '')
         )
         self.render("admin/view/game_objects.html",
             errors=["Flag does not exist in database."]
         )
Example #12
0
 def _mkflag(self, flag_type, is_file=False):
     name = self.get_argument('flag_name', '')
     if is_file:
         if not 'flag' in self.request.files:
             raise ValueError('No file in request')
         token = self.request.files['flag'][0]['body']
     else:
         token = self.get_argument('token', '')
     description = self.get_argument('description', '')
     reward = int(self.get_argument('reward', ''))
     box = Box.by_uuid(self.get_argument('box_uuid', ''))
     if box is None:
         raise ValueError('Box does not exist')
     flag = Flag.create_flag(flag_type, box, name, token, description, reward)
     flag.capture_message = self.get_argument('capture_message', '')
     self.dbsession.add(flag)
     self.dbsession.commit()
     self.redirect('/admin/view/game_objects')
 def post(self, *args, **kwargs):
     ''' Check validity of flag submissions '''
     flag = Flag.by_uuid(self.get_argument('uuid', ''))
     user = self.get_current_user()
     if flag is not None and flag.game_level in user.team.game_levels:
         if flag.is_file and 'flag' in self.request.files:
             submission = self.request.files['flag'][0]['body']
         elif not flag.is_file:
             submission = self.get_argument('token', '')
         else:
             submission = None
         old_reward = flag.value
         if self.attempt_capture(flag, submission):
             self.set_header("Content-Security-Policy", self.relaxed_csp)
             self.render('missions/captured.html', flag=flag, reward=old_reward)
         else:
             self.render_page(flag, errors=["Invalid flag submission"])
     else:
         self.render('public/404.html')
 def create_hint(self):
     ''' Add hint to database '''
     try:
         box = Box.by_uuid(self.get_argument('box_uuid', ''))
         if box is None:
             raise ValidationError("Box does not exist")
         hint = Hint(box_id=box.id)
         hint.price = self.get_argument('price', '')
         hint.description = self.get_argument('description', '')
         flag = Flag.by_uuid(self.get_argument('flag_uuid', ''))
         if flag:
             hint.flag_id = flag.id
         else:
             hint.flag_id = None
         self.dbsession.add(hint)
         self.dbsession.commit()
         self.redirect("/admin/view/game_objects#%s" % box.uuid)
     except ValidationError as error:
         self.render('admin/create/hint.html', errors=[str(error), ])
Example #15
0
 def post(self, *args, **kwargs):
     ''' Check validity of flag submissions '''
     flag = Flag.by_uuid(self.get_argument('uuid', ''))
     user = self.get_current_user()
     if flag is not None and flag.game_level in user.team.game_levels:
         submission = ''
         if flag.is_file:
             if hasattr(self.request, 'files') and 'flag' in self.request.files:
                 submission = self.request.files['flag'][0]['body']
         else:
             submission = self.get_argument('token', '')
         old_reward = flag.value
         if self.attempt_capture(flag, submission):
             self.add_content_policy('script', "'unsafe-eval'")
             self.render('missions/captured.html',
                         flag=flag,
                         reward=old_reward)
         else:
             self.render_page(flag, errors=["Invalid flag submission"])
     else:
         self.render('public/404.html')
 def edit_flags(self):
     ''' Edit existing flags in the database '''
     try:
         flag = Flag.by_uuid(self.get_argument('uuid', ''))
         if flag is None:
             raise ValidationError("Flag does not exist")
         # Name
         name = self.get_argument('name', '')
         if flag.name != name:
             logging.info("Updated flag name %s -> %s" % (
                 flag.name, name,
             ))
             flag.name = name
         token = self.get_argument('token', '')
         if flag.token != token:
             flag.token = token
         # Description
         description = self.get_argument('description', '')
         if flag._description != description:
             logging.info("Updated %s's description %s -> %s" % (
                 flag.name, flag._description, description,
             ))
             flag.description = description
         # Value
         flag.value = self.get_argument('value', '')
         flag.capture_message = self.get_argument('capture_message', '')
         box = Box.by_uuid(self.get_argument('box_uuid', ''))
         if box is not None and flag not in box.flags:
             logging.info("Updated %s's box %d -> %d" % (
                 flag.name, flag.box_id, box.id
             ))
             flag.box_id = box.id
         elif box is None:
             raise ValidationError("Box does not exist")
         self.dbsession.add(flag)
         self.dbsession.commit()
         self.redirect("/admin/view/game_objects")
     except ValidationError as error:
         self.render("admin/view/game_objects.html", errors=["%s" % error])
 def edit_hint(self):
     ''' Edit a hint object '''
     try:
         hint = Hint.by_uuid(self.get_argument('uuid', ''))
         if hint is None:
             raise ValidationError("Hint does not exist")
         logging.debug("Edit hint object with uuid of %s" % hint.uuid)
         price = self.get_argument('price', '')
         if hint.price != price:
             hint.price = price
         description = self.get_argument('description', '')
         hint.description = description
         flag = Flag.by_uuid(self.get_argument('hint-flag_uuid', ''))
         if flag:
             flag_id = flag.id
         else:
             flag_id = None
         hint.flag_id = flag_id
         box = Box.by_id(flag.box_id)
         self.dbsession.add(hint)
         self.dbsession.commit()
         self.redirect("/admin/view/game_objects#%s" % box.uuid)
     except ValidationError as error:
         self.render("admin/view/game_objects.html", errors=[str(error), ])
Example #18
0
 def flag(self):
     return Flag.by_id(self.flag_id)
Example #19
0
 def post(self, *args, **kwargs):
     ''' Check validity of flag submissions '''
     box_id = self.get_argument('box_id', None)
     uuid = self.get_argument('uuid', '')
     token = self.get_argument('token', '')
     user = self.get_current_user()
     if not self.application.settings['game_started'] and not user.is_admin():
         self.render('missions/status.html', errors=None, info=["The game has not started yet"])
         return
     if(box_id is not None and token is not None):
         flag = Flag.by_token_and_box_id(token, box_id)
     else:
         flag = Flag.by_uuid(uuid)
         if flag is not None and Penalty.by_count(flag, user.team) >= self.config.max_flag_attempts:
             self.render_page_by_flag(flag, info=["Max attempts reached - you can no longer answer this flag."])
             return
     if flag and flag in user.team.flags:
         self.render_page_by_flag(flag)
     elif flag is None or flag.game_level.type == 'none' or flag.game_level in user.team.game_levels:
         submission = ''
         if flag is not None and flag.is_file:
             if hasattr(self.request, 'files') and 'flag' in self.request.files:
                 submission = self.request.files['flag'][0]['body']
         else:
             submission = self.get_argument('token', '')
         if len(submission) == 0:
               self.render_page_by_flag(flag, info=["No flag was provided - try again."])
         old_reward = flag.value if flag is not None else 0
         if flag is not None and self.attempt_capture(flag, submission):
             self.add_content_policy('script', "'unsafe-eval'")
             if self.config.story_mode and flag.capture_message and len(flag.capture_message) > 0:
                 self.render('missions/captured.html',
                             flag=flag,
                             reward=old_reward)
             else:
                 success = self.success_capture(flag, old_reward)
                 self.render_page_by_flag(flag, success=success)
         else:
             if flag is None or Penalty.by_token_count(flag, user.team, submission) == 0:
                 if self.config.teams:
                     teamval = "team's "
                 else:
                     teamval = ""
                 penalty = self.failed_capture(flag, submission) if flag is not None else 0
                 penalty_dialog = "Sorry - Try Again"
                 if penalty:
                     if self.config.banking:
                         penalty_dialog = "$" + str(penalty) + " has been deducted from your " + teamval + "account."
                     else:
                         if penalty == 1:
                             point = " point has"
                         else:
                             point = " points have"
                         penalty_dialog = str(penalty) + point + " been deducted from your " + teamval + "score."
                 if flag is None:
                     self.render_page_by_box_id(box_id, errors=[penalty_dialog])
                 else:
                     self.render_page_by_flag(flag, errors=[penalty_dialog])
             else:
                 if self.config.teams:
                     teamdup = " by your team.  Try Again"
                 else:
                     teamdup = " by you.  Try Again"
                 self.render_page_by_flag(flag, info=["Duplicate submission - this answer has already been attempted" + teamdup])
     else:
         self.render('public/404.html')