def check_invoice_number(self, invoice_number, session_id, expected_text): self.http_session.cookies.set('session_id', session_id) payload = { 'state': json.dumps({'mode': 'invoice_info'}), 'msg': invoice_number } try: req = self.http_get('/get_bot_response', params=payload) except exceptions.RequestException: self.logger.debug( f"Could not get bot response. Payload: {payload}") raise enochecker.BrokenServiceException( "Could not check invoice number. Seems like the service is broken." ) enochecker.assert_equals( 200, req.status_code, "The request did not return with the expected response code. Verify, that the invoice service is returning the desired response." ) data = req.json() parsed_response = data['response'].replace('\\u200d', '\u200d') self.logger.debug( f"expected text: {expected_text}, data: {parsed_response}") enochecker.assert_in(expected_text, data['response'].replace('\\u200d', '\u200d'), f"Could not find expected invoice in response.")
def check_alarm(self, alarm_text, session_id): self.http_session.cookies.set('session_id', session_id) req = self.http_get("/alarm") enochecker.assert_equals(200, req.status_code, "Getting the alarm page did not return the expected response code.") enochecker.assert_in(alarm_text, req.text, f"Cannot find expected alarm text in response.")
def put_ticket(self) -> None: self.logger.debug("Starting putflag - ticket") username, password, cookies = self.register() # Place order buggy = random.choice(["super", "mega"]) color = random.choice(["terminal-turquoise", "cyber-cyan", "buggy-blue"]) quantity = random.randint(1, 99) response = self.http_post(route=f"/{buggy}-buggy", cookies=cookies, data={"color": color, "quantity": quantity},) assert_equals(302, response.status_code, "Order failed") assert_equals(response.next.url, response.url, "Order failed") self.logger.debug("order placed") # Write ticket subject = random_string(20) response = self.http_post(route="/tickets", cookies=cookies, data={"subject": subject, "message": self.flag},) self.logger.debug("ticket written") assert_equals(302, response.status_code, "Ticket failed") assert_equals(64, len(response.next.url.split("/")[-1]), "Ticket failed") try: hash = response.headers["location"].split("/")[-1].strip() except Exception: raise BrokenServiceException("Ticket failed") assert_equals(64, len(hash), "Ticket failed") # View order and ticket response = self.http_get(route=f"/profile", cookies=cookies) assert_equals(200, response.status_code, "Profile failed") assert_in("buggy-team", response.text, "Profile failed") assert_in("enjoy your stay!", response.text, "Profile failed") assert_in("questions or feedback?", response.text, "Profile failed") assert_in("Tickets: (1)", response.text, "Profile failed") assert_in("orders: (1)", response.text, "Profile failed") self.logger.debug(f"saving hash and order : {hash}") self.team_db[sha256ify(self.flag)] = (hash, username, password) self.logger.debug("Done putflag - ticket")
def test_assert_in(): with pytest.raises(BrokenServiceException): assert_in("fun", "games") assert_in("fun", "fun and games") assert_in("quack", ["quack", "foo"])
def put_status(self) -> None: self.logger.debug("Starting putflag - status") username, password, cookies = self.register() # View Profile response = self.http_get(route=f"/profile", cookies=cookies) assert_equals(200, response.status_code, "Profile failed") assert_in("buggy-team", response.text, "Profile failed") assert_in("enjoy your stay!", response.text, "Profile failed") assert_in("questions or feedback?", response.text, "Profile failed") assert_in("Tickets: (0)", response.text, "Profile failed") assert_in("orders: (0)", response.text, "Profile failed") response = self.http_post(route=f"/profile", cookies=cookies, data={"status": self.flag}) assert_equals(302, response.status_code, "Status failed") response = self.http_get(route=f"/profile", cookies=cookies) assert_equals(200, response.status_code, "Status failed") assert_in(self.flag, response.text, "Status failed") self.logger.debug(f"saving creds") self.team_db[sha256ify(self.flag)] = (username, password) self.logger.debug("Done putflag - status")
def getnoise(self) -> None: self.logger.info("Starting getnoise") try: (username, password) = self.team_db[sha256ify(self.noise)] except KeyError as e: self.logger.warning(f"noise info missing, {e}") return Result.MUMBLE except ValueError as e: self.logger.warning(f"cannot get creds, {e}") return Result.MUMBLE response = self.http_post(route="/login", data={"username": username, "pw": password}) cookies = response.cookies if "buggy-cookie" not in cookies.keys(): self.logger.debug(f"Failed login for user {username} (missing cookies).") raise BrokenServiceException("Cookies missing") assert_equals(302, response.status_code, "Login failed") assert_equals(response.next.url, response.url.replace("login", ""), "Login failed") # check profile response = self.http_get(route=f"/profile", cookies=cookies) profile = response.text assert_in(self.noise, response.text, "Noise missing") assert_equals(200, response.status_code, "Profile failed") assert_in("buggy-team", response.text, "Profile failed") assert_in("enjoy your stay!", response.text, "Profile failed") assert_in("questions or feedback?", response.text, "Profile failed") assert_in("Tickets: (1)", response.text, "Profile failed") assert_in("orders: (1)", response.text, "Profile failed") # Check /tickets tickets_regex = re.compile(r"tickets\/(\w{64})") tickets = tickets_regex.findall(profile) if not tickets: raise BrokenServiceException("Ticket(s) missing.") for ticket in tickets: response = self.http_get(route=f"/tickets/{ticket}", cookies=cookies) assert_in(self.noise, response.text, "Ticket view failed.") assert_equals(200, response.status_code, "Ticket view failed.") assert_in("buggy-team", response.text, "Ticket view failed.") assert_in(username, response.text, "Ticket view failed.") assert_in("Profile", response.text, "Ticket view failed.") # Check /orders orders_regex = re.compile(r"orders\/(\w{64})") orders = orders_regex.findall(profile) if not orders: raise BrokenServiceException("Order(s) missing.") for order in orders: response = self.http_get(route=f"/orders/{order}", cookies=cookies) assert_equals(200, response.status_code, "Order view failed.") assert_in("Profile", response.text, "Order view failed.") assert_in("Expected Delivery", response.text, "Order view failed.") # assert_in(username, response.text, "Order view failed.") # Too many collisions # Check /user user_regex = re.compile(r"Username:\s([0-9a-zA-Z._-]{1,64})<\/h3>") try: username_from_profile = user_regex.findall(profile)[0] except Exception as e: self.error("Failed to get username at /user") raise BrokenServiceException("User view failed.") if not username_from_profile: raise BrokenServiceException("User view failed.") response = self.http_get(route=f"/user/{username_from_profile}", cookies=cookies) assert_equals(200, response.status_code, "User view failed.") assert_in("Profile", response.text, "User view failed.") assert_in(self.noise, response.text, "User view failed.") assert_in("Buggy Bonus Points:", response.text, "User view failed.") self.logger.debug("Done getnoise")
def putnoise(self) -> None: status = [ "Beeing Funky!", "Im in ur base, killing ur d00dz", "Do or do not. There is no try.", "You must unlearn what you have learned.", "The greatest teacher, failure is.", "Pass on what you have learned.", "I’m too lazy to stop being lazy.", "Operator! Give me the number for 911!", "Kids, just because I don’t care doesn’t mean I’m not listening.", "Even communism works… in theory", ] messages = [ "KHAAAAN!", "Do what I do. Hold tight and pretend it’s a plan!", "Never run when you’re scared.", "Superior intelligence and senseless cruelty just do not go together.", "Come on, Rory! It isn’t rocket science, it’s just quantum physics!", "Always take a banana to a party, Rose: bananas are good!", "Never be certain of anything. It’s a sign of weakness.", "Two things are infinite: the universe and human stupidity; and I'm not sure about the universe.", "A gun is not a weapon, it’s a tool, like a hammer or a screwdriver or an alligator.", ] comments = [ "Awesome!", "Amazing!", "This is so buggy!", ] self.logger.info("Starting putnoise") username, password, cookies = self.register() # Post Comment comment = random.choice(comments) buggy = random.choice(["super", "mega"]) response = self.http_post(route=f"/{buggy}-buggy", data={"comment": comment}, cookies=cookies, allow_redirects=False,) self.logger.debug("comment written") response = self.http_get(route=f"/{buggy}-buggy", data={"comment": comment}, cookies=cookies) assert_equals(200, response.status_code, "Commenting failed") assert_in(comment, response.text, "Commenting failed") assert_in(username, response.text, "Commenting failed") # View Profile response = self.http_get(route=f"/profile", cookies=cookies) assert_equals(200, response.status_code, "Profile failed") assert_in("buggy-team", response.text, "Profile failed") assert_in("enjoy your stay!", response.text, "Profile failed") assert_in("questions or feedback?", response.text, "Profile failed") assert_in("Tickets: (0)", response.text, "Profile failed") assert_in("orders: (0)", response.text, "Profile failed") # Set Status response = self.http_post(route=f"/profile", cookies=cookies, data={"status": random.choice(status) + self.noise},) assert_equals(302, response.status_code, "Status failed") response = self.http_get(route=f"/profile", cookies=cookies) assert_equals(200, response.status_code, "Status failed") assert_in(self.noise, response.text, "Status failed") # Place Order buggy = random.choice(["super", "mega"]) color = random.choice(["terminal-turquoise", "cyber-cyan", "buggy-blue"]) quantity = random.randint(1, 99) response = self.http_post(route=f"/{buggy}-buggy", cookies=cookies, data={"color": color, "quantity": quantity},) assert_equals(302, response.status_code, "Order failed") assert_equals(response.next.url, response.url, "Order failed") self.logger.debug("order placed") # Write Ticket subject = random_string(20) response = self.http_post( route="/tickets", cookies=cookies, data={"subject": subject, "message": random.choice(messages) + self.noise}, ) self.logger.debug("ticket written") assert_equals(302, response.status_code, "Ticket failed") assert_equals(64, len(response.next.url.split("/")[-1]), "Ticket failed") try: hash = response.headers["location"].split("/")[-1].strip() except Exception: raise BrokenServiceException("Ticket failed") assert_equals(64, len(hash), "Ticket failed") # View order and ticket response = self.http_get(route=f"/profile", cookies=cookies) assert_equals(200, response.status_code, "Profile failed") assert_in("buggy-team", response.text, "Profile failed") assert_in("enjoy your stay!", response.text, "Profile failed") assert_in("questions or feedback?", response.text, "Profile failed") assert_in("Tickets: (1)", response.text, "Profile failed") assert_in("orders: (1)", response.text, "Profile failed") self.logger.debug(f"saving creds {username} {password} {hash}") self.team_db[sha256ify(self.noise)] = (username, password) self.logger.debug("Done putnoise - status")
def get_ticket(self) -> None: # TODO: Check order? self.logger.debug("Starting getflag - ticket") try: (hash, username, password) = self.team_db[sha256ify(self.flag)] except KeyError as e: self.logger.warning(f"flag info missing, {e}") return Result.MUMBLE except ValueError as e: self.logger.warning(f"cannot get creds, {e}") return Result.MUMBLE response = self.http_post(route="/login", data={"username": username, "pw": password}) cookies = response.cookies if "buggy-cookie" not in cookies.keys(): self.logger.debug(f"Failed login for user {username}") raise BrokenServiceException("Cookies missing") assert_equals(302, response.status_code, "Login failed") assert_equals(response.next.url, response.url.replace("login", ""), "Login failed") response = self.http_get(route=f"/tickets/{hash}", cookies=cookies) assert_equals(200, response.status_code, "Login failed") assert_in(self.flag, response.text, "Flag missing") response = self.http_get(route=f"/profile", cookies=cookies) assert_equals(200, response.status_code, "Profile failed") assert_in("buggy-team", response.text, "Profile failed") assert_in("enjoy your stay!", response.text, "Profile failed") assert_in("questions or feedback?", response.text, "Profile failed") assert_in("Tickets: (1)", response.text, "Profile failed") assert_in("orders: (1)", response.text, "Profile failed") self.logger.debug("Done getflag - ticket")