def test_can_add_requirement_dynamic_challenge():
"""Test that requirements can be added to dynamic challenges"""
app = create_ctfd(enable_plugins=True)
with app.app_context():
challenge_data = {
"name": "name",
"category": "category",
"description": "description",
"value": 100,
"decay": 20,
"minimum": 1,
"state": "hidden",
"type": "dynamic"
}
req = FakeRequest(form=challenge_data)
challenge = DynamicValueChallenge.create(req)
assert challenge.value == 100
assert challenge.initial == 100
assert challenge.decay == 20
assert challenge.minimum == 1
challenge_data = {
"name": "second_name",
"category": "category",
"description": "new_description",
"value": "200",
"initial": "200",
"decay": "40",
"minimum": "5",
"max_attempts": "0",
"state": "visible"
}
req = FakeRequest(form=challenge_data)
challenge = DynamicValueChallenge.create(req)
assert challenge.name == 'second_name'
assert challenge.description == "new_description"
assert challenge.value == 200
assert challenge.initial == 200
assert challenge.decay == 40
assert challenge.minimum == 5
assert challenge.state == "visible"
challenge_data = {
"requirements": [1]
}
req = FakeRequest(form=challenge_data)
challenge = DynamicValueChallenge.update(challenge, req)
assert challenge.requirements == [1]
destroy_ctfd(app)
def test_create_for_incorrect_data(self):
with DBHandler():
response = asyncio.get_event_loop().run_until_complete(
self.sample_model_view.create(FakeRequest(data=b'/x///')))
response_data = json.loads(response.body.decode())
assert response_data == {'detail': 'invalid request for create.'}
def test_delete_for_invalid_url(self):
response = asyncio.get_event_loop().run_until_complete(
self.sample_model_view.update(
FakeRequest(url_params={'id': 'aaa'})))
response_data = json.loads(response.body.decode())
assert response_data == {'detail': 'invalid request for update'}
def test_dynamic_challenge_doesnt_lose_value_on_update():
"""Dynamic challenge updates without changing any values or solves shouldn't change the current value. See #1043"""
app = create_ctfd(enable_plugins=True)
with app.app_context():
challenge_data = {
"name": "name",
"category": "category",
"description": "description",
"value": 10000,
"decay": 4,
"minimum": 10,
"state": "visible",
"type": "dynamic",
}
req = FakeRequest(form=challenge_data)
challenge = DynamicValueChallenge.create(req)
challenge_id = challenge.id
gen_flag(app.db, challenge_id=challenge.id, content="flag")
register_user(app)
with login_as_user(app) as client:
data = {"submission": "flag", "challenge_id": challenge_id}
r = client.post("/api/v1/challenges/attempt", json=data)
assert r.status_code == 200
assert r.get_json()["data"]["status"] == "correct"
chal = Challenges.query.filter_by(id=challenge_id).first()
prev_chal_value = chal.value
chal = DynamicValueChallenge.update(chal, req)
assert prev_chal_value == chal.value
destroy_ctfd(app)
def test_can_update_dynamic_challenge():
"""Test that dynamic challenges can be deleted"""
app = create_kmactf(enable_plugins=True)
with app.app_context():
challenge_data = {
"name": "name",
"category": "category",
"description": "description",
"value": 100,
"decay": 20,
"minimum": 1,
"state": "hidden",
"type": "dynamic",
}
req = FakeRequest(form=challenge_data)
challenge = DynamicValueChallenge.create(req)
assert challenge.value == 100
assert challenge.initial == 100
assert challenge.decay == 20
assert challenge.minimum == 1
challenge_data = {
"name": "new_name",
"category": "category",
"description": "new_description",
"value": "200",
"initial": "200",
"decay": "40",
"minimum": "5",
"max_attempts": "0",
"state": "visible",
}
req = FakeRequest(form=challenge_data)
challenge = DynamicValueChallenge.update(challenge, req)
assert challenge.name == "new_name"
assert challenge.description == "new_description"
assert challenge.value == 200
assert challenge.initial == 200
assert challenge.decay == 40
assert challenge.minimum == 5
assert challenge.state == "visible"
destroy_kmactf(app)
def test_create_for_invalid_url(self):
with DBHandler():
response = asyncio.get_event_loop().run_until_complete(
self.sample_model_view.create(
FakeRequest(url_params={'id': 'invalid id'})))
response_data = json.loads(response.body.decode())
assert response_data == {'detail': 'Method POST not allowed.'}
def test_get_incorrect_instance(self):
with DBHandler():
response = asyncio.get_event_loop().run_until_complete(
self.sample_model_view.instance(
FakeRequest(url_params={'id': 'invalid id'})))
response_data = json.loads(response.body.decode())
assert response_data == {'detail': 'not found'}
def test_update_for_not_existing_pk(self):
response = asyncio.get_event_loop().run_until_complete(
self.sample_model_view.update(
FakeRequest(url_params={'id': 'aa'},
data={'name': 'correct name'})))
response_data = json.loads(response.body.decode())
assert response_data == {'detail': 'objects does not exists'}
def test_can_update_dynamic_challenge():
app = create_ctfd(enable_plugins=True)
with app.app_context():
challenge_data = {
"name": "name",
"category": "category",
"description": "description",
"value": 100,
"slope": 20,
"decrease": 1,
"state": "hidden",
"type": "dynamic",
}
req = FakeRequest(form=challenge_data)
challenge = DynamicValueChallenge.create(req)
assert challenge.value == 100
assert challenge.initial == 100
assert challenge.slope == 20
assert challenge.decrease == 1
challenge_data = {
"name": "new_name",
"category": "category",
"description": "new_description",
"value": 200,
"initial": 200,
"slope": 40,
"decrease": 5,
"max_attempts": "0",
"state": "visible",
}
req = FakeRequest(form=challenge_data)
challenge = DynamicValueChallenge.update(challenge, req)
assert challenge.name == "new_name"
assert challenge.description == "new_description"
assert challenge.value == 200
assert challenge.initial == 200
assert challenge.slope == 40
assert challenge.decrease == 5
assert challenge.state == "visible"
destroy_ctfd(app)
def test_update_for_incorrect_data(self):
with DBHandler():
sample_model = asyncio.get_event_loop().run_until_complete(
SampleModel.first())
response = asyncio.get_event_loop().run_until_complete(
self.sample_model_view.update(
FakeRequest(url_params={'id': sample_model.id},
data=b'/x///')))
response_data = json.loads(response.body.decode())
assert response_data == {'detail': 'invalid request for update'}
def test_delete(self):
with DBHandler():
sample_model = asyncio.get_event_loop().run_until_complete(
SampleModel.first())
response = asyncio.get_event_loop().run_until_complete(
self.sample_model_view.delete(
FakeRequest(url_params={'id': sample_model.id})))
response_data = json.loads(response.body.decode())
assert response_data == {'deleted': True}
assert asyncio.get_event_loop().run_until_complete(
SampleModel.filter(id=sample_model.id)) == []
def test_create_for_invalid_data(self):
with DBHandler():
response = asyncio.get_event_loop().run_until_complete(
self.sample_model_view.create(
FakeRequest(data={'name': [1, 2, 3]})))
response_data = json.loads(response.body.decode())
assert response_data == {
'detail': {
'name': 'incorrect value, cannot transform to string'
}
}
def test_get_list(self):
with DBHandler():
response = asyncio.get_event_loop().run_until_complete(
self.sample_model_view.list(FakeRequest()))
response_data = json.loads(response.body.decode())
sample_models = asyncio.get_event_loop().run_until_complete(
SampleModel.all())
models_dicts = [{
'id': sample_model.id,
'name': sample_model.name
} for sample_model in sample_models]
assert models_dicts == response_data
def test_get_correct_instance(self):
with DBHandler():
sample_model = asyncio.get_event_loop().run_until_complete(
SampleModel.first())
response = asyncio.get_event_loop().run_until_complete(
self.sample_model_view.instance(
FakeRequest(url_params={'id': sample_model.id})))
response_data = json.loads(response.body.decode())
assert {
'id': sample_model.id,
'name': sample_model.name
} == response_data
def test_create(self):
with DBHandler():
create_data = {'name': 'correct name'}
response = asyncio.get_event_loop().run_until_complete(
self.sample_model_view.create(
FakeRequest(data={'name': 'correct name'})))
response_data = json.loads(response.body.decode())
new_instance = asyncio.get_event_loop().run_until_complete(
SampleModel.get(**create_data))
assert {
'id': new_instance.id,
'name': new_instance.name
} == response_data
def test_update(self):
with DBHandler():
update_data = {'name': 'updated name'}
sample_model = asyncio.get_event_loop().run_until_complete(
SampleModel.first())
response = asyncio.get_event_loop().run_until_complete(
self.sample_model_view.update(
FakeRequest(url_params={'id': sample_model.id},
data=update_data)))
response_data = json.loads(response.body.decode())
sample_model = asyncio.get_event_loop().run_until_complete(
SampleModel.get(**update_data))
assert response_data == {
'id': sample_model.id,
'name': sample_model.name
}
def test_delete_for_incorrect_url(self):
response = asyncio.get_event_loop().run_until_complete(
self.sample_model_view.delete(FakeRequest()))
response_data = json.loads(response.body.decode())
assert response_data == {'detail': 'Method DELETE not allowed.'}
def test_update_for_invalid_url(self):
response = asyncio.get_event_loop().run_until_complete(
self.sample_model_view.update(FakeRequest(url_params={})))
response_data = json.loads(response.body.decode())
assert response_data == {'detail': 'Method PATCH not allowed.'}