def delete(challenge): """ This method is used to delete the resources used by a challenge. :param challenge: :return: """ # delete bonus award # TODO: kinda hack-ish (mod Awards table instead ?) owner = CommunityChallengeModel.query.filter( CommunityChallengeModel.id == challenge.id).first().owner name = "Bonus points for submitting challenge " + challenge.name Awards.query.filter_by(teamid=owner, name=name, value=challenge.value).delete() # delete all other resources WrongKeys.query.filter_by(chalid=challenge.id).delete() Solves.query.filter_by(chalid=challenge.id).delete() Keys.query.filter_by(chal=challenge.id).delete() files = Files.query.filter_by(chal=challenge.id).all() for f in files: utils.delete_file(f.id) Files.query.filter_by(chal=challenge.id).delete() Tags.query.filter_by(chal=challenge.id).delete() Hints.query.filter_by(chal=challenge.id).delete() CommunityChallengeModel.query.filter_by(id=challenge.id).delete() Challenges.query.filter_by(id=challenge.id).delete() db.session.commit()
def delete(challenge): """ This method is used to delete the resources used by a challenge. :param challenge: :return: """ WrongKeys.query.filter_by(chalid=challenge.id).delete() Solves.query.filter_by(chalid=challenge.id).delete() Keys.query.filter_by(chal=challenge.id).delete() files = Files.query.filter_by(chal=challenge.id).all() for f in files: utils.delete_file(f.id) Files.query.filter_by(chal=challenge.id).delete() Tags.query.filter_by(chal=challenge.id).delete() Challenges.query.filter_by(id=challenge.id).delete() # REC FUTURE : Can not understand a f**k about that sqlalchemy crap. #Awards.query.filter(Awards.name.like(filter_award_name)).delete() #statement = Awards.delete().where(Awards.c.name.like(filter_award_name)) #db.session.execute(statement) filter_award_name = 'plugin_intermflag_' + str(challenge.id) + '_%' awards_to_delete = Awards.query.filter( Awards.name.like(filter_award_name)).all() award_ids_to_delete = [award.id for award in awards_to_delete] for award_id in award_ids_to_delete: Awards.query.filter_by(id=award_id).delete() IntermediateFlagPartialSolve.query.filter_by( chalid=challenge.id).delete() # REC FUTURE : on en a besoin de ce truc ou pas ? IntermediateFlagChallengeModel.query.filter_by( id=challenge.id).delete() db.session.commit()
def admin_files(chalid): if request.method == 'GET': files = Files.query.filter_by(chal=chalid).all() json_data = {'files': [], 'file_generators': []} for x in files: if x.dynamic: json_data['file_generators'].append({ 'id': x.id, 'file': x.location }) else: json_data['files'].append({'id': x.id, 'file': x.location}) return jsonify(json_data) if request.method == 'POST': if request.form['method'] == "delete": utils.delete_file(request.form['file']) db.session.commit() db.session.close() return '1' elif request.form['method'] == "upload": files = request.files.getlist('files[]') for f in files: utils.upload_file(file=f, chalid=chalid) file_generators = request.files.getlist('file_generators[]') for g in file_generators: utils.upload_file(file=g, chalid=chalid, isgenerator=True) db.session.commit() db.session.close() return '1'
def admin_delete_chal(): challenge = Challenges.query.filter_by(id=request.form['id']).first_or_404() WrongKeys.query.filter_by(chalid=challenge.id).delete() Solves.query.filter_by(chalid=challenge.id).delete() Keys.query.filter_by(chal=challenge.id).delete() files = Files.query.filter_by(chal=challenge.id).all() for f in files: utils.delete_file(f.id) Files.query.filter_by(chal=challenge.id).delete() Tags.query.filter_by(chal=challenge.id).delete() Challenges.query.filter_by(id=challenge.id).delete() db.session.commit() db.session.close() return '1'
def delete(challenge): """ This method is used to delete the resources used by a challenge. :param challenge: :return: """ WrongKeys.query.filter_by(chalid=challenge.id).delete() Solves.query.filter_by(chalid=challenge.id).delete() Keys.query.filter_by(chal=challenge.id).delete() files = Files.query.filter_by(chal=challenge.id).all() for f in files: utils.delete_file(f.id) Files.query.filter_by(chal=challenge.id).delete() Tags.query.filter_by(chal=challenge.id).delete() Challenges.query.filter_by(id=challenge.id).delete() db.session.commit()
def admin_pages_media(): if request.method == 'POST': files = request.files.getlist('files[]') uploaded = [] for f in files: data = utils.upload_file(file=f, chalid=None) if data: uploaded.append({'id': data[0], 'location': data[1]}) return jsonify({'results': uploaded}) elif request.method == 'DELETE': file_ids = request.form.getlist('file_ids[]') for file_id in file_ids: utils.delete_file(file_id) return True else: files = [{'id': f.id, 'location': f.location} for f in Files.query.filter_by(chal=None).all()] return jsonify({'results': files})
def admin_files(chalid): if request.method == 'GET': files = Files.query.filter_by(chal=chalid).all() json_data = {'files': []} for x in files: json_data['files'].append({'id': x.id, 'file': x.location}) return jsonify(json_data) if request.method == 'POST': if request.form['method'] == "delete": utils.delete_file(request.form['file']) db.session.commit() db.session.close() return '1' elif request.form['method'] == "upload": files = request.files.getlist('files[]') for f in files: utils.upload_file(file=f, chalid=chalid) db.session.commit() db.session.close() return '1'
def import_challenges(in_file, dst_attachments, exit_on_error=True, move=False): from CTFd.models import db, Challenges, Keys, Tags, Files, Hints, Unlocks with open(in_file, 'r') as in_stream: chals = yaml.safe_load_all(in_stream) for chal in chals: # ensure all required fields are present before adding or updating a challenge try: validate_yaml(chal) except MissingFieldError as err: if exit_on_error: raise else: print "Skipping challenge: " + str(err) continue # if the challenge already exists, update it chal_db = Challenges.query.filter_by(name=chal['name']).first() if chal_db is not None: print "Updating {}".format(chal['name'].encode('utf8')) chal_db.description = chal['description'] chal_db.value = chal['value'] chal_db.category = chal['category'] else: print "Adding {}".format(chal['name'].encode('utf8')) chal_db = Challenges( chal['name'], chal['description'], chal['value'], chal['category']) chal_db.type = chal['type'] chal_db.hidden = chal['hidden'] db.session.add(chal_db) db.session.commit() # delete all tags and re-add them Tags.query.filter_by(chal=chal_db.id).delete() for tag in chal['tags']: tag_dbobj = Tags(chal_db.id, tag) db.session.add(tag_dbobj) # delete all flags and re-add them Keys.query.filter_by(chal=chal_db.id).delete() for flag in chal['flags']: flag_db = Keys(chal_db.id, flag['flag'], flag['type']) db.session.add(flag_db) # delete or update existing hints hints = {h['id']: h for h in chal['hints']} hints_db = Hints.query.filter_by(chal=chal_db.id).all() for hint_db in hints_db: if hint_db.type in hints: # the hint is being updated hint_db.hint = hints[hint_db.type]['hint'] hint_db.cost = hints[hint_db.type]['cost'] del hints[hint_db.type] else: # the hint is being deleted - delete the hint and any related unlocks print " Removing hint {:d}".format(hint_db.type) Unlocks.query.filter_by(model='hints', itemid=hint_db.id).delete() Hints.query.filter_by(id=hint_db.id).delete() # add new hints for hint in hints.values(): print " Adding hint {:d}".format(hint['id']) hint_db = Hints(chal_db.id, hint['hint'], cost=hint['cost'], type=hint['id']) db.session.add(hint_db) # hash and compare existing files with the new uploaded files hashes_db = {} files_db = Files.query.filter_by(chal=chal_db.id).all() for file_db in files_db: with open(os.path.join(dst_attachments, file_db.location), 'rb') as f: h = hashlib.md5(f.read()).digest() hashes_db[h] = file_db to_upload = [] for file in chal['files']: path = os.path.join(os.path.dirname(in_file), file) with open(path, "rb") as f: h = hashlib.md5(f.read()).digest() if h in hashes_db and os.path.basename(file) == os.path.basename(hashes_db[h].location): # the file is up to date del hashes_db[h] else: # the file has changed name or content to_upload.append(path) # remove out of date files and add new uploads for file_db in hashes_db.values(): print " Removing file {}".format(file_db.location) utils.delete_file(file_db.id) for path in to_upload: basename = os.path.basename(path) print " Adding file {}".format(basename) with open(path, "rb") as f: f = FileStorage(stream=f, filename=basename) utils.upload_file(file=f, chalid=chal_db.id) if move: os.unlink(path) db.session.commit() db.session.commit() db.session.close()