def check_invoice_number(self, invoice_number, session_id, expected_text):
     self.http_session.cookies.set('session_id', session_id)
     payload = {
         'state': json.dumps({'mode': 'invoice_info'}),
         'msg': invoice_number
     }
     try:
         req = self.http_get('/get_bot_response', params=payload)
     except exceptions.RequestException:
         self.logger.debug(
             f"Could not get bot response. Payload: {payload}")
         raise enochecker.BrokenServiceException(
             "Could not check invoice number. Seems like the service is broken."
         )
     enochecker.assert_equals(
         200, req.status_code,
         "The request did not return with the expected response code. Verify, that the invoice service is returning the desired response."
     )
     data = req.json()
     parsed_response = data['response'].replace('\\u200d', '\u200d')
     self.logger.debug(
         f"expected text: {expected_text}, data: {parsed_response}")
     enochecker.assert_in(expected_text,
                          data['response'].replace('\\u200d', '\u200d'),
                          f"Could not find expected invoice in response.")
Пример #2
0
    def check_alarm(self, alarm_text, session_id):
        self.http_session.cookies.set('session_id', session_id)

        req = self.http_get("/alarm")
        enochecker.assert_equals(200, req.status_code,
                                 "Getting the alarm page did not return the expected response code.")
        enochecker.assert_in(alarm_text, req.text, f"Cannot find expected alarm text in response.")
Пример #3
0
    def put_ticket(self) -> None:
        self.logger.debug("Starting putflag - ticket")
        username, password, cookies = self.register()
        # Place order
        buggy = random.choice(["super", "mega"])
        color = random.choice(["terminal-turquoise", "cyber-cyan", "buggy-blue"])
        quantity = random.randint(1, 99)
        response = self.http_post(route=f"/{buggy}-buggy", cookies=cookies, data={"color": color, "quantity": quantity},)
        assert_equals(302, response.status_code, "Order failed")
        assert_equals(response.next.url, response.url, "Order failed")
        self.logger.debug("order placed")

        # Write ticket
        subject = random_string(20)
        response = self.http_post(route="/tickets", cookies=cookies, data={"subject": subject, "message": self.flag},)
        self.logger.debug("ticket written")
        assert_equals(302, response.status_code, "Ticket failed")
        assert_equals(64, len(response.next.url.split("/")[-1]), "Ticket failed")
        try:
            hash = response.headers["location"].split("/")[-1].strip()
        except Exception:
            raise BrokenServiceException("Ticket failed")
        assert_equals(64, len(hash), "Ticket failed")

        # View order and ticket
        response = self.http_get(route=f"/profile", cookies=cookies)
        assert_equals(200, response.status_code, "Profile failed")
        assert_in("buggy-team", response.text, "Profile failed")
        assert_in("enjoy your stay!", response.text, "Profile failed")
        assert_in("questions or feedback?", response.text, "Profile failed")
        assert_in("Tickets: (1)", response.text, "Profile failed")
        assert_in("orders: (1)", response.text, "Profile failed")

        self.logger.debug(f"saving hash and order : {hash}")
        self.team_db[sha256ify(self.flag)] = (hash, username, password)

        self.logger.debug("Done putflag - ticket")
Пример #4
0
def test_assert_in():
    with pytest.raises(BrokenServiceException):
        assert_in("fun", "games")
    assert_in("fun", "fun and games")
    assert_in("quack", ["quack", "foo"])
Пример #5
0
    def put_status(self) -> None:
        self.logger.debug("Starting putflag - status")
        username, password, cookies = self.register()

        # View Profile
        response = self.http_get(route=f"/profile", cookies=cookies)
        assert_equals(200, response.status_code, "Profile failed")
        assert_in("buggy-team", response.text, "Profile failed")
        assert_in("enjoy your stay!", response.text, "Profile failed")
        assert_in("questions or feedback?", response.text, "Profile failed")
        assert_in("Tickets: (0)", response.text, "Profile failed")
        assert_in("orders: (0)", response.text, "Profile failed")

        response = self.http_post(route=f"/profile", cookies=cookies, data={"status": self.flag})
        assert_equals(302, response.status_code, "Status failed")
        response = self.http_get(route=f"/profile", cookies=cookies)
        assert_equals(200, response.status_code, "Status failed")
        assert_in(self.flag, response.text, "Status failed")

        self.logger.debug(f"saving creds")
        self.team_db[sha256ify(self.flag)] = (username, password)

        self.logger.debug("Done putflag - status")
Пример #6
0
    def getnoise(self) -> None:
        self.logger.info("Starting getnoise")

        try:
            (username, password) = self.team_db[sha256ify(self.noise)]
        except KeyError as e:
            self.logger.warning(f"noise info missing, {e}")
            return Result.MUMBLE
        except ValueError as e:
            self.logger.warning(f"cannot get creds, {e}")
            return Result.MUMBLE
        response = self.http_post(route="/login", data={"username": username, "pw": password})
        cookies = response.cookies
        if "buggy-cookie" not in cookies.keys():
            self.logger.debug(f"Failed login for user {username} (missing cookies).")
            raise BrokenServiceException("Cookies missing")
        assert_equals(302, response.status_code, "Login failed")
        assert_equals(response.next.url, response.url.replace("login", ""), "Login failed")

        # check profile
        response = self.http_get(route=f"/profile", cookies=cookies)
        profile = response.text
        assert_in(self.noise, response.text, "Noise missing")
        assert_equals(200, response.status_code, "Profile failed")
        assert_in("buggy-team", response.text, "Profile failed")
        assert_in("enjoy your stay!", response.text, "Profile failed")
        assert_in("questions or feedback?", response.text, "Profile failed")
        assert_in("Tickets: (1)", response.text, "Profile failed")
        assert_in("orders: (1)", response.text, "Profile failed")

        # Check /tickets
        tickets_regex = re.compile(r"tickets\/(\w{64})")
        tickets = tickets_regex.findall(profile)
        if not tickets:
            raise BrokenServiceException("Ticket(s) missing.")
        for ticket in tickets:
            response = self.http_get(route=f"/tickets/{ticket}", cookies=cookies)
            assert_in(self.noise, response.text, "Ticket view failed.")
            assert_equals(200, response.status_code, "Ticket view failed.")
            assert_in("buggy-team", response.text, "Ticket view failed.")
            assert_in(username, response.text, "Ticket view failed.")
            assert_in("Profile", response.text, "Ticket view failed.")

        # Check /orders
        orders_regex = re.compile(r"orders\/(\w{64})")
        orders = orders_regex.findall(profile)
        if not orders:
            raise BrokenServiceException("Order(s) missing.")
        for order in orders:
            response = self.http_get(route=f"/orders/{order}", cookies=cookies)
            assert_equals(200, response.status_code, "Order view failed.")
            assert_in("Profile", response.text, "Order view failed.")
            assert_in("Expected Delivery", response.text, "Order view failed.")
            # assert_in(username, response.text, "Order view failed.")  # Too many collisions

        # Check /user
        user_regex = re.compile(r"Username:\s([0-9a-zA-Z._-]{1,64})<\/h3>")
        try:
            username_from_profile = user_regex.findall(profile)[0]
        except Exception as e:
            self.error("Failed to get username at /user")
            raise BrokenServiceException("User view failed.")
        if not username_from_profile:
            raise BrokenServiceException("User view failed.")
        response = self.http_get(route=f"/user/{username_from_profile}", cookies=cookies)
        assert_equals(200, response.status_code, "User view failed.")
        assert_in("Profile", response.text, "User view failed.")
        assert_in(self.noise, response.text, "User view failed.")
        assert_in("Buggy Bonus Points:", response.text, "User view failed.")

        self.logger.debug("Done getnoise")
Пример #7
0
    def putnoise(self) -> None:

        status = [
            "Beeing Funky!",
            "Im in ur base, killing ur d00dz",
            "Do or do not. There is no try.",
            "You must unlearn what you have learned.",
            "The greatest teacher, failure is.",
            "Pass on what you have learned.",
            "I’m too lazy to stop being lazy.",
            "Operator! Give me the number for 911!",
            "Kids, just because I don’t care doesn’t mean I’m not listening.",
            "Even communism works… in theory",
        ]

        messages = [
            "KHAAAAN!",
            "Do what I do. Hold tight and pretend it’s a plan!",
            "Never run when you’re scared.",
            "Superior intelligence and senseless cruelty just do not go together.",
            "Come on, Rory! It isn’t rocket science, it’s just quantum physics!",
            "Always take a banana to a party, Rose: bananas are good!",
            "Never be certain of anything. It’s a sign of weakness.",
            "Two things are infinite: the universe and human stupidity; and I'm not sure about the universe.",
            "A gun is not a weapon, it’s a tool, like a hammer or a screwdriver or an alligator.",
        ]

        comments = [
            "Awesome!",
            "Amazing!",
            "This is so buggy!",
        ]

        self.logger.info("Starting putnoise")
        username, password, cookies = self.register()

        # Post Comment
        comment = random.choice(comments)
        buggy = random.choice(["super", "mega"])
        response = self.http_post(route=f"/{buggy}-buggy", data={"comment": comment}, cookies=cookies, allow_redirects=False,)
        self.logger.debug("comment written")

        response = self.http_get(route=f"/{buggy}-buggy", data={"comment": comment}, cookies=cookies)
        assert_equals(200, response.status_code, "Commenting failed")
        assert_in(comment, response.text, "Commenting failed")
        assert_in(username, response.text, "Commenting failed")

        # View Profile
        response = self.http_get(route=f"/profile", cookies=cookies)
        assert_equals(200, response.status_code, "Profile failed")
        assert_in("buggy-team", response.text, "Profile failed")
        assert_in("enjoy your stay!", response.text, "Profile failed")
        assert_in("questions or feedback?", response.text, "Profile failed")
        assert_in("Tickets: (0)", response.text, "Profile failed")
        assert_in("orders: (0)", response.text, "Profile failed")

        # Set Status
        response = self.http_post(route=f"/profile", cookies=cookies, data={"status": random.choice(status) + self.noise},)
        assert_equals(302, response.status_code, "Status failed")
        response = self.http_get(route=f"/profile", cookies=cookies)
        assert_equals(200, response.status_code, "Status failed")
        assert_in(self.noise, response.text, "Status failed")

        # Place Order
        buggy = random.choice(["super", "mega"])
        color = random.choice(["terminal-turquoise", "cyber-cyan", "buggy-blue"])
        quantity = random.randint(1, 99)
        response = self.http_post(route=f"/{buggy}-buggy", cookies=cookies, data={"color": color, "quantity": quantity},)
        assert_equals(302, response.status_code, "Order failed")
        assert_equals(response.next.url, response.url, "Order failed")
        self.logger.debug("order placed")

        # Write Ticket
        subject = random_string(20)
        response = self.http_post(
            route="/tickets", cookies=cookies, data={"subject": subject, "message": random.choice(messages) + self.noise},
        )
        self.logger.debug("ticket written")
        assert_equals(302, response.status_code, "Ticket failed")
        assert_equals(64, len(response.next.url.split("/")[-1]), "Ticket failed")
        try:
            hash = response.headers["location"].split("/")[-1].strip()
        except Exception:
            raise BrokenServiceException("Ticket failed")
        assert_equals(64, len(hash), "Ticket failed")

        # View order and ticket
        response = self.http_get(route=f"/profile", cookies=cookies)
        assert_equals(200, response.status_code, "Profile failed")
        assert_in("buggy-team", response.text, "Profile failed")
        assert_in("enjoy your stay!", response.text, "Profile failed")
        assert_in("questions or feedback?", response.text, "Profile failed")
        assert_in("Tickets: (1)", response.text, "Profile failed")
        assert_in("orders: (1)", response.text, "Profile failed")

        self.logger.debug(f"saving creds {username} {password} {hash}")
        self.team_db[sha256ify(self.noise)] = (username, password)

        self.logger.debug("Done putnoise - status")
Пример #8
0
    def get_ticket(self) -> None:
        # TODO: Check order?
        self.logger.debug("Starting getflag - ticket")
        try:
            (hash, username, password) = self.team_db[sha256ify(self.flag)]
        except KeyError as e:
            self.logger.warning(f"flag info missing, {e}")
            return Result.MUMBLE
        except ValueError as e:
            self.logger.warning(f"cannot get creds, {e}")
            return Result.MUMBLE
        response = self.http_post(route="/login", data={"username": username, "pw": password})
        cookies = response.cookies
        if "buggy-cookie" not in cookies.keys():
            self.logger.debug(f"Failed login for user {username}")
            raise BrokenServiceException("Cookies missing")
        assert_equals(302, response.status_code, "Login failed")
        assert_equals(response.next.url, response.url.replace("login", ""), "Login failed")
        response = self.http_get(route=f"/tickets/{hash}", cookies=cookies)
        assert_equals(200, response.status_code, "Login failed")
        assert_in(self.flag, response.text, "Flag missing")

        response = self.http_get(route=f"/profile", cookies=cookies)
        assert_equals(200, response.status_code, "Profile failed")
        assert_in("buggy-team", response.text, "Profile failed")
        assert_in("enjoy your stay!", response.text, "Profile failed")
        assert_in("questions or feedback?", response.text, "Profile failed")
        assert_in("Tickets: (1)", response.text, "Profile failed")
        assert_in("orders: (1)", response.text, "Profile failed")
        self.logger.debug("Done getflag - ticket")