示例#1
0
 def test_old_flag(self):
     timestamp = int(time.time() - 12)
     test_flag = flag.generate(12,
                               13,
                               b'secret',
                               'FLAGPREFIX-',
                               timestamp=timestamp)
     with self.assertRaises(flag.FlagExpired):
         flag.verify(test_flag, b'secret', 'FLAGPREFIX-')
示例#2
0
    def test_invalid_mac(self):
        test_flag = flag.generate(12, 13, b'secret')

        # Replace last character of the flag with a differnt one
        chars = set("0123456789")
        try:
            chars.remove(test_flag[-1])
        except KeyError:
            pass
        wrong_flag = test_flag[:-1] + random.choice(list(chars))

        with self.assertRaises(flag.InvalidFlagMAC):
            flag.verify(wrong_flag, b'secret')
示例#3
0
    def test_known_flags(self, time_mock):
        expected_flags = [
            'FAUST_XtS7wAAXDQ1BPIUAAAAAWz1i7pmtp/HY',
            'FAUST_XuP+AAAXDfJgMq8AAAAA347vpisJsQcT',
            'FAUST_XtS7wAAXDXBheWxvYWQxDcM2TNj0lCu7',
            'FAUST_XuP+AAAXDXBheWxvYWQxmIKxwcEmDxQX',
            'FAUST_XtS7wAAXDQ1BPIUAAAAAxR5C9S9LXgdi',
            'FAUST_XuP+AAAXDfJgMq8AAAAAcqut7dVSvNOl',
            'FAUST_XtS7wAAXDXBheWxvYWQxrwHKd/CNJgkB',
            'FAUST_XuP+AAAXDXBheWxvYWQxn04LGjrQe4V8',
            'FAUST_XtS7wAAXJTj0lH8AAAAArnmozMnyfMVb',
            'FAUST_XuP+AAAXJcfVmlUAAAAAkUsJ65SCvAZW',
            'FAUST_XtS7wAAXJXBheWxvYWQxIg0Sd0Ll06VT',
            'FAUST_XuP+AAAXJXBheWxvYWQxGiKffkwjRTte',
            'FAUST_XtS7wAAXJTj0lH8AAAAAUAFSjo0EF01t',
            'FAUST_XuP+AAAXJcfVmlUAAAAAoeDpxI2QPjsv',
            'FAUST_XtS7wAAXJXBheWxvYWQx+aIiPy4SC0+Q',
            'FAUST_XuP+AAAXJXBheWxvYWQxYObaBlsWnmOE',
            'FAUST_XtS7wAAqDWepdDsAAAAAfPNLsph2Jw8v',
            'FAUST_XuP+AAAqDZiIehEAAAAA3Q30bTHWo1l9',
            'FAUST_XtS7wAAqDXBheWxvYWQxLdYijGTcd2O3',
            'FAUST_XuP+AAAqDXBheWxvYWQxsOqqEGk2u52r',
            'FAUST_XtS7wAAqDWepdDsAAAAAhQontK+Uoy9h',
            'FAUST_XuP+AAAqDZiIehEAAAAAYmCIMEQJotc4',
            'FAUST_XtS7wAAqDXBheWxvYWQxvzsgxZioxnxY',
            'FAUST_XuP+AAAqDXBheWxvYWQxLDqRTwxgE3yG',
            'FAUST_XtS7wAAqJVIc3MEAAAAAdGtfQQkMd1VT',
            'FAUST_XuP+AAAqJa090usAAAAAk+AN2kRqIVQs',
            'FAUST_XtS7wAAqJXBheWxvYWQxjF+S/iA5tzxY',
            'FAUST_XuP+AAAqJXBheWxvYWQxabGjcfYW9js/',
            'FAUST_XtS7wAAqJVIc3MEAAAAAWUdMoH5KV/un',
            'FAUST_XuP+AAAqJa090usAAAAAUeOaXaFLlwEj',
            'FAUST_XtS7wAAqJXBheWxvYWQxFKDfL+/qydWm',
            'FAUST_XuP+AAAqJXBheWxvYWQxzirUWWy6MwKe'
        ]
        actual_flags = []

        for team in (23, 42):
            for service in (13, 37):
                for secret in (b'secret1', b'secret2'):
                    for payload in (None, b'payload1'):
                        for timestamp in (1591000000, 1592000000):
                            actual_flag = flag.generate(
                                team, service, secret, 'FAUST_', payload,
                                timestamp)
                            actual_flags.append(actual_flag)

                            time_mock.return_value = timestamp - 5
                            actual_team, actual_service, actual_payload, actual_timestamp = \
                                flag.verify(actual_flag, secret, 'FAUST_')
                            self.assertEqual(actual_team, team)
                            self.assertEqual(actual_service, service)
                            if payload is not None:
                                self.assertEqual(actual_payload, payload)
                            self.assertEqual(actual_timestamp, timestamp)

        self.assertEqual(actual_flags, expected_flags)
示例#4
0
    def _handle_flag(self):
        if self.buffer == b'':
            self._reply(b"418 I'm a teapot!")
            return

        if self.buffer == b'666':
            self._reply(b"So this, then, was the kernel of the brute!")
            return

        now = datetime.datetime.now(tz=datetime.timezone.utc)
        if now < self._conteststart:
            self._reply(b"Contest didn't even start yet!")
            return

        if now > self._contestend:
            self._reply(b"Contest already over!")
            return

        try:
            curflag = self.buffer.decode('us-ascii')
        except UnicodeDecodeError as e:
            self._reply(u"Flags should be of the Format [-_a-zA-Z0-9]+".encode(
                'utf-8'))
            return

        try:
            protecting_team, service, _, timestamp = flag.verify(
                curflag, self._secret)
        except flag.InvalidFlagFormat:
            self._reply(b"Flag not recognized")
            return
        except flag.InvalidFlagMAC:
            self._reply(b"No such Flag")
            return
        except flag.FlagExpired as e:
            self._reply(
                (u"Flag expired since %.1f seconds" % e.args).encode('utf-8'))
            return

        if protecting_team == self.capturing_team:
            self._reply(b"Can't submit a flag for your own team")
            return

        try:
            result = self._store_capture(protecting_team, service, timestamp)
            if result:
                self._reply(u"Thank you for your submission!".encode('utf-8'))

        except psycopg2.DatabaseError as psqle:
            self._logger.exception(
                "Error while inserting values into database")
            self._logger.warning("%s: %s", psqle.diag.severity,
                                 psqle.diag.message_primary)
            self._logger.info(psqle.diag.internal_query)
            self._reply(
                u"Something went wrong with your submission!".encode('utf-8'))
示例#5
0
 def test_valid_flag(self):
     payload = b'\x01\x02\x03\x04\x05\x06\x07\x08'
     timestamp = int(time.time() + 12)
     team = 12
     service = 13
     flag1 = flag.generate(team, service, b'secret', payload=payload, timestamp=timestamp)
     team_, service_, payload_, timestamp_ = flag.verify(flag1, b'secret')
     self.assertEqual(team, team_)
     self.assertEqual(service, service_)
     self.assertEqual(payload, payload_)
     self.assertEqual(timestamp, timestamp_)
示例#6
0
    def _handle_flag(self):
        now = datetime.datetime.now(tz=datetime.timezone.utc)
        if now < self._conteststart:
            self._reply(b"ERR game not running")
            return

        if now > self._contestend:
            self._reply(b"ERR game not running")
            return

        try:
            curflag = self.buffer.decode('us-ascii')
        except UnicodeDecodeError as e:
            self._reply(b"ERR invalid flag format")
            return

        try:
            team, service, _, timestamp = flag.verify(curflag, self._secret)
        except flag.InvalidFlagFormat:
            self._reply(b"ERR invalid flag format")
            return
        except flag.InvalidFlagMAC:
            self._reply(b"ERR unknown flag")
            return
        except flag.FlagExpired as e:
            self._reply(b"ERR flag too old")
            return

        if team == self.team:
            self._reply(b"ERR your own flag")
            return

        try:
            result = self._store_capture(team, service, timestamp)
            if result:
                self._reply(b"OK thank you for reporting this data leak!")

        except psycopg2.DatabaseError as psqle:
            self._logger.exception(
                "Error while inserting values into database")
            self._logger.warning("%s: %s", psqle.diag.severity,
                                 psqle.diag.message_primary)
            self._logger.info(psqle.diag.internal_query)
            self._reply(b"ERR internal error")
示例#7
0
 def test_invalid_format(self):
     with self.assertRaises(flag.InvalidFlagFormat):
         flag.verify('ABC123', b'secret')