def post(self, *args, **kwargs):
''' Check validity of flag submissions '''
flag = Flag.by_uuid(self.get_argument('uuid', ''))
if flag is not None:
if flag.is_file:
self.validate_file(flag)
else:
self.validate_text(flag)
else:
self.render('public/404.html')
def post(self, *args, **kwargs):
''' Check validity of flag submissions '''
flag = Flag.by_uuid(self.get_argument('uuid', ''))
if flag is not None:
if flag.is_file:
self.validate_file(flag)
else:
self.validate_text(flag)
else:
self.render('public/404.html')
def flag(self):
'''
Accepts flag submissions, a flag can be either a string or a file,
if the flag submission is a file the MD5 hexdigest is used.
'''
form = Form(flag_type="Missing flag type")
user = self.get_current_user()
if form.validate(self.request.arguments):
flag = Flag.by_uuid(self.get_argument('uuid', ''))
if flag is not None:
if self.get_argument('flag_type').lower() == 'text':
token = self.get_argument('token', None)
errors = self.__chkflag__(flag, token)
if len(errors) == 0:
self.flag_captured()
else:
self.render("missions/view.html",
team=user.team,
errors=errors
)
elif self.get_argument('flag_type').lower() == 'file':
if 0 < len(self.request.files['flag'][0]['body']):
file_data = self.request.files['flag'][0]['body']
errors = self.__chkflag__(flag, file_data)
if len(errors) == 0:
self.flag_captured()
else:
self.render("missions/view.html",
team=user.team,
errors=errors
)
else:
logging.info("No file data in flag submission.")
self.render("missions/view.html",
team=user.team,
errors=["No file data"]
)
else:
self.render("missions/view.html",
team=user.team,
errors=["Invalid flag type"]
)
else:
self.render("missions/view.html",
team=user.team,
errors=["Flag does not exist"]
)
else:
self.render("missions/view.html",
team=user.team,
errors=form.errors
)
def del_flag(self):
''' Delete a flag object from the database '''
flag = Flag.by_uuid(self.get_argument('uuid', ''))
if flag is not None:
logging.info("Deleted flag: %s " % flag.name)
dbsession.delete(flag)
dbsession.flush()
self.redirect('/admin/view/game_objects')
else:
logging.info("Flag (%r) does not exist in the database" %
self.get_argument('uuid', ''))
self.render("admin/view/game_objects.html",
errors=["Flag does not exist in database"])
def del_flag(self):
''' Delete a flag object from the database '''
flag = Flag.by_uuid(self.get_argument('uuid', ''))
if flag is not None:
logging.info("Deleted flag: %s " % flag.name)
dbsession.delete(flag)
dbsession.flush()
self.redirect('/admin/view/game_objects')
else:
logging.info("Flag (%r) does not exist in the database" %
self.get_argument('uuid', '')
)
self.render("admin/view/game_objects.html",
errors=["Flag does not exist in database"]
)
def post(self, *args, **kwargs):
''' Check validity of flag submissions '''
flag = Flag.by_uuid(self.get_argument('uuid', ''))
if flag is not None:
if flag.is_file and 'flag' in self.request.files:
submission = self.request.files['flag'][0]['body']
elif not flag.is_file:
submission = self.get_argument('token')
else:
submission = None
old_reward = int(flag.value)
if self.attempt_capture(flag, submission):
self.render('missions/captured.html', flag=flag, reward=old_reward)
else:
self.render_page(flag, errors=["Invalid flag submission"])
else:
self.render('public/404.html')
def edit_flags(self):
''' Super ugly code, yes - Edit existing flags in the database '''
form = Form(
uuid="Object not selected",
name="Please enter a name",
token="Please enter a toke value",
description="Please provide a description",
value="Please enter a reward value",
box_uuid="Please select a box",
)
if form.validate(self.request.arguments):
flag = Flag.by_uuid(self.get_argument('uuid'))
if flag is not None:
errors = []
if flag.name != self.get_argument('name'):
if Flag.by_name(unicode(self.get_argument('name'))) is None:
logging.info("Updated flag name %s -> %s" %
(flag.name, self.get_argument('name'),)
)
flag.name = unicode(self.get_argument('name'))
else:
errors.append("Flag name already exists")
if flag.token != self.get_argument('token'):
if Flag.by_token(unicode(self.get_argument('token'))) is None:
logging.info("Updated %s's token %s -> %s" %
(flag.name, flag.token, self.get_argument('token'),)
)
flag.token = unicode(self.get_argument('token'))
else:
errors.append("Token is not unique")
if flag.description != self.get_argument('description'):
logging.info("Updated %s's description %s -> %s" %
(flag.name, flag.description, self.get_argument('description'),)
)
flag.description = unicode(self.get_argument('description'))
try:
reward_value = int(self.get_argument('value'))
if reward_value != flag.value:
logging.info("Updated %s's value %d -> %d" %
(flag.name, flag.value, reward_value,)
)
flag.value = reward_value
except ValueError:
errors.append("Invalid reward amount")
box = Box.by_uuid(self.get_argument('box_uuid'))
if box is not None and box.id != flag.box_id:
logging.info("Updated %s's box %d -> %d" %
(flag.name, flag.box_id, box.id)
)
flag.box_id = box.id
elif box is None:
errors.append("Box does not exist")
dbsession.add(flag)
dbsession.flush()
self.render("admin/view/game_objects.html", errors=errors)
else:
self.render("admin/view/game_objects.html",
errors=["Flag does not exist"]
)
else:
self.render("admin/view/game_objects.html", errors=form.errors)
def edit_flags(self):
''' Super ugly code, yes - Edit existing flags in the database '''
form = Form(
uuid="Object not selected",
name="Please enter a name",
token="Please enter a toke value",
description="Please provide a description",
value="Please enter a reward value",
box_uuid="Please select a box",
)
if form.validate(self.request.arguments):
flag = Flag.by_uuid(self.get_argument('uuid'))
if flag is not None:
errors = []
if flag.name != self.get_argument('name'):
if Flag.by_name(unicode(
self.get_argument('name'))) is None:
logging.info("Updated flag name %s -> %s" % (
flag.name,
self.get_argument('name'),
))
flag.name = unicode(self.get_argument('name'))
else:
errors.append("Flag name already exists")
if flag.token != self.get_argument('token'):
if Flag.by_token(unicode(
self.get_argument('token'))) is None:
logging.info("Updated %s's token %s -> %s" % (
flag.name,
flag.token,
self.get_argument('token'),
))
flag.token = unicode(self.get_argument('token'))
else:
errors.append("Token is not unique")
if flag.description != self.get_argument('description'):
logging.info("Updated %s's description %s -> %s" % (
flag.name,
flag.description,
self.get_argument('description'),
))
flag.description = unicode(
self.get_argument('description'))
try:
reward_value = int(self.get_argument('value'))
if reward_value != flag.value:
logging.info("Updated %s's value %d -> %d" % (
flag.name,
flag.value,
reward_value,
))
flag.value = reward_value
except ValueError:
errors.append("Invalid reward amount")
box = Box.by_uuid(self.get_argument('box_uuid'))
if box is not None and box.id != flag.box_id:
logging.info("Updated %s's box %d -> %d" %
(flag.name, flag.box_id, box.id))
flag.box_id = box.id
elif box is None:
errors.append("Box does not exist")
dbsession.add(flag)
dbsession.flush()
self.render("admin/view/game_objects.html", errors=errors)
else:
self.render("admin/view/game_objects.html",
errors=["Flag does not exist"])
else:
self.render("admin/view/game_objects.html", errors=form.errors)
