def create_flag(name, token, value, box, description="No description", is_file=False): if Flag.by_name(name) is not None: logging.info("Flag with name '%s' already exists, skipping" % (name)) return Flag.by_name(name) if Flag.by_token(token) is not None: logging.info("Flag with token '%s' already exists, skipping" % (token)) return Flag.by_token(token) if is_file and os.path.exists(token): with open(token) as favatar: _token = Flag.digest(favatar.read()) elif is_file and 40 == len(token): _token = unicode(token) # Just assume it's a SHA1 elif is_file: raise ValueError("Flag token file does not exist, and is not a hash.") else: _token = unicode(token[:256]) logging.info("Create Flag: %s" % name) flag = Flag( name=unicode(name[:32]), token=_token, is_file=is_file, description=unicode(description[:256]), value=abs(int(value)), box_id=box.id, ) dbsession.add(flag) dbsession.flush() return flag
def validate_file(self, flag): ''' Check a file submission ''' if 0 < len(self.request.files['flag'][0]['body']): file_data = self.request.files['flag'][0]['body'] digest = Flag.digest(file_data) if self.attempt_capture(flag, digest): self.render_page(flag) else: self.render_page(flag, errors=["Invalid flag submission."]) else: self.render_page(flag, errors=["Missing flag data."])
def validate_file(self, flag): ''' Check a file submission ''' if 0 < len(self.request.files['flag'][0]['body']): file_data = self.request.files['flag'][0]['body'] digest = Flag.digest(file_data) if self.capture(flag, digest): self.render_page(flag) else: self.render_page(flag, errors=["Invalid flag submission."]) else: self.render_page(flag, errors=["Missing flag data."])
def create_flag(name, token, reward, box, description="No description", is_file=False): if is_file: if not os.path.exists(token): raise ValueError("Path to flag file does not exist: %s" % token) f = open(token, 'r') data = f.read() f.close() _token = Flag.digest(data) print(INFO + "Create Flag: " + bold + name + W + " (%s)" % _token) else: print(INFO + "Create Flag: " + bold + name + W) _token = unicode(token) flag = Flag( name=unicode(name), token=_token, is_file=is_file, description=unicode(description), value=reward, box_id=box.id, ) dbsession.add(flag) dbsession.flush()