aljaz/CTFd
1
0
Fork 0
mirror of https://github.com/aljazceru/CTFd.git synced 2025-12-17 05:54:19 +01:00
Code Issues Packages Projects Releases Wiki Activity

2.0.0 (#741)

Browse Source 
* Fix user and admin panel user/team graphs
* Closes #682
* Unify login and logout under specific functions
* Closes #659
* Rename Challenges.hidden to Challenges.state
* Start to clean up API and front end integration starting with profile updating
* Slightly cleaner code
* Clean API to respond with success, data, and status codes
* Simpler COUNTRIES_LIST and update profile to use COUNTRIES_LIST
* Lookup country code in users page. Update front end calls to get API data properly
* Fix some API endpoints and fix JS to process new responses
* Update config.py to support new values
* Closes #635
* Update some code to handle user types, add email domain whitelisting
* Write a logging wrapper
* Use logging wrapper for submissions
* Close #656
* Break up config.html to make it easier to maintain
* Fix logging, domain_whitelist, and config
* Improving views.py, starting to add Announcements
* Starting announcements front end
* Make it easier to see large images, clean up some more REST API differences
* Closes #668
* Update Proxyfix config to REVERSE_PROXY
* Add announcements front end
* Move creation/edit modals into seperate files. Start moving user updating into their admin profile pages.
* Update font-awesome to 5.4.1
* Switch to user-edit icon
* Update the update_check function to send up more anonymous data for statistics purposes.
* Start work on #640
* Add the user action modals and update API to fix responses
* Fix admin teams page
* Add challenge requirements
* Implement anonymous locked challenges
* Team editting from admin panel
* Switch from simple cache to filesystem cache
* Implements a Cache backed server side session (#658) and fixes Users editting endpoint
* Add our messaging for docs
* Closes #700
* Remove invalid import
* Move challenge enditting around a whole lot and probably break a bunch of things
* Show challenge names in prerequisites instead of challenge IDs
* Closes #661
* Change user templates to use url_for
* Remove extra function
* Rewrite admin panel to use url_for
* Fix events to work under subdirectories
* Start cleaning up config panel
* Fix filesystem uploader; deprecate view_challenges_unregistered, view_scoreboard_if_authed, prevent_registration, view_after_ctf; implement new visibility decorators
* Remove workshop mode, fix some glitches with the new visibility settings
* Fix ctf_logo on core theme
* Fix setup errors
* Removing default from get_config b/c of memoization issues and getting some tests working
* Relax email regex validation rule (#693)
* Update to pycodestyle and fix new lint errors
* Add a ctf_id to update_check
* Change challenge plugin layout. Rename mailgun configs to be more descriptive (Closes #702)
* Detect if people try to set routes with '/' to simplify #690
* Closes #690
* Clean up some code
* Clean up challenge submit to rate limit
* Fix js version compatability issue
* Close some TODOs
* Hide challenges if not authenticated
* Make set_config reset the cache for those config values
* Return 404 on empty challenges for /api/v1/<challenge_id>/solves
* Fix setting boolean configs
* Properly change account config settings
* Move datetimes to isoformat (Closes #703)
* Remove all .isoformat() calls because it isn't UTC aware (ends in Z). Switch to isoformat function & filter
* Make /v1/submissions endpoint work for admin submission creation
* Make oauth_id unique for Users and Teams
* Move challenge submission endpoint and implement mark solved. Fix some isoformat issues.
* Only show team's missing challenges if in team mode
* Adding support for Hints & Unlocks
* Update challenge submission url
* Fix encoding functions in Python3
* Fix hexencode in Python3
* Added functional tests for challenges API for non-admin users (#705)
* Set hint default type to be standard
* Fix some JS issues. Closes #704
* Implement session.regenerate on top of the CachingSessionInterface
* Challenge challenge attempt responses from numbers to strings
* Fix password updating for UserSchema
* Remove leftover challenge submission code
* Remove old migrations :(, resolve challenge requirements not loading correctly, move migration functions
*  Added functional tests for challenges/hints/admin API (#710)
* Fix helpers and re-add JSONLite
* Install MySQL 5.7
* Try more mysql
* Update password for mysql
* Fixing issuse in Users.get_solves
* Add new import/export code
* Switch to CTFdSerializer for Python 3
* Re-implement import exports and add a very flaky test
* Redesign submissions API response
* Get export to roundtrip in tests
* Int score b/c Decimal is not JSON serializeable
* Remove unused route methods
* Fix POST /api/v1/configs and start adding admin tests
* Add user_id and team_id to top/10
* Fix admin creating Teams
* Fix Team website validation
* Change admins_only to reply with a 403 if the request is JSON
* Organize admin tests and fix authed_only to return 403 on unauthed
* Adding check_account_visibility, check_score_visibility for /api/v1/teams/<team_id>/(solves|awards|fails)
* Fix teams/me endpoints again
* Fix users/me endpoints to return 403 if unauthed
* Fix Python 3 config API
* Add fetch and promise polyfills. (#712)
* Add exec to docker-entrypoint.sh (#713)
* Display import_ctf Exceptions via repr (#651)
- Wraps exceptions on `/admin/import` returned to users in a `repr()`, making debugging easier.
* Add error messages to the admin panel, fix schemas for users, start working on UI for imports/exports
* Make unauthed challenge submission attempt return 403 instead of 302, Fix user deletion, fix associated tests, remove TODOs
* Remove old means of creating solves
* Remove most of the content from teams.js and users.js
* Remove extra code from /challenges.js
* Fix POST'ing & PATCH'ing pages
* Make (users|teams)/fails return only count to users. Fix public score graphs to factor in awards
* Fix admin side scoregraphs. Fix Awardschemas for admins
* Add requirements to db migration
* Adding some team decorators
* Fix require_team_mode decorator
* Make verified emails decorator return 403 on JSON requests
* Redo initial revision
* Add SQLiteJSON back
* Adding ratelimit to /redirect and removing POST from /oauth
* Fix PATCH tags
* Actually fix PATCH tags
* Simplify 500.html
* Added tests for challenges, awards, files, flags, hints ... (#723)
* Added tests for challenges, awards, files, flags, hints, notifications, pages, submissions, tags
* Fix user data validation functions, Fix hidden challenges and include test
* Add a locked state to attempt
* OAuth teams get verified, use logging functions in redirect route
* Removing extra print call
* Update requirements.txt
* Fix possible AttributeError
* Start work on #716
* Closes #717
* Fix issue patching teams
* Rename .j2 to .html, implement preview for challenges if admin
* Move admin/challenge.html to admin/challenges/challenge.html
* Remove old modals
* Add Reset CTF button (#639)
* Add Reset link to config.html
* Delete Tracking
* files handler should return a 404 on files it cant find
* Denote official teams (#729), make scoregraph fill to zero
* Remove old javascript files, make some challenge elements refresh by reloading
* Fix team editting modals to work more reliably
* Fix rendering of CTF paused
* Remove hide_scores funtion and roll it into scores visibility
* Log to stdout/stderr by default (#719)
* Fix user searching
* Remove searching for users/teams by country
* Add badges to admin team and user pages, implement user banning (#643)
* Remove shell.py, clean up admin team.html, add tests for banned users, teams
* Start cleaning up dynamic_challenges to meet new challenge type plugin format
* Remove POST method from teams.public
* Add credentials: 'same-origin' to all fetch calls (#734)
* Add challenge preview, add challenge deletion, fix file deletions when deleting challenges
* Fix imports UI (#735)
* Show prerequisites before adding a blank one (#738), Refresh all challenges after a submission (#739)
* Admins can see hidden challenges
* Fix some UI elements, fix loading location hash, set version to be 2.0.0
* Clean up some challenge plugin pages
* Add default for flag type
* Fix Python3 bytes/str issues
* Add in MLC urls and support user mode for oauth
* Fix seeing user graphs when scores are hidden, clean up setup.html, add links to MLC oauth
* Add state parameter support
* Use URLSafeTimedSerializer wrapper for sending token based emails
* setting APPLICATION_ROOT from env var (#732)
* Rearrange config.py and update README
* Updating README
This commit is contained in:
Kevin Chung
2018-11-19 23:16:14 -05:00
committed by GitHub
parent 41933cc367
commit c8031b38c2
378 changed files with 25728 additions and 13502 deletions
Download Patch File Download Diff File Expand all files Collapse all files

157
populate.py
View File

@@ -4,13 +4,20 @@
import datetime
import hashlib
import random
import sys
from CTFd import create_app
from CTFd.models import Teams, Solves, Challenges, WrongKeys, Keys, Files, Awards
from CTFd.models import *
try:
mode = sys.argv[1]
except IndexError:
mode = 'teams'
app = create_app()
USER_AMOUNT = 50
TEAM_AMOUNT = 10 if mode == 'teams' else 0
CHAL_AMOUNT = 20
AWARDS_AMOUNT = 5
@@ -88,7 +95,7 @@ hipsters = [
'Ethnic', 'narwhal', 'pickled', 'Odd', 'Future', 'cliche', 'VHS', 'whatever',
'Etsy', 'American', 'Apparel', 'kitsch', 'wolf', 'mlkshk', 'fashion', 'axe',
'ethnic', 'banh', 'mi', 'cornhole', 'scenester', 'Echo', 'Park', 'Dreamcatcher',
'tofu', 'fap', 'selvage', 'authentic', 'cliche', 'High', 'Life', 'brunch',
'tofu', 'selvage', 'authentic', 'cliche', 'High', 'Life', 'brunch',
'pork', 'belly', 'viral', 'XOXO', 'drinking', 'vinegar', 'bitters', 'Wayfarers',
'gastropub', 'dreamcatcher', 'chillwave', 'Shoreditch', 'kale', 'chips', 'swag', 'street',
'art', 'put', 'a', 'bird', 'on', 'it', 'Vice', 'synth',
@@ -97,7 +104,7 @@ hipsters = [
'normcore', 'bicycle', 'rights', 'Austin', 'drinking', 'vinegar', 'hella', 'readymade',
'farm-to-table', 'Wes', 'Anderson', 'put', 'a', 'bird', 'on', 'it',
'freegan', 'Synth', 'lo-fi', 'food', 'truck', 'chambray', 'Shoreditch', 'cliche',
'kogiSynth', 'lo-fi', 'fap', 'single-origin', 'coffee', 'brunch', 'butcher', 'Pickled',
'kogiSynth', 'lo-fi', 'single-origin', 'coffee', 'brunch', 'butcher', 'Pickled',
'Etsy', 'locavore', 'forage', 'pug', 'stumptown', 'occupy', 'PBR&B', 'actually',
'shabby', 'chic', 'church-key', 'disrupt', 'lomo', 'hoodie', 'Tumblr', 'biodiesel',
'Pinterest', 'butcher', 'Hella', 'Carles', 'pour-over', 'YOLO', 'VHS', 'literally',
@@ -187,6 +194,10 @@ def gen_name():
return random.choice(names)
def gen_team_name():
return random.choice(hipsters).capitalize() + str(random.randint(1,1000))
def gen_email():
return random.choice(emails)
@@ -220,9 +231,20 @@ if __name__ == '__main__':
print("GENERATING CHALLENGES")
for x in range(CHAL_AMOUNT):
word = gen_word()
db.session.add(Challenges(word, gen_sentence(), gen_value(), gen_category()))
chal = Challenges(
name=word,
description=gen_sentence(),
value=gen_value(),
category=gen_category()
)
db.session.add(chal)
db.session.commit()
db.session.add(Keys(x + 1, word, 'static'))
f = Flags(
challenge_id=x + 1,
content=word,
type='static'
)
db.session.add(f)
db.session.commit()
# Generating Files
@@ -232,10 +254,32 @@ if __name__ == '__main__':
chal = random.randint(1, CHAL_AMOUNT)
filename = gen_file()
md5hash = hashlib.md5(filename.encode('utf-8')).hexdigest()
db.session.add(Files(chal, md5hash + '/' + filename))
chal_file = ChallengeFiles(
challenge_id=chal,
location=md5hash + '/' + filename
)
db.session.add(chal_file)
db.session.commit()
# Generating Teams
print("GENERATING TEAMS")
used = []
count = 0
while count < TEAM_AMOUNT:
name = gen_team_name()
if name not in used:
used.append(name)
team = Teams(
name=name,
password="password"
)
db.session.add(team)
count += 1
db.session.commit()
# Generating Users
print("GENERATING USERS")
used = []
@@ -244,29 +288,76 @@ if __name__ == '__main__':
name = gen_name()
if name not in used:
used.append(name)
team = Teams(name, name.lower() + gen_email(), 'password')
team.verified = True
db.session.add(team)
count += 1
try:
user = Users(
name=name,
email=name + gen_email(),
password='password'
)
user.verified = True
if mode == 'teams':
user.team_id = random.randint(1, TEAM_AMOUNT)
db.session.add(user)
count += 1
except:
pass
db.session.commit()
# Generating Solves
print("GENERATING SOLVES")
for x in range(USER_AMOUNT):
used = []
base_time = datetime.datetime.utcnow() + datetime.timedelta(minutes=-10000)
for y in range(random.randint(1, CHAL_AMOUNT)):
chalid = random.randint(1, CHAL_AMOUNT)
if chalid not in used:
used.append(chalid)
solve = Solves(x + 1, chalid, '127.0.0.1', gen_word())
if mode == 'users':
for x in range(USER_AMOUNT):
used = []
base_time = datetime.datetime.utcnow() + datetime.timedelta(minutes=-10000)
for y in range(random.randint(1, CHAL_AMOUNT)):
chalid = random.randint(1, CHAL_AMOUNT)
if chalid not in used:
used.append(chalid)
user = Users.query.filter_by(id=x+1).first()
solve = Solves(
user_id=user.id,
team_id=user.team_id,
challenge_id=chalid,
ip='127.0.0.1',
provided=gen_word()
)
new_base = random_date(base_time, base_time + datetime.timedelta(minutes=random.randint(30, 60)))
solve.date = new_base
base_time = new_base
new_base = random_date(base_time, base_time + datetime.timedelta(minutes=random.randint(30, 60)))
solve.date = new_base
base_time = new_base
db.session.add(solve)
db.session.add(solve)
db.session.commit()
elif mode == 'teams':
for x in range(1, TEAM_AMOUNT):
used_teams = []
used_users = []
base_time = datetime.datetime.utcnow() + datetime.timedelta(minutes=-10000)
team = Teams.query.filter_by(id=x).first()
members_ids = [member.id for member in team.members]
for y in range(random.randint(1, CHAL_AMOUNT)):
chalid = random.randint(1, CHAL_AMOUNT)
user_id = random.choice(members_ids)
if (chalid, team.id) not in used_teams:
if (chalid, user_id) not in used_users:
solve = Solves(
user_id=user_id,
team_id=team.id,
challenge_id=chalid,
ip='127.0.0.1',
provided=gen_word()
)
new_base = random_date(
base_time,
base_time + datetime.timedelta(minutes=random.randint(30, 60))
)
solve.date = new_base
base_time = new_base
db.session.add(solve)
db.session.commit()
used_teams.append((chalid, team.id))
used_users.append((chalid, user_id))
db.session.commit()
@@ -275,7 +366,13 @@ if __name__ == '__main__':
for x in range(USER_AMOUNT):
base_time = datetime.datetime.utcnow() + datetime.timedelta(minutes=-10000)
for _ in range(random.randint(0, AWARDS_AMOUNT)):
award = Awards(x + 1, gen_word(), random.randint(-10, 10))
user = Users.query.filter_by(id=x + 1).first()
award = Awards(
user_id=user.id,
team_id=user.team_id,
name=gen_word(),
value=random.randint(-10, 10)
)
new_base = random_date(base_time, base_time + datetime.timedelta(minutes=random.randint(30, 60)))
award.date = new_base
base_time = new_base
@@ -284,8 +381,8 @@ if __name__ == '__main__':
db.session.commit()
# Generating Wrong Keys
print("GENERATING WRONG KEYS")
# Generating Wrong Flags
print("GENERATING WRONG FLAGS")
for x in range(USER_AMOUNT):
used = []
base_time = datetime.datetime.utcnow() + datetime.timedelta(minutes=-10000)
@@ -293,13 +390,21 @@ if __name__ == '__main__':
chalid = random.randint(1, CHAL_AMOUNT)
if chalid not in used:
used.append(chalid)
wrong = WrongKeys(x + 1, chalid, '127.0.0.1', gen_word())
user = Users.query.filter_by(id=x+1).first()
wrong = Fails(
user_id=user.id,
team_id=user.team_id,
challenge_id=chalid,
ip='127.0.0.1',
provided=gen_word()
)
new_base = random_date(base_time, base_time + datetime.timedelta(minutes=random.randint(30, 60)))
wrong.date = new_base
base_time = new_base
db.session.add(wrong)
db.session.commit()
db.session.commit()
db.session.close()