mirror of
https://github.com/aljazceru/CTFd.git
synced 2025-12-17 14:04:20 +01:00
6f60ddd2f5
* Admins can see/solve challenges regardless of ctftime * Adding tests for ctftime based functionality
150 lines
5.0 KiB
Python
150 lines
5.0 KiB
Python
#!/usr/bin/env python
|
|
# -*- coding: utf-8 -*-
|
|
|
|
from CTFd.models import Teams, Solves, WrongKeys
|
|
from CTFd.utils import get_config, set_config
|
|
from CTFd import utils
|
|
from tests.helpers import *
|
|
from freezegun import freeze_time
|
|
from mock import patch
|
|
import json
|
|
|
|
|
|
def test_user_get_challenges():
|
|
"""Can a registered user load /challenges"""
|
|
app = create_ctfd()
|
|
with app.app_context():
|
|
register_user(app)
|
|
client = login_as_user(app)
|
|
r = client.get('/challenges')
|
|
assert r.status_code == 200
|
|
destroy_ctfd(app)
|
|
|
|
|
|
def test_user_get_chals():
|
|
"""Can a registered user load /chals"""
|
|
app = create_ctfd()
|
|
with app.app_context():
|
|
register_user(app)
|
|
client = login_as_user(app)
|
|
r = client.get('/chals')
|
|
assert r.status_code == 200
|
|
destroy_ctfd(app)
|
|
|
|
|
|
def test_viewing_challenges():
|
|
"""Test that users can see added challenges"""
|
|
app = create_ctfd()
|
|
with app.app_context():
|
|
register_user(app)
|
|
client = login_as_user(app)
|
|
gen_challenge(app.db)
|
|
r = client.get('/chals')
|
|
chals = json.loads(r.get_data(as_text=True))
|
|
assert len(chals['game']) == 1
|
|
destroy_ctfd(app)
|
|
|
|
|
|
def test_submitting_correct_flag():
|
|
"""Test that correct flags are correct"""
|
|
app = create_ctfd()
|
|
with app.app_context():
|
|
register_user(app)
|
|
client = login_as_user(app)
|
|
chal = gen_challenge(app.db)
|
|
flag = gen_flag(app.db, chal=chal.id, flag='flag')
|
|
with client.session_transaction() as sess:
|
|
data = {
|
|
"key": 'flag',
|
|
"nonce": sess.get('nonce')
|
|
}
|
|
r = client.post('/chal/{}'.format(chal.id), data=data)
|
|
assert r.status_code == 200
|
|
resp = json.loads(r.data.decode('utf8'))
|
|
assert resp.get('status') == 1 and resp.get('message') == "Correct"
|
|
destroy_ctfd(app)
|
|
|
|
|
|
def test_submitting_incorrect_flag():
|
|
"""Test that incorrect flags are incorrect"""
|
|
app = create_ctfd()
|
|
with app.app_context():
|
|
register_user(app)
|
|
client = login_as_user(app)
|
|
chal = gen_challenge(app.db)
|
|
flag = gen_flag(app.db, chal=chal.id, flag='flag')
|
|
with client.session_transaction() as sess:
|
|
data = {
|
|
"key": 'notflag',
|
|
"nonce": sess.get('nonce')
|
|
}
|
|
r = client.post('/chal/{}'.format(chal.id), data=data)
|
|
assert r.status_code == 200
|
|
resp = json.loads(r.data.decode('utf8'))
|
|
assert resp.get('status') == 0 and resp.get('message') == "Incorrect"
|
|
destroy_ctfd(app)
|
|
|
|
|
|
def test_submitting_unicode_flag():
|
|
"""Test that users can submit a unicode flag"""
|
|
app = create_ctfd()
|
|
with app.app_context():
|
|
register_user(app)
|
|
client = login_as_user(app)
|
|
chal = gen_challenge(app.db)
|
|
flag = gen_flag(app.db, chal=chal.id, flag=u'你好')
|
|
with client.session_transaction() as sess:
|
|
data = {
|
|
"key": '你好',
|
|
"nonce": sess.get('nonce')
|
|
}
|
|
r = client.post('/chal/{}'.format(chal.id), data=data)
|
|
assert r.status_code == 200
|
|
resp = json.loads(r.data.decode('utf8'))
|
|
assert resp.get('status') == 1 and resp.get('message') == "Correct"
|
|
destroy_ctfd(app)
|
|
|
|
|
|
def test_submitting_flags_with_large_ips():
|
|
'''Test that users with high octect IP addresses can submit flags'''
|
|
app = create_ctfd()
|
|
with app.app_context():
|
|
register_user(app)
|
|
client = login_as_user(app)
|
|
|
|
# SQLite doesn't support BigInteger well so we can't test it properly
|
|
ip_addresses = ['172.18.0.1', '255.255.255.255', '2001:0db8:85a3:0000:0000:8a2e:0370:7334']
|
|
for ip_address in ip_addresses:
|
|
# Monkeypatch get_ip
|
|
utils.get_ip = lambda: ip_address
|
|
|
|
# Generate challenge and flag
|
|
chal = gen_challenge(app.db)
|
|
chal_id = chal.id
|
|
flag = gen_flag(app.db, chal=chal.id, flag=u'correct_key')
|
|
|
|
# Submit wrong_key
|
|
with client.session_transaction() as sess:
|
|
data = {
|
|
"key": 'wrong_key',
|
|
"nonce": sess.get('nonce')
|
|
}
|
|
r = client.post('/chal/{}'.format(chal_id), data=data)
|
|
assert r.status_code == 200
|
|
resp = json.loads(r.data.decode('utf8'))
|
|
assert resp.get('status') == 0 and resp.get('message') == "Incorrect"
|
|
assert WrongKeys.query.filter_by(ip=ip_address).first()
|
|
|
|
# Submit correct key
|
|
with client.session_transaction() as sess:
|
|
data = {
|
|
"key": 'correct_key',
|
|
"nonce": sess.get('nonce')
|
|
}
|
|
r = client.post('/chal/{}'.format(chal_id), data=data)
|
|
assert r.status_code == 200
|
|
resp = json.loads(r.data.decode('utf8'))
|
|
assert resp.get('status') == 1 and resp.get('message') == "Correct"
|
|
assert Solves.query.filter_by(ip=ip_address).first()
|
|
destroy_ctfd(app)
|