crash.software
Projects
Pull Requests
Issues
Builds
wrongsecrets
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY wrongsecrets Commits 826910aa
🤬
Revision indexing in progress... (symbol navigation in revisions will be accurate after indexed)
  • ■ ■ ■ ■ ■ ■
    src/main/java/org/owasp/wrongsecrets/challenges/ChallengesController.java
    skipped 41 lines
    42 42   @Value("${challenge_acht_ctf_to_provide_to_host_value}")
    43 43   private String keyToProvideToHost;
    44 44   
     45 + @Value("${CTF_SERVER_ADDRESS}")
     46 + private String ctfServerAddress;
     47 + 
    45 48   
    46 49   public ChallengesController(ScoreCard scoreCard, List<ChallengeUI> challenges, RuntimeEnvironment runtimeEnvironment) {
    47 50   this.scoreCard = scoreCard;
    skipped 37 lines
    85 88   return "challenge";
    86 89   }
    87 90   
    88  - 
    89 91   @PostMapping(value = "/challenge/{id}", params = "action=reset")
    90 92   public String reset(@ModelAttribute ChallengeForm challengeForm, @PathVariable Integer id, Model model) {
    91 93   var challenge = challenges.get(id - 1);
    skipped 5 lines
    97 99   enrichWithHintsAndReasons(model);
    98 100   return "challenge";
    99 101   }
    100  - 
    101 102   
    102 103   @PostMapping(value = "/challenge/{id}", params = "action=submit")
    103 104   public String postController(@ModelAttribute ChallengeForm challengeForm, Model model, @PathVariable Integer id) {
    skipped 4 lines
    108 109   } else {
    109 110   if (challenge.getChallenge().solved(challengeForm.solution())) {
    110 111   if (ctfModeEnabled) {
    111  - String code = generateCode(challenge);
    112  - model.addAttribute("answerCorrect", "Your answer is correct! " + "fill in the following code in CTF scoring: " + code);
    113  - if (challenge.getChallenge() instanceof Challenge8) {
    114  - if (!Strings.isNullOrEmpty(keyToProvideToHost) && !keyToProvideToHost.equals("not_set")) { //this means that it was overriden with a code that needs to be returned to the ctf key exchange host.
    115  - model.addAttribute("answerCorrect", "Your answer is correct! " + "fill in the following answer in the CTF instance for which you get your code: " + keyToProvideToHost);
     112 + if (!Strings.isNullOrEmpty(ctfServerAddress) && !ctfServerAddress.equals("not_set")) {
     113 + if (challenge.getChallenge() instanceof Challenge8) {
     114 + if (!Strings.isNullOrEmpty(keyToProvideToHost) && !keyToProvideToHost.equals("not_set")) { //this means that it was overriden with a code that needs to be returned to the ctf key exchange host.
     115 + model.addAttribute("answerCorrect", "Your answer is correct! " + "fill in the following answer in the CTF instance at " + ctfServerAddress + "for which you get your code: " + keyToProvideToHost);
     116 + }
    116 117   }
     118 + model.addAttribute("answerCorrect", "Your answer is correct! " + "fill in the same answer in the ctf-instance of the app: " + ctfServerAddress);
     119 + } else {
     120 + String code = generateCode(challenge);
     121 + model.addAttribute("answerCorrect", "Your answer is correct! " + "fill in the following code in CTF scoring: " + code);
    117 122   }
    118 123   } else {
    119 124   model.addAttribute("answerCorrect", "Your answer is correct!");
    skipped 68 lines
  • ■ ■ ■ ■ ■
    src/main/resources/application.properties
    skipped 6 lines
    7 7  ARG_BASED_PASSWORD=if_you_see_this_please_use_docker_instead
    8 8  DOCKER_ENV_PASSWORD=if_you_see_this_please_use_docker_instead
    9 9  vaultpassword=if_you_see_this_please_use_K8S_and_Vault
    10  -challenge_acht_ctf_to_provide_to_host_value=not_set
    11  -challenge_acht_ctf_host_value=not_set
    12 10  default_aws_value=if_you_see_this_please_use_AWS_Setup
    13 11  default_aws_value_challenge_9=if_you_see_this_please_use_AWS_Setup
    14 12  default_aws_value_challenge_10=if_you_see_this_please_use_AWS_Setup
    skipped 18 lines
    33 31  hints_enabled=true
    34 32  ctf_enabled=false
    35 33  ctf_key=TRwzkRJnHOTckssAeyJbysWgP!Qc2T
     34 +challenge_acht_ctf_to_provide_to_host_value=not_set
     35 +challenge_acht_ctf_host_value=not_set
     36 +CTF_SERVER_ADDRESS=not_set
    36 37  reason_enabled=true
    37 38  plainText13=This is not the secret
    38 39  cipherText13=hRZqOEB0V0kU6JhEXdm8UH32VDAbAbdRxg5RMpo/fA8caUCvJhs=
    skipped 57 lines
  • ■ ■ ■ ■ ■ ■
    src/test/java/org/owasp/wrongsecrets/ctftests/ChallengesControllerCTFClientModeTest.java
     1 +package org.owasp.wrongsecrets.ctftests;
     2 + 
     3 +import org.junit.jupiter.api.Test;
     4 +import org.junit.jupiter.api.extension.ExtendWith;
     5 +import org.owasp.wrongsecrets.InMemoryScoreCard;
     6 +import org.owasp.wrongsecrets.WrongSecretsApplication;
     7 +import org.owasp.wrongsecrets.challenges.docker.Challenge1;
     8 +import org.owasp.wrongsecrets.challenges.docker.Challenge8;
     9 +import org.springframework.beans.factory.annotation.Autowired;
     10 +import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
     11 +import org.springframework.boot.test.context.SpringBootTest;
     12 +import org.springframework.http.MediaType;
     13 +import org.springframework.test.context.junit.jupiter.SpringExtension;
     14 +import org.springframework.test.web.servlet.MockMvc;
     15 + 
     16 +import static org.hamcrest.Matchers.containsString;
     17 +import static org.hamcrest.Matchers.not;
     18 +import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
     19 +import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
     20 +import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
     21 +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content;
     22 +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
     23 + 
     24 +@ExtendWith(SpringExtension.class)
     25 +@SpringBootTest(
     26 + properties = {"ctf_enabled=true", "ctf_key=randomtextforkey", "CTF_SERVER_ADDRESS=https://www.google.nl", "challenge_acht_ctf_to_provide_to_host_value=workit"},
     27 + classes = WrongSecretsApplication.class
     28 +)
     29 +@AutoConfigureMockMvc
     30 +class ChallengesControllerCTFClientModeTest {
     31 + 
     32 + @Autowired
     33 + private MockMvc mvc;
     34 + 
     35 + 
     36 + @Test
     37 + void shouldNotSpoilWhenInCTFMode() throws Exception {
     38 + mvc.perform(get("/spoil-1"))
     39 + .andExpect(status().isOk())
     40 + .andExpect(content().string(containsString("Spoils are disabled in CTF mode")));
     41 + 
     42 + }
     43 + 
     44 + @Test
     45 + void shouldNotSpoilWhenInCTFModeEvenWhenChallengeUnsupported() throws Exception {
     46 + mvc.perform(get("/spoil-5"))
     47 + .andExpect(status().isOk())
     48 + .andExpect(content().string(containsString("Spoils are disabled in CTF mode")));
     49 + 
     50 + }
     51 + 
     52 + @Test
     53 + void shouldNotShowFlagButClientInstead() throws Exception {
     54 + var spoil = new Challenge1(new InMemoryScoreCard(1)).spoiler().solution();
     55 + mvc.perform(post("/challenge/1")
     56 + .contentType(MediaType.APPLICATION_FORM_URLENCODED)
     57 + .param("solution", spoil)
     58 + .param("action", "submit")
     59 + .with(csrf()))
     60 + .andExpect(status().isOk())
     61 + .andExpect(content().string(not(containsString("ba9a72ac7057576344856"))))
     62 + .andExpect(content().string(containsString("https://www.google.nl")));
     63 + }
     64 + 
     65 + @Test
     66 + void shouldEnableK8sExercises() throws Exception {
     67 + mvc.perform(get("/"))
     68 + .andExpect(status().isOk())
     69 + .andExpect(content().string(containsString("class=\"disabled\">Challenge 5</a></td>")))
     70 + .andExpect(content().string(containsString("class=\"disabled\">Challenge 6</a></td>")))
     71 + .andExpect(content().string(containsString("class=\"disabled\">Challenge 7</a></td>")));
     72 + }
     73 + 
     74 + @Test
     75 + void shouldStillDissableTestsIfNotPreconfigured() throws Exception {
     76 + testK8sChallenge("/challenge/5");
     77 + testK8sChallenge("/challenge/6");
     78 + testK8sChallenge("/challenge/7");
     79 + testForCloudCluster("/challenge/9");
     80 + testForCloudCluster("/challenge/10");
     81 + testForCloudCluster("/challenge/11");
     82 + }
     83 + 
     84 + private void testK8sChallenge(String url) throws Exception {
     85 + mvc.perform(get(url)
     86 + .contentType(MediaType.APPLICATION_FORM_URLENCODED)
     87 + .with(csrf()))
     88 + .andExpect(status().isOk())
     89 + .andExpect(content().string(containsString("We are running outside a K8s cluster")));
     90 + }
     91 + 
     92 + private void testForCloudCluster(String url) throws Exception {
     93 + mvc.perform(get(url)
     94 + .contentType(MediaType.APPLICATION_FORM_URLENCODED)
     95 + .with(csrf()))
     96 + .andExpect(status().isOk())
     97 + .andExpect(content().string(containsString("We are running outside a properly configured Cloud environment.")));
     98 + }
     99 +}
     100 + 
Please wait...
Page is in error, reload to recover