first commit

Author: avipars

.github/workflows/main.yml

@@ -0,0 +1,31 @@
+name: Format Python Code
+on:
+  push:
+    branches:
+      - '**'
+jobs:
+  python-code-format:
+    runs-on: ubuntu-20.04
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions/setup-python@v4
+        with:
+          python-version: "3.10"
+          architecture: "x64"
+      - name: Display Python version
+        run: python --version
+      - name: Install packages
+        run: pip install black autopep8 isort
+      - name: Formatter
+        run: |
+          black .
+          autopep8 --recursive --in-place --aggressive --aggressive .
+          isort .
+      - name: Create Pull Request
+        uses: peter-evans/create-pull-request@v3
+        with:
+          commit-message: Auto code format
+          title: Fixes by format action
+          body: This is an auto-generated PR with fixes.
+          labels: automated pr
+          branch: python-code-format-patches

.github/workflows/pylint.yml

@@ -0,0 +1,26 @@
+name: Pylint
+
+on: [push]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: ["3.8", "3.9", "3.10"]
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v3
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install pylint
+
+      - name: Analysing the code with pylint
+        run: |
+          git ls-files '**/*.py' | xargs pylint || echo "No Python files to lint."

.gitignore

@@ -0,0 +1,5 @@
+!.venv/pyvenv.cfg
+
+.venv
+**/*.pyc
+**/__pycache__

.vscode/settings.json

@@ -0,0 +1,5 @@
+{
+    "pylint.path": [
+        "\"D:\\NewComp\\DevProjects\\JCT\\Networking\\comms2_ctf\\flask_server\\.venv\\Lib\\site-packages\""
+    ]
+}

hints/__init__.py

@@ -0,0 +1,36 @@
+from flask import Flask
+# from ctf.error_handlers import register_error_handlers  # Adjust the import based on your project structure
+
+def create_app():
+    app = Flask(
+        __name__,
+        static_folder="static",
+        static_url_path="/",
+        template_folder="templates",
+    )
+    app.config["SECRET_KEY"] = "CTF_K3YF0RS355i0n5!"
+        # ensure session cookie is httponly
+    app.config["SESSION_COOKIE_HTTPONLY"] = True
+    # ensure session cookie is same site
+    app.config["SESSION_COOKIE_SAMESITE"] = "Strict"
+    app.config["REMEMBER_COOKIE_SECURE"] = True  # ensure remember cookie is secure
+    app.config["SESSION_COOKIE_SECURE"] = True  # ensure session cookie is secure
+
+    with app.app_context():
+        from . import routes
+        app.register_blueprint(routes.bp)
+    # register_error_handlers(app)
+    # app.config['referrer_policy'] = 'strict-origin-when-cross-origin'
+    return app
+# app = Flask(
+#     __name__,
+#     static_folder="static",
+#     static_url_path="/",
+#     template_folder="templates",
+# )
+
+
+# register_error_handlers(app)
+# app.config['referrer_policy'] = 'strict-origin-when-cross-origin'
+
+from hints import routes

hints/routes.py

@@ -0,0 +1,130 @@
+from flask import Blueprint, render_template, request, redirect, url_for, flash, make_response, session
+import datetime
+
+bp = Blueprint('ctf', __name__)
+
+# Sample dictionary with flags and multiple hints
+stages = {
+    1: {
+        "flag": "flag{stage1}",
+        "hints": [
+            "This is the least revealing hint for stage 1.",
+            "This is a more revealing hint for stage 1.",
+            "This is the most revealing hint for stage 1."
+        ]
+    },
+    2: {
+        "flag": "flag{stage2}",
+        "hints": [
+            "This is the least revealing hint for stage 2.",
+            "This is a more revealing hint for stage 2.",
+            "This is the most revealing hint for stage 2."
+        ]
+    },
+    3: {
+        "flag": "flag{stage3}",
+        "hints": [
+            "Almost there"
+        ]
+    }
+}
+
+current_stage = 1
+hint_index = 0
+
+@bp.route('/flags', methods=['GET', 'POST'])
+@bp.route('/flags.html', methods=['GET', 'POST'])
+def flags():
+    global current_stage, hint_index
+    # initialize session variables
+    if "submitted_flags" not in session:
+        session['submitted_flags'] = []
+    if "current_stage" not in session:
+        session['current_stage'] = 1
+    
+    current_stage = session['current_stage']
+    submitted_flags = session['submitted_flags']
+    # need to verify that the user didn't try to skip stages or trick the system
+    
+    if request.method == 'POST':
+        if 'submit_flag' in request.form:
+            submitted_flag = request.form.get('flag')
+            if submitted_flag == stages[current_stage]['flag']:
+                flash(f"Correct flag for Stage {current_stage}!", 'success')
+                submitted_flags.append(submitted_flag)
+                session['submitted_flags'] = submitted_flags
+                if current_stage < len(stages):
+                    current_stage += 1
+                    hint_index = 0
+                elif current_stage == len(stages):
+                    flash("You have completed all the stages. Congratulations!", 'success')
+                    # if the user has completed all the stages, then flash a message
+                session['current_stage'] = current_stage
+            else:
+                found = False
+                # if the flag is for a different stage, then put them on their stage
+                for stage, stage_data in stages.items():
+                    if submitted_flag == stage_data['flag']:
+                        flash(f"That's the flag for stage {stage}, but in the wrong order", 'info')
+                        current_stage = stage
+                        hint_index = 0
+                        found = True
+                        break
+                # else:
+                if not found:
+                    flash("Incorrect flag. Try again.", 'danger')
+        
+        elif 'reveal_hint' in request.form:
+            if hint_index < len(stages[current_stage]['hints']) - 1: # if there are more hints to reveal
+                hint_index += 1
+            else:
+                # if the user exhausted all the hints, have it show from the beginning
+                hint_index = 0
+                # flash a message to the user
+                
+                flash("No new hints :( Try harder!", 'info')
+                
+    hints = stages[current_stage]['hints'][:hint_index + 1]
+    return render_template('flags.html', stage=current_stage, hints=hints, hint_index=hint_index, submitted_flags=submitted_flags)
+
+
+@bp.route('/', methods=['GET', 'POST']) # also for index
+@bp.route('/index', methods=['GET', 'POST'])
+@bp.route('/home', methods=['GET', 'POST'])
+@bp.route('/index.html', methods=['GET', 'POST'])
+def index():
+     # initialize session variables
+    if "submitted_flags" not in session:
+        session['submitted_flags'] = []
+    if "current_stage" not in session:
+        session['current_stage'] = 1
+        
+    flash("Welcome to the CTF! Can you find the flags?", 'info')
+    brief = """
+    Do not use this site for any illegal activities, please do not attack it in any way as it harms other users who are solving the CTF. 
+    This site is not a part of the CTF challenge itself, but a tool to help you keep track of your progress. The flags are not hidden on this site. You need to find them on your own. Good luck!
+    """
+    
+    return render_template('index.html', summary= brief)
+
+@bp.route('/restart')
+@bp.route('/reset')
+def restart():
+    session.clear()
+    flash("Progress reset. You are back to Stage 1.", 'info')
+    # reroute to index
+    return redirect(url_for('ctf.index'))
+    # resp = make_response(redirect(url_for('ctf.index')))
+    # resp.set_cookie('stage', '1', httponly=True)
+    # resp.set_cookie('hint_index', '0', httponly=True)
+    # flash("Progress reset. You are back to Stage 1.", 'info')
+    # return resp
+
+
+
+@bp.context_processor
+def inject_today_date():
+    """
+    used for the footer to display the current year
+    """
+    return {'year': datetime.date.today().year}

hints/static/css/style.css

@@ -0,0 +1,37 @@
+body {
+    font-family: 'Arial', sans-serif;
+    margin: 0;
+    padding: 0;
+}
+
+.container {
+    width: 80%;
+    margin: 0 auto;
+}
+
+/* change color */
+.important {
+    color: #336699;
+}
+
+.error {
+    color: red;
+}
+
+/* .alert {
+    padding: 20px;
+    background-color: #f44336;
+    color: white;
+    margin-bottom: 15px;
+} */
+
+.main-content {
+    display: flex;
+}
+.main-section {
+    flex: 1;
+}
+.sidebar {
+    width: 250px;
+    margin-left: 20px;
+}

hints/static/robots.txt

@@ -0,0 +1,5 @@
+User-agent: * 
+# only allow the index page
+Allow: /index.html
+Disallow: /
+

hints/templates/404.html

@@ -0,0 +1,23 @@
+{% extends "layout.html" %}
+
+{#<!-- Exports header and navbar from header.html or any file you want-->#}
+
+{% block title %}Page Not Found{% endblock %} 
+
+{% block head %}
+{{ super() }}
+
+{% endblock %}
+
+{% block content %}
+<h1 class="error">
+  {{ "404 Page Not Found" }}
+</h1>
+
+{% block body %}
+  <h2>Oops! Looks like the page doesn't exist anymore</h2> 
+  <a href="{{ url_for('index') }}">Click Here</a> to go to the Home Page
+
+{% endblock %}
+
+{% endblock %} 

hints/templates/flags.html

@@ -0,0 +1,70 @@
+{% extends "layout.html" %}
+
+{#<!-- Exports header and navbar from header.html -->#}
+{% block title %}{{ title }}{% endblock %} 
+
+{% block head %}
+{{ super() }}
+
+{% endblock %}
+{% block content %}
+    <div class="container mt-5">
+        <h1 class="text-center">CTF Platform</h1>
+        <div class="mt-4">
+            <h3>Stage {{ stage }}</h3>
+            <form method="POST">
+                <div class="form-group">
+                    <label for="flag">Enter Flag:</label>
+                    <input type="text" id="flag" name="flag" class="form-control" placeholder="flag{...}">
+                </div>
+                <button type="submit" name="submit_flag" class="btn btn-primary">Submit Flag</button>
+            </form>
+        </div>
+        {% with messages = get_flashed_messages(with_categories=true) %}
+        {% if messages %}
+          <div class="mt-4">
+            {% for category, message in messages %}
+              <div class="alert alert-{{ category }}" >{{ message }}</div>
+            {% endfor %}
+          </div>
+        {% endif %}
+      {% endwith %}
+        <div class="mt-4">
+            <h4>Hints:</h4>
+            {% if hints %}
+                <ul>
+                    {% for hint in hints %}
+                        <li>{{ hint }}</li>
+                    {% endfor %}
+                </ul>
+            {% else %}
+                <p>No hints revealed yet.</p>
+            {% endif %}
+            <form method="POST">
+                <button type="submit" name="reveal_hint" class="btn btn-secondary">Reveal Next Hint</button>
+            </form>
+            {#<!-- {% if hint_index < len(stages[stage]['hints']) - 1 %} -->
+                <form method="POST">
+                    <button type="submit" name="reveal_hint" class="btn btn-secondary">Reveal Next Hint</button>
+                </form>
+            <!-- {% endif %} -->#}
+        </div>
+        <div class="mt-4">
+            <a href="{{ url_for('ctf.restart') }}" class="btn btn-danger">Restart Challenge</a>
+        </div>
+        <div class="sidebar">
+            <h4>Previously Entered Flags</h4>
+            {% if submitted_flags %}
+                <ul>
+                    {% for flag in submitted_flags %}
+                        <li>{{ flag }}</li>
+                    {% endfor %}
+                </ul>
+            {% else %}
+                <p>No flags entered yet.</p>
+            {% endif %}
+        </div>
+
+    </div>
+    {% endblock %}
+