Skip to content

Commit 1636078

Browse files
inkustrinkustr
committed
Combine feedback putflag and havoc
1 parent 4d425f4 commit 1636078

File tree

1 file changed

+41
-63
lines changed

1 file changed

+41
-63
lines changed

checker/src/checker.py

Lines changed: 41 additions & 63 deletions
Original file line numberDiff line numberDiff line change
@@ -203,16 +203,49 @@ async def putflag_feedback(
203203
await conn.register_user(username, password)
204204
await conn.login_user(username, password)
205205

206-
response = await conn.client.post(
207-
"/feedback/submit",
208-
data={
209-
"description": task.flag,
210-
"image": None
211-
}
212-
)
206+
simple_svg = """<?xml version="1.0" encoding="UTF-8"?>
207+
<svg width="100" height="100" xmlns="http://www.w3.org/2000/svg">
208+
<circle cx="50" cy="50" r="40" stroke="black" stroke-width="3" fill="red" />
209+
<text x="50" y="55" text-anchor="middle" fill="white" font-family="Arial" font-size="12">Test SVG</text>
210+
</svg>"""
211+
212+
import tempfile
213+
import os
214+
215+
temp_dir = tempfile.mkdtemp()
216+
svg_path = os.path.join(temp_dir, "simple_test.svg")
217+
218+
with open(svg_path, "w") as f:
219+
f.write(simple_svg)
220+
221+
with open(svg_path, 'rb') as svg_file:
222+
files = {'image': ('simple_test.svg', svg_file, 'image/svg+xml')}
223+
data = {'description': task.flag}
224+
225+
response = await conn.client.post(
226+
"/feedback/submit",
227+
data=data,
228+
files=files
229+
)
230+
231+
os.unlink(svg_path)
232+
os.rmdir(temp_dir)
213233

214234
if response.status_code not in [200, 201, 302]:
215-
raise MumbleException(f"Failed posting flag")
235+
raise MumbleException(f"Failed to submit feedback: {response.status_code}")
236+
237+
await asyncio.sleep(0.2)
238+
239+
response = await conn.client.get("/feedback")
240+
241+
if response.status_code not in [200, 201, 302]:
242+
raise MumbleException(f"Failed to retrieve feedback page: {response.status_code}")
243+
244+
escaped_flag = task.flag.replace('/', r'\/').replace('<', r'&lt;').replace('>', r'&gt;')
245+
if (task.flag in response.text or escaped_flag in response.text) and ("<img" in response.text or "<svg" in response.text):
246+
logger.info("Feedback with SVG image successfully appears on feedback page")
247+
else:
248+
raise MumbleException(f"Can't submit feedback with SVG image.")
216249

217250
await db.set("userdata", (username, password))
218251

@@ -473,61 +506,6 @@ async def exploit_feedback(task: ExploitCheckerTaskMessage,
473506
raise MumbleException("No flag found exploit(2).")
474507

475508
@checker.havoc(0)
476-
async def havoc_feedback_image(task: HavocCheckerTaskMessage, client: AsyncClient, logger: LoggerAdapter) -> None:
477-
conn = Connection(logger, client)
478-
username: str = generate_funny_username()
479-
password: str = "checker_" + "".join(
480-
random.choices(string.ascii_uppercase + string.digits, k=12)
481-
)
482-
483-
await conn.register_user(username, password)
484-
await conn.login_user(username, password)
485-
486-
simple_svg = """<?xml version="1.0" encoding="UTF-8"?>
487-
<svg width="100" height="100" xmlns="http://www.w3.org/2000/svg">
488-
<circle cx="50" cy="50" r="40" stroke="black" stroke-width="3" fill="red" />
489-
<text x="50" y="55" text-anchor="middle" fill="white" font-family="Arial" font-size="12">Test</text>
490-
</svg>"""
491-
492-
import tempfile
493-
import os
494-
495-
temp_dir = tempfile.mkdtemp()
496-
svg_path = os.path.join(temp_dir, "simple_test.svg")
497-
498-
with open(svg_path, "w") as f:
499-
f.write(simple_svg)
500-
501-
with open(svg_path, 'rb') as svg_file:
502-
files = {'image': ('simple_test.svg', svg_file, 'image/svg+xml')}
503-
data = {'description': 'Test feedback with simple SVG image'}
504-
505-
response = await conn.client.post(
506-
"/feedback/submit",
507-
data=data,
508-
files=files
509-
)
510-
511-
os.unlink(svg_path)
512-
os.rmdir(temp_dir)
513-
514-
if response.status_code not in [200, 201, 302]:
515-
raise MumbleException(f"Failed to submit feedback: {response.status_code}")
516-
517-
await asyncio.sleep(0.2)
518-
519-
response = await conn.client.get("/feedback")
520-
521-
if response.status_code not in [200, 201, 302]:
522-
raise MumbleException(f"Failed to retrieve feedback page: {response.status_code}")
523-
524-
if "Test feedback with simple SVG image" in response.text:
525-
logger.info("Simple SVG feedback successfully appears on feedback page")
526-
else:
527-
logger.warning("Simple SVG feedback does not appear on feedback page")
528-
raise MumbleException("Can't submit feedback with SVG image")
529-
530-
@checker.havoc(1)
531509
async def havoc_admin_simulation(task: HavocCheckerTaskMessage, client: AsyncClient, logger: LoggerAdapter) -> None:
532510
logger.info("Starting admin simulation havoc test...")
533511

0 commit comments

Comments
 (0)