Add checking for leaked flags in distributed files (#87)

CTFd · Mar 7, 2022 · 43be702 · 43be702
1 parent 5275dcf
commit 43be702
Show file tree

Hide file tree

Showing 2 changed files with 35 additions and 0 deletions.
diff --git a/ctfcli/utils/challenge.py b/ctfcli/utils/challenge.py
@@ -5,6 +5,7 @@
 import yaml
 
 from .config import generate_session
+from .tools import strings
 
 
 class Yaml(dict):
@@ -387,4 +388,19 @@ def lint_challenge(path):
     if errored:
         exit(1)
 
+    # Check that files don't have a flag in them
+    files = challenge.get("files", [])
+    errored = False
+    for f in files:
+        fpath = Path(path).parent / f
+        for s in strings(fpath):
+            # TODO make flag format customizable
+            if "flag" in s:
+                print(
+                    f"Potential flag {s} found in distributed file {fpath.absolute()}"
+                )
+                errored = True
+    if errored:
+        exit(1)
+
     exit(0)
diff --git a/ctfcli/utils/tools.py b/ctfcli/utils/tools.py
@@ -0,0 +1,19 @@
+import string
+
+
+def strings(filename, min=4):
+    """
+    Python implementation of strings
+    https://stackoverflow.com/a/17197027
+    """
+    with open(filename, errors="ignore") as f:
+        result = ""
+        for c in f.read():
+            if c in string.printable:
+                result += c
+                continue
+            if len(result) >= min:
+                yield result
+            result = ""
+        if len(result) >= min:  # catch result at EOF
+            yield result