46 lines
1.3 KiB
Python
46 lines
1.3 KiB
Python
from CTFd.models import db
|
|
from CTFd.plugins.flags import BaseFlag
|
|
from CTFd.utils.user import get_current_user
|
|
|
|
from .models import CheaterTeams
|
|
|
|
|
|
def report_cheater(challenge_id: int, cheater_id: int, helper_id: int, flag_id: int):
|
|
cheater = CheaterTeams(challenge_id, cheater_id, helper_id, flag_id)
|
|
db.session.add(cheater)
|
|
db.session.commit()
|
|
|
|
|
|
class PersonalFlag(BaseFlag):
|
|
name: str = "personal"
|
|
templates = { # Nunjucks templates used for key editing & viewing
|
|
"create": "/plugins/ctfd_cheaters/assets/create.html",
|
|
"update": "/plugins/ctfd_cheaters/assets/edit.html",
|
|
}
|
|
|
|
@staticmethod
|
|
def compare(chal_key_obj, provided):
|
|
saved = chal_key_obj.content
|
|
user_id = chal_key_obj.data
|
|
|
|
if len(saved) != len(provided):
|
|
return False
|
|
result = 0
|
|
|
|
for x, y in zip(saved, provided):
|
|
result |= ord(x) ^ ord(y)
|
|
|
|
if result == 0:
|
|
# If the flag is correct, we need to check if the team is the one associated with the flag
|
|
curr_user_id = get_current_user().id
|
|
|
|
if int(user_id) != int(curr_user_id):
|
|
# Caught a cheater!
|
|
report_cheater(
|
|
chal_key_obj.challenge_id, curr_user_id, user_id, chal_key_obj.id
|
|
)
|
|
|
|
return True
|
|
|
|
return False
|