Problem creating guidelines.

This commit is contained in:
Michael Zhang 2016-03-09 22:44:40 -06:00
parent 17846f7b17
commit ec71fb198a

View file

@ -2,6 +2,8 @@
This survey problem serves as an example for future problems. Each problem must be placed in its own directory, under the directory of its category (for organization). For the name of the folder, please use the ID of the problem (`pid`), which should be the name of the problem represented by lowercase words separated by dashes; don't include problem value. The program will automatically load the problems into the database.
## `problem.json`
The directory *must* contain a `problem.json`; this information will be loaded into the database. Refer to the following example:
```javascript
@ -20,6 +22,69 @@ The directory *must* contain a `problem.json`; this information will be loaded i
}
```
## `grader.py`
The directory must *also* contain a `grader.py`; this script must contain a `grade` function that takes in two parameters: `tid`, the team ID and `answer`, their attempted answer. The function must return a dict containing the following keys:
```python
{
"correct": True # or False, indicating whether the answer is correct.
"message": "Congratulations!" # a custom message for feedback on the website.
}
```
For the most part, checking in flags will simply be a matter of comparing strings. Make sure that the grader accepts the flag with or without `easyctf{}`. Here's an example grader that was taken from last year's Infinity Star problem:
```python
def grade(tid, answer):
if answer.find("csrf_protection_would_probably_have_been_a_good_idea_:/") != -1:
return { "correct": True, "message": "Indeed." }
return { "correct": False, "message": "Nope, that's not quite right." }
```
You can copy-paste the above example into your grader and make any necessary adjustments. If you were wondering why we don't just compare strings, some problems may warrant a more complicated grader, like the problem H4SH3D from last year:
```python
import binascii
def compute(uinput):
if len(uinput) > 32: return ""
blen = 32
n = blen - len(uinput) % blen
if n == 0:
n = blen
pad = chr(n)
ninput = uinput + pad * n
r = ""
for i in range(0, blen, 4):
s = ninput[i:i+4]
h = 0
for j in range(len(s)):
h = (h << 4) + ord(s[j])
g = h & 4026531840
if not(g == 0):
h ^= g >> 24
h &= ~g
r += chr(h % 256)
h = binascii.hexlify(bytes(r, 'Latin-1'))
return h
def grade(tid, answer):
if compute(answer) == compute("they_see_me_hashin_they_hatin"):
return { "correct": True, "message": "They see me hashin' they hatin'" }
return { "correct": False, "message": "Nope." }
```
## `static`
The directory *may* contain a `static` folder containing any static files that need to be served. This directory will be transferred to a static folder on the public site, so use `${static_folder}` to reference the static folder in links. For example, if your static folder contains a single `vuln.exe`, you might say
```html
Here is the <a href="${static_folder}/vuln.exe">vulnerable</a> binary.
```
The problem-loading script will expand these when the problems are loaded.
## Bonus Points
Bonus points encourage teams to finish solving a problem first. Rather than an array of three values like last year, we're going to have bonus-point templates. Each of the following integers is a code for a certain "template", and bonus points will be assigned accordingly.