This is a reusable core used to back COMP6443 applications.
Flask Core is intended to be an installable Pip package to which Flask blueprints can be attached to.
TBA
Flask Core accepts some configuration through environment variables.
Required
Comma seperated list of a id for every flag on this site, these ids can then be used with current_app.gen_flag(zid,flag_id)
to generate a actual flag. The id is just used so you can generate the same flag in multiple places and also so the /core/checker
site works.
Required
This is what generated flags are wrapped in, i.e if you set FLAG_WRAP
to BREAK1
then all flags will be in the format BREAK1{abc...}
Required
This is the secret key which flask will use to generate flags via the current_app.gen_flag(zid,flag_id)
Required
URI used to connect to a database.
Example:
postgres://root:root@localhost/test
Default: None
When pointed to a valid pyconf file, this sets the contained options within Flask and Flask Core.
Example pyconf:
THEME = "flatly"
TITLE = "A Title"
Default: True
Enforces user authentication.
Default: True
Isolates each user's database connection. Depends on user's authentication to function.
Default: True
Greps for flags in responses and replaces them with a user specific auto generated flag. Relies on auth.
If you have auto flag generation turned on just stats all the flag_ids in the enviornment variable then you can either do
current_app.gen_flag(zid,flag_id)
to generate a flag or actually just put the string
FLAG{_flagid}
in any response and it'll get auto grepped out and replaced with a actual flag.
i.e
FLAG_IDS=xss,csrf
chuck in the response
FLAG{_xss}
and it'll get replaced :)