search

moloch-- / RootTheBox

A Game of Hackers (CTF Scoreboard & Game Manager)
http://root-the-box.com/
Apache License 2.0
908 stars 292 forks source link

garbage on box creation is byte and storing in postgres uses more than 32 char #570

Closed dadokkio closed 1 year ago

dadokkio commented 1 year ago

The code to generate garbage field in box model returns a bytes string

>>> from libs.StringCoding import encode
>>> from os import urandom
>>> encode(urandom(16), "hex")
b'b0d37f28b972c3fa1f0f57b9557491cd'

Storing this data in postgres causes error:

webapp_1     |     [SQL: INSERT INTO box (created, uuid, corporation_id, category_id, _name, _operating_system, _description, _capture_message, _difficulty, game_level_id, _avatar, _value, _locked, _order, garbage, flag_submission_type) VALUES (%(created)s, %(uuid)s, %(corporation_id)s, %(category_id)s, %(_name)s, %(_operating_system)s, %(_description)s, %(_capture_message)s, %(_difficulty)s, %(game_level_id)s, %(_avatar)s, %(_value)s, %(_locked)s, %(_order)s, %(garbage)s, %(flag_submission_type)s) RETURNING box.id]
webapp_1     |     [parameters: {'created': datetime.datetime(2023, 6, 9, 10, 16, 6, 130432), 'uuid': 'a8ad8b7f-8274-455a-ab66-f7288c1782c2', 'corporation_id': 1, 'category_id': None, '_name': 'safasfa', '_operating_system': '?', '_description': '', '_capture_message': '', '_difficulty': '', 'game_level_id': 1, '_avatar': None, '_value': 0, '_locked': False, '_order': None, 'garbage': b'aef705be8ce5e59dbc76b6dcf43740af', 'flag_submission_type': 'CLASSIC'}]

The value that it wants to save in the db is \x6439613663616530336463373030656535326632653361616531643139353866 obtained changing garbage field size to 200char

image

eljeffeg commented 1 year ago

I have been looking at this.. just not sure if the fix will cause any other issues. Needs a bit more testing.

eljeffeg commented 1 year ago

Pushed up a change that should address this issue

garanews commented 1 year ago

The fix is not working;

>>> decode( encode(urandom(16), "hex"))
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/opt/rtb/libs/StringCoding.py", line 57, in decode
    rv, length = codec.decode(s, *args, **kwargs)
  File "/usr/local/lib/python3.8/encodings/utf_8.py", line 16, in decode
    return codecs.utf_8_decode(input, errors, True)
UnicodeDecodeError: 'utf-8' codec can't decode byte 0xbe in position 0: invalid start byte

A way found to convert it to string is using codecs:

>>> codecs.decode( encode(urandom(16), "hex"), errors='replace')
'\x07��ϔ1�=?��\u05f9r�\x0f'

Not sure it is what you ar looking for, at least it is a string :)

garanews commented 1 year ago

Now it works! Box created: image

And garbage doesn't cause issue anymore: image