Phase 2: Bugs

[ponga2112]

done: Start.js is missing "Data Exposure" done: ctf/xss.js: done: Increase field width to that all text is displayed done: map enter key to Submit button event listener

[c-h-a-n-c-e]

done: ctf/data.js: Need to change the green lock icon / secure comms icon for the simulated http only page.

[ponga2112]

Done: UI Bug: Mobile view for 'fake' browser DOM element is not responsive for mobile viewports (ctf/4, ctf6)

[ponga2112]

Done: BUG: in ctf/10, When naving to /leaderboard from CTF/10 (in app.js)

[c-h-a-n-c-e]

Done: BUG: mobile view for simulated browser window in lfi.js and rce.js

[rcarioto]

NOFIX: [6:All:Dev:Ubuntu:Firefox,Windows:Edge,Windows:Chrome,Windows:Firefox,OSX:Safari] No vertical scroll bar. "this is a feature, not a bug"

[rcarioto]

FIXED: added SameSite=Strict attribute to cookie creation. [7:All:Dev:Ubuntu:Firefox,Windows:Firefox] Firefox warning: Cookie “CTF” will be soon rejected because it has the “SameSite” attribute set to “None” or an invalid value, without the “secure” attribute. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite utils.js:76:40.

[rcarioto]

NOFIX: Comments: I see. Well, that is the root page. The "loading" page IS is the root page. You can only really Nav here when DEVMODE = true. When false (as should be when app is deployed), the router() will redirect you to a page as dictated by your appstate.

NOFIX: [8:All:Dev:Ubuntu:Firefox,Windows:Edge,Windows:Chrome,Windows:Firefox,OSX:Safari] Using website developer console to navigate to root {/} directory stays on "Loading..." page.

The URLs: http://127.0.0.1:8000/# http://127.0.0.1:8000/#/

Don't redirect anywhere useful, they just stay on "Loading...".

Either cut and paste the URL or use your built in developer console to go to "table"

Then select the root directory

[rcarioto]

Closed - [9:All:Dev:Ubuntu:All:All] If a user closes the dialog after guessing the correct answer and makes more incorrect guesses, they lose more points all the way to 0.

Reason: new code pushed

[rcarioto]

Closed - [10:All:Dev:All:All] After guessing a correct answer, guessing wrong answers throws an exception.

Example:

Uncaught (in promise) TypeError: document.getElementById(...) is null after_render http://127.0.0.1:8000/views/pages/ctf/data.js:262 promise callback*after_render/< http://127.0.0.1:8000/views/pages/ctf/data.js:260 after_render http://127.0.0.1:8000/views/pages/ctf/data.js:258 router http://127.0.0.1:8000/app.js:259 data.js:262:30 after_render http://127.0.0.1:8000/views/pages/ctf/data.js:262 (Async: promise callback) after_render http://127.0.0.1:8000/views/pages/ctf/data.js:260 (Async: EventListener.handleEvent) after_render http://127.0.0.1:8000/views/pages/ctf/data.js:258 router http://127.0.0.1:8000/app.js:259 AsyncFunctionNext self-hosted:684

Reason: new code pushed

[rcarioto]

NOFIX: [11:xss.js:Dev:All:All] Adding own text to xss challange does not register as a correct answer. You can update and add the proper code, but I'm gonna call it a NOFIX just cuz.. well, I'l satisfied the way it works. Click buttons or fail. >_<

[rcarioto]

FIXED: [12:logic.js:Dev:Ubuntu:Firefox,Windows:Edge,Windows:Chrome,Windows:Firefox,Android:Chrome] Button defined as input control, sometimes clicking the button such as Go Back and Checkout in the faux browser will change button look but not navigate. Moving focus to and from browser window changes button look. In Android, holding your finger on the button causes the same behavior. On a desktop, holding down the mouse button and moving the cursor off the button replicates the issue.

[rcarioto]

FIXED: [13:logic.js:Dev:All:All] Adding a quantity of greater than 1 and adding to cart still shows 1 item added to cart.

[rcarioto]

FIXED: [14:sqli.js:Dev:All:All] Faux browser unresponsive after selecting default option or after resetting the browser. -> sqli.js Faux browser is completely broken in FF

[rcarioto]

[15:rce.js:Dev:All:All] Continuously pressing the submit button steps through all the pages in the list box. @c-h-a-n-c-e : I'm thinking this is by design and not a bug.

[rcarioto]

NOFIX: [16:rce.js:Dev:All:All] Next Challenge button does not advance you anywhere. Read the code and you'll see why. Hint: ctf.state.APPSTATE.progress. Also, turn DEVMODE=false when bug hunting.

[rcarioto]

FIXED: [17:All:Dev:Ubuntu:Firefox,Windows:Edge,Windows:Chrome,Windows:Firefox,OSX:Safari] If the browser window is shrunk smaller than the URL drop down size faux browser buttons are misaligned above URL drop down.

[rcarioto]

FIXED: [18:lfi.js,rce.js:Dev:All:All] Correct answer is missing the answer summary.

[rcarioto]

Closed - [19:logic.js;Dev:Windows:Chrome,Windows:Edge,Android:Chrome] Sometimes when selecting the first answer an exception is thrown:

logic.js:399 Uncaught (in promise) TypeError: Cannot read property 'addEventListener' of null at logic.js:399 (anonymous) @ logic.js:399 Promise.then (async) (anonymous) @ logic.js:397

Reason: Dupe to issue 10.

[rcarioto]

NOFIX: I kinda dont care about UI bugs while DEVMODE=true, thats not how the app will be deployed anyway. You can fix this if you want, but, I wouldnt bother. [20:All:Dev:Android:Chrome,iOS:Safari] When attempting to click on a selection in the Routes dialog, as soon as the screen is touched the box closes without a selection being made.

[rcarioto]

MOVED: moving this to Phase 3 UI Bugs Issue. [21:auth.js,lfi.js,rce.js:Dev:Android:Chrome,iOS:Safari] In vertical orientation code blocks do not fit on the screen properly and you cannot scroll left and right to view the whole block.

[rcarioto]

MOVED: moving this to Phase 3 UI Bugs Issue. [22:All:Dev:Android:Chrome,iOS:Safari] Faux browser buttons are misaligned above URL drop down.

[rcarioto]

FIXED: [23:All:Dev:Android:Chrome,iOS:Safari] Long URLs in the faux browser drop down list do not fit on the mobile screen in either orientation and strech the drop down off the screen. To clarify, fixed in all but dirs.js. Solution: Make the URLs shorter. This is because it's not a trivial or sane thing to do; to wrap a selection dropdown. I'm happy with the way Android/Chrome handles this but, mobile Safari looks looks like trash. I'll circle back around to this in another issue.

[rcarioto]

MOVED: moving this to Phase 3 UI Bugs Issue. [24:All:Dev:Android:Chrome,iOS:Safari] When navigating between challenges, focus is placed in the middle of the page on faux browser instead of the top. Appears it may focus on first code block on page.

[rcarioto]

Closed - [25:All:Dev:Android:Firefox] Site wouldn't fully load to be able to test. All the loaded was the red background and the icon for developer console. Note: Please test with DEVMODE = false. Here is my thinking.... FSCK Mobile Firefox. Whaddaya think?

Reason: Downloaded latest iteration and was able load as normal.

[rcarioto]

FIXED: [26:xss.js:Dev:iOS:Safari] In vertical orientation results message box is larger than screen size and Next Challenge button is half off the screen. Unable to scroll the box and resizing doesn't help. Funny enough, this is an actual bug in mobile safari. By "fixed" I mean hacked. whatever. result is the same.

[rcarioto]

MOVED: moving this to Phase 3 UI Bugs Issue. [27:All:Dev:iOS:Safari] Button controls on page are pale and not dark red.

[rcarioto]

FIXED: [28:All:Dev:iOS:Safari] Results message box is off the page. When scrolling to show Next Challenge button, the screen will not stay in place and you have to hold the screen up therefore being unable to select button. Changing orientation or navigating off the page and back can change the look of the Results box and sometimes it fits on the screen.

Funny enough, this is an actual bug in mobile safari. By "fixed" I mean hacked. whatever. result is the same.

[rcarioto]

FIXED: [29:All:Dev:iOS:Safari] Results message box is stuck on the screen after attempting to resize or scrolling with finger. same hack as above for known mobile safari bug.

[rcarioto]

MOVED: moving this to Phase 3 UI Bugs Issue. [30:All:Dev:iOS:Safari] After using the back and forward buttons to navigate, the faux browser control is empty. Sometimes it is partially rendered. Happens sometimes happens when choosing Next Challenge.