Permalink
Browse files

Allow challenges to be disabled per environment

(Currently only implemented for 'Docker')
  • Loading branch information...
bkimminich committed Aug 29, 2018
1 parent 88e4dc3 commit 1d836b5538fabc88d1ca84827781875701ba43f2
@@ -89,6 +89,9 @@ angular.module('juiceShop').controller('ChallengeController', [
$scope.challenges[i].hint = 'Click to open hints.'
}
}
if ($scope.challenges[i].disabledEnv) {
$scope.challenges[i].hint = 'This challenge is unavailable in a ' + $scope.challenges[i].disabledEnv + ' environment!'
}
}
$scope.trustDescriptionHtml()
$scope.calculateProgressPercentage()
@@ -45,16 +45,16 @@ <h3>
<td style="white-space: nowrap"><div ng-bind="challenge.name"></div></td>
<td style="width:100%"><div ng-bind-html="challenge.description"></div></td>
<td class="text-center">
<span ng-show="!challenge.solved && !challenge.disabled" id="{{challenge.name}}.notSolved" class="label label-danger" ng-click="openHint(challenge)" ng-class="{ 'label-button': showChallengeHints && challenge.hintUrl }" uib-tooltip="{{ showChallengeHints ? challenge.hint : null }}">
<span ng-show="!challenge.solved && !challenge.disabledEnv" id="{{challenge.name}}.notSolved" class="label label-danger" ng-click="openHint(challenge)" ng-class="{ 'label-button': showChallengeHints && challenge.hintUrl }" uib-tooltip="{{ showChallengeHints ? challenge.hint : null }}">
<i class="fas fa-book" aria-hidden="true" ng-show="showChallengeHints && (challenge.hint || challenge.hintUrl)"></i>
<span translate="STATUS_UNSOLVED"></span>
</span>
<span ng-show="challenge.solved && !challenge.disabled" id="{{challenge.name}}.solved" class="label label-success" ng-click="repeatNotification(challenge)" ng-class="{ 'label-button': allowRepeatNotifications }" uib-tooltip="{{ allowRepeatNotifications ? ('NOTIFICATION_RESEND_INSTRUCTIONS' | translate) : null }}">
<span ng-show="challenge.solved && !challenge.disabledEnv" id="{{challenge.name}}.solved" class="label label-success" ng-click="repeatNotification(challenge)" ng-class="{ 'label-button': allowRepeatNotifications }" uib-tooltip="{{ allowRepeatNotifications ? ('NOTIFICATION_RESEND_INSTRUCTIONS' | translate) : null }}">
<i class="far fa-flag" aria-hidden="true" ng-show="allowRepeatNotifications"></i>
<span translate="STATUS_SOLVED"></span>
</span>
<span ng-show="challenge.disabled" id="{{challenge.name}}.unavailable" class="label label-warning" uib-tooltip="{{challenge.hint}}">
<i class="fas fa-exclamation-triangle" aria-hidden="true"></i>
<span ng-show="challenge.disabledEnv" id="{{challenge.name}}.unavailable" class="label label-primary" uib-tooltip="{{challenge.hint}}">
<i class="fab fa-{{challenge.disabledEnv.toLowerCase()}}" aria-hidden="true"></i>
<span translate="STATUS_UNAVAILABLE"></span>
</span>
</td>
View
@@ -20,12 +20,6 @@ function loadStaticData (file) {
.catch(() => console.error('Could not open file: "' + filePath + '"'))
}
function disableOnDocker (challenge) {
challenge.disabled = true
challenge.hint = 'This challenge is not available when running in a Docker container!'
challenge.hintUrl = null
}
module.exports = async () => {
const creators = [
createUsers,
@@ -44,11 +38,6 @@ module.exports = async () => {
for (const creator of creators) {
await creator()
}
if (isDocker()) {
disableOnDocker(challenges.xxeFileDisclosureChallenge)
disableOnDocker(challenges.xxeDosChallenge)
}
}
async function createChallenges () {
@@ -57,7 +46,7 @@ async function createChallenges () {
const challenges = await loadStaticData('challenges')
await Promise.all(
challenges.map(async ({ name, category, description, difficulty, hint, hintUrl, key }) => {
challenges.map(async ({ name, category, description, difficulty, hint, hintUrl, key, disabledEnv }) => {
try {
const challenge = await models.Challenge.create({
key,
@@ -67,7 +56,8 @@ async function createChallenges () {
difficulty,
solved: false,
hint: showHints ? hint : null,
hintUrl: showHints ? hintUrl : null
hintUrl: showHints ? hintUrl : null,
disabledEnv: (isDocker() && disabledEnv === 'Docker') ? disabledEnv : null
})
datacache.challenges[key] = challenge
} catch (err) {
@@ -446,6 +446,7 @@
hint: 'The leverage point for this challenge is the deprecated B2B interface.'
hintUrl: 'https://bkimminich.gitbooks.io/pwning-owasp-juice-shop/content/part2/xxe.html#retrieve-the-content-of-cwindowssystemini-or-etcpasswd-from-the-server'
key: xxeFileDisclosureChallenge
disabledEnv: Docker
-
name: 'XXE Tier 2'
category: 'XXE'
@@ -454,6 +455,7 @@
hint: 'It is not as easy as sending a large amount of data directly to the deprecated B2B interface.'
hintUrl: 'https://bkimminich.gitbooks.io/pwning-owasp-juice-shop/content/part2/xxe.html#give-the-server-something-to-chew-on-for-quite-a-while'
key: xxeDosChallenge
disabledEnv: Docker
-
name: 'RCE Tier 1'
category: 'Insecure Deserialization'
View
@@ -8,7 +8,8 @@ module.exports = (sequelize, { STRING, INTEGER, BOOLEAN }) => {
difficulty: INTEGER,
hint: STRING,
hintUrl: STRING,
solved: BOOLEAN
solved: BOOLEAN,
disabledEnv: STRING
})
return Challenge
}

0 comments on commit 1d836b5

Please sign in to comment.