Skip to content

Reject password-protected archive uploads #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
xusheng6 merged 2 commits into from
Dec 31, 2025
Merged

Reject password-protected archive uploads #2

xusheng6 merged 2 commits into from
Dec 31, 2025

Conversation

@xusheng6
Copy link
Contributor

@xusheng6 xusheng6 commented Dec 31, 2025

Summary

  • Add validation to reject crackme and solution submissions that contain password-protected ZIP archives
  • Users should NOT add passwords to their archives - the server handles compression and password protection automatically during the approval process
  • Clear error message informs users that they should not add passwords themselves

Changes

  • Created new app/services/archive.py with is_archive_password_protected() function to detect encrypted ZIP files
  • Added validation in crackme upload controller (app/controllers/crackme.py)
  • Added validation in solution upload controller (app/controllers/solution.py)

Test plan

  • Upload a non-password-protected ZIP file (should succeed)
  • Upload a password-protected ZIP file (should fail with clear error message)
  • Upload a non-archive file (should pass through to existing validation)

Fixes #1

🤖 Generated with Claude Code

xusheng6 and others added 2 commits December 31, 2025 11:12
@xusheng6 @claude
Reject password-protected archive uploads
aafd521 
Add validation to reject crackme and solution submissions that contain
password-protected ZIP archives. Users should not add passwords to their
archives as the server handles compression and password protection
automatically during the approval process.

- Add new archive service with is_archive_password_protected() function
- Add validation in crackme upload controller
- Add validation in solution upload controller

Fixes #1

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@xusheng6 @claude
Optimize crackme upload to read file data once
e95ab00 
Read file data into buffer once and reuse it for size check, password
protection check, and writing to disk. This avoids reading the file twice.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@xusheng6 xusheng6 merged commit f607167 into main Dec 31, 2025
@xusheng6 xusheng6 deleted the reject-password-protected-archives branch December 31, 2025 03:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Automatically reject crackme and solution submissions that already have a password

2 participants

@xusheng6