Added CFSS support and validation.

MOBergeron · MOBergeron · commit b89d557d4287 · 2025-10-14T22:35:40.000-04:00
diff --git a/ctf/schemas/track.yaml.json b/ctf/schemas/track.yaml.json
@@ -131,6 +131,11 @@
               "description": "The text the participants see AFTER they submit the flag. Example: [mytrackname] 1/1 Good job! Track completed.",
               "minLength": 1
             },
+            "cfss": {
+              "type": "string",
+              "description": "The CFSS string based on https://github.com/res260/cfss",
+              "pattern": "^CFSS:[0-9]\\.[0-9][0-9]?/TS:[LBIA]/E:[LMH]/HSFC:[NY]=[0-9][0-9]?-[0-9][0-9]?$"
+            },
             "tags": {
               "type": "object",
               "description": "Askgod tags for this flag. Use tag `discourse: sometriggername` to define triggers for posts in the posts/ directory.",
diff --git a/ctf/templates/init/schemas/track.yaml.json b/ctf/templates/init/schemas/track.yaml.json
@@ -131,6 +131,11 @@
               "description": "The text the participants see AFTER they submit the flag. Example: [mytrackname] 1/1 Good job! Track completed.",
               "minLength": 1
             },
+            "cfss": {
+              "type": "string",
+              "description": "The CFSS string based on https://github.com/res260/cfss",
+              "pattern": "^CFSS:[0-9]\\.[0-9][0-9]?/TS:[LBIA]/E:[LMH]/HSFC:[NY]=[0-9][0-9]?-[0-9][0-9]?$"
+            },
             "tags": {
               "type": "object",
               "description": "Askgod tags for this flag. Use tag `discourse: sometriggername` to define triggers for posts in the posts/ directory.",
@@ -165,4 +170,4 @@
       "services",
       "flags"
     ]
-  }
+  }
diff --git a/ctf/templates/new/common/track.yaml.j2 b/ctf/templates/new/common/track.yaml.j2
@@ -26,6 +26,8 @@ flags:
     description: Free flag in source of index.php CHANGE_ME
     # The text the participants see AFTER they submit the flag.
     return_string: '[{{ data.name }}] 1/1 Good job! Track completed. CHANGE_ME'
+    # CFSS string based on https://github.com/res260/cfss
+    cfss: "CFSS:0.3/TS:B/E:M/HSFC:N=4-7"
     tags:
       # Name of the discourse trigger for this flag. If a discourse post in the posts/ directory has this trigger, it will be posted when this flag is submitted.
       # This value can also be used to reference flags in Ansible playbooks. See the "Load Flags" task in deploy.yaml.
diff --git a/ctf/validators.py b/ctf/validators.py
@@ -449,13 +449,69 @@ def validate(self, track_name: str) -> list[ValidationError]:
         return errors
 
 
+class CFSSStringValidator(Validator):
+    """Validate the CFSS string of each flag in the track.yaml."""
+
+    CFSS_VALUE_REGEX = re.compile(
+        r"^CFSS:[0-9]\.[0-9][0-9]?/TS:[LBIA]/E:[LMH]/HSFC:[NY]=([0-9][0-9]?-[0-9][0-9]?)$"
+    )
+
+    def validate(self, track_name: str) -> list[ValidationError]:
+        errors: list[ValidationError] = []
+
+        track_yaml = parse_track_yaml(track_name=track_name)
+        for flag in track_yaml["flags"]:
+            if "cfss" not in flag:
+                errors.append(
+                    ValidationError(
+                        error_name="CFSS string not found",
+                        error_description="CFSS string was not present in the track.yaml.",
+                        track_name=track_name,
+                        details={
+                            "CFSS string": "Not found",
+                            "Flag value": str(flag.get("value")),
+                        },
+                    )
+                )
+                continue
+
+            cfss: str = flag.get("cfss")
+            value: int = flag.get("value")
+
+            # Should never happen since schemas/track.yaml.json is validated first.
+            if not (m := self.CFSS_VALUE_REGEX.match(cfss)):
+                errors.append(
+                    ValidationError(
+                        error_name="CFSS string did not match REGEX",
+                        error_description='CFSS string did not match "^CFSS:[0-9]\\.[0-9][0-9]?/TS:[LBIA]/E:[LMH]/HSFC:[NY]=([0-9][0-9]?-[0-9][0-9]?)$".',
+                        track_name=track_name,
+                        details={"CFSS string": cfss, "Flag value": str(value)},
+                    )
+                )
+                continue
+
+            low, high = m.group(1).split("-")
+            if value < int(low) or value > int(high):
+                errors.append(
+                    ValidationError(
+                        error_name="Flag value not in CFSS range",
+                        error_description="Flag value did not correspond to CFSS string's value.",
+                        track_name=track_name,
+                        details={"CFSS string": cfss, "Flag value": str(value)},
+                    )
+                )
+                continue
+        return errors
+
+
 validators_list = [
+    CFSSStringValidator,
+    DiscourseFileNamesValidator,
+    DiscoursePostsAskGodTagValidator,
     FilesValidator,
-    FlagsValidator,
     FireworksAskGodTagValidator,
-    DiscoursePostsAskGodTagValidator,
+    FlagsValidator,
+    OrphanServicesValidator,
     PlaceholderValuesValidator,
-    DiscourseFileNamesValidator,
     ServicesValidator,
-    OrphanServicesValidator,
 ]
