Merge remote-tracking branch 'origin/develop' into develop

# Conflicts:
#	README.md

Author: bkimminich

lib/generators/ctfd.js

@@ -5,117 +5,63 @@
 
 const Promise = require('bluebird')
 const calculateScore = require('../calculateScore')
-const calculateHintCost = require('../calculateHintCost')
+// const calculateHintCost = require('../calculateHintCost')
 const hmacSha1 = require('../hmac')
 const options = require('../options')
 
 function createCtfdExport (challenges, { insertHints, insertHintUrls, insertHintSnippets, ctfKey, vulnSnippets }) {
-  function insertChallenge (data, challenge) {
-    const score = calculateScore(challenge.difficulty)
-    challenge.description = challenge.description.replace('`xss`', '`xss`')
-    data.challenges.results.push(
-      {
-        id: challenge.id,
-        name: challenge.name,
-        description: challenge.description + ' (Difficulty Level: ' + challenge.difficulty + ')',
-        max_attempts: 0,
-        value: score,
-        category: challenge.category,
-        type: 'standard',
-        state: 'visible',
-        next_id: null // TODO Use "tutorialOrder" to recommend order of first challenges; leave null for rest
-      }
-    )
-  }
-
-  function insertKey ({ flagKeys }, { id, name }) {
-    flagKeys.results.push(
-      {
-        id,
-        challenge_id: id,
-        type: 'static',
-        content: hmacSha1(ctfKey, name),
-        data: null
-      }
-    )
-  }
-
-  function insertTextHint ({ hints }, challenge) {
-    hints.results.push(
-      {
-        id: challenge.id,
-        type: 'standard',
-        challenge_id: challenge.id,
-        content: challenge.hint,
-        cost: calculateHintCost(challenge, insertHints)
-      }
-    )
-  }
-
-  function insertHintUrl ({ hints }, challenge, hasTextHintPrerequisite) {
-    hints.results.push(
-      {
-        id: 10000 + challenge.id,
-        type: 'standard',
-        challenge_id: challenge.id,
-        content: challenge.hintUrl,
-        cost: calculateHintCost(challenge, insertHintUrls),
-        requirements: hasTextHintPrerequisite ? { prerequisites: [challenge.id] } : null
-      }
-    )
-  }
-
-  function insertHintSnippet ({ hints }, challenge, snippet, hasTextHintPrerequisite, hasHintUrlPrerequisite) {
-    hints.results.push(
-      {
-        id: 20000 + challenge.id,
-        type: 'standard',
-        challenge_id: challenge.id,
-        content: '<pre><code>' + snippet + '</code></pre>',
-        cost: calculateHintCost(challenge, insertHintSnippets),
-        requirements: hasTextHintPrerequisite ? (hasHintUrlPrerequisite ? { prerequisites: [challenge.id, 10000 + challenge.id] } : { prerequisites: [challenge.id] }) : (hasHintUrlPrerequisite ? { prerequisites: [10000 + challenge.id] } : null)
-      }
-    )
+  function insertChallengeHints (challenge) {
+    const hints = []
+    if (challenge.hint && insertHints !== options.noTextHints) {
+      hints.push(challenge.hint.replaceAll('"', '""').replaceAll(',', '٬'))
+    }
+    if (challenge.hintUrl && insertHintUrls !== options.noHintUrls) {
+      hints.push(challenge.hintUrl)
+    }
+    if (vulnSnippets[challenge.key] && insertHintSnippets !== options.noHintSnippets) {
+      hints.push('<pre><code>' + vulnSnippets[challenge.key].replaceAll('"', '""').replaceAll(',', '٬') + '</code></pre>')
+    }
+    return (hints.length === 0 ? '' : `"${hints.join(',')}"`)
   }
 
-  function insertTags ({ tags }, challenge) {
-    if (!challenge.tags) {
-      return
+  /*
+  function insertChallengeHintCosts (challenge) {
+    const hintCosts = []
+    if (challenge.hint && insertHints !== options.noTextHints) {
+      hintCosts.push(calculateHintCost(challenge, insertHints))
     }
-    tags.results.push(
-      ...challenge.tags.split(',').map((tag, index) => {
-        return {
-          id: (challenge.id * 100) + index,
-          challenge_id: challenge.id,
-          value: tag
-        }
-      })
-    )
+    if (challenge.hintUrl && insertHintUrls !== options.noHintUrls) {
+      hintCosts.push(calculateHintCost(challenge, insertHintUrls))
+    }
+    if (vulnSnippets[challenge.key] && insertHintSnippets !== options.noHintSnippets) {
+      hintCosts.push(calculateHintCost(challenge, insertHintSnippets))
+    }
+    return (hintCosts.length === 0 ? '' : `"${hintCosts.join(',')}"`)
   }
+*/
 
   return new Promise((resolve, reject) => {
     try {
-      const data = {
-        challenges: { results: [] },
-        hints: { results: [] },
-        flagKeys: { results: [] },
-        tags: { results: [] }
-      }
+      const data = []
       for (const key in challenges) {
         if (Object.prototype.hasOwnProperty.call(challenges, key)) {
           const challenge = challenges[key]
-          insertChallenge(data, challenge)
-          insertKey(data, challenge)
-          insertTags(data, challenge)
-          if (challenge.hint && insertHints !== options.noTextHints) {
-            insertTextHint(data, challenge)
-          }
-          if (challenge.hintUrl && insertHintUrls !== options.noHintUrls) {
-            insertHintUrl(data, challenge, insertHints !== options.noTextHints)
-          }
-          if (vulnSnippets[challenge.key] && insertHintSnippets !== options.noHintSnippets) {
-            insertHintSnippet(data, challenge, vulnSnippets[challenge.key], insertHints !== options.noTextHints, insertHintUrls !== options.noHintUrls)
-          }
+          data.push(
+            {
+              name: challenge.name,
+              description: `"${challenge.description.replaceAll('"', '""')} (Difficulty Level: ${challenge.difficulty})"`,
+              category: challenge.category,
+              value: calculateScore(challenge.difficulty),
+              type: 'standard',
+              state: 'visible',
+              max_attempts: 0,
+              flags: hmacSha1(ctfKey, challenge.name),
+              tags: challenge.tags ? `"${challenge.tags}"` : '',
+              hints: insertChallengeHints(challenge),
+              // hint_cost: insertChallengeHintCosts(challenge),
+              type_data: ''
+            }
+          )
         }
       }
       resolve(data)

lib/generators/index.js

@@ -3,7 +3,7 @@
  * SPDX-License-Identifier: MIT
  */
 
-const writeToCtfdZip = require('../writeToCtfdZip')
+const writeToCtfdZip = require('../writeToCtfdCsv')
 const writeToFbctfJson = require('../writeToFbctfJson')
 const writeToRtbXml = require('../writeToRtbXml')
 const options = require('../options')

lib/writeToCtfdCsv.js

@@ -0,0 +1,31 @@
+/*
+ * Copyright (c) 2016-2022 Bjoern Kimminich & the OWASP Juice Shop contributors.
+ * SPDX-License-Identifier: MIT
+ */
+
+const Promise = require('bluebird')
+const fs = require('fs')
+Promise.promisifyAll(fs)
+const path = require('path')
+const dateFormat = require('dateformat')
+
+function writeToCtfdCsv (data, desiredFileName) {
+  return new Promise((resolve, reject) => {
+    const fileName = desiredFileName || 'OWASP_Juice_Shop.' + dateFormat(new Date(), 'yyyy-mm-dd') + '.CTFd.csv'
+    fs.writeFileAsync(fileName, convertToCSV(data), 'utf8').then(() => {
+      resolve(path.resolve(fileName).green)
+    }).catch(({ message }) => {
+      reject(new Error('Failed to write output to file! ' + message))
+    })
+  })
+}
+
+function convertToCSV (arr) {
+  const array = [Object.keys(arr[0])].concat(arr)
+
+  return array.map(it => {
+    return Object.values(it).toString()
+  }).join('\n')
+}
+
+module.exports = writeToCtfdCsv