From 44f5c2cfb3c54c450b73f7aa299076ce69ca54d8 Mon Sep 17 00:00:00 2001 From: Matteo Rizzo Date: Tue, 7 Jan 2025 16:15:24 +0000 Subject: [PATCH] kernelCTF: fix check-submission.py for v2 flags In 57ace30e93e0bc13dc81c102fd7d9117679d214 we introduced a new flag format but forgot to update the flag regex in check-submission.py so now it's rejecting valid submisisons that use the new format (e.g. https://github.com/google/security-research/pull/151). --- kernelctf/check-submission.py | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/kernelctf/check-submission.py b/kernelctf/check-submission.py index 90fcbb890..f88330c85 100755 --- a/kernelctf/check-submission.py +++ b/kernelctf/check-submission.py @@ -42,7 +42,7 @@ checkList(exploitFolders, lambda f: any(f.startswith(p) for p in validExploitFolderPrefixes), f"The submission folder name (`{subDirName}`) is not consistent with the exploits in the `{EXPLOIT_DIR}` folder. " + f"Based on the folder name (`{subDirName}`), the subfolders are expected to be prefixed with one of these: {', '.join(f'`{t}-`' for t in targets)}, " + - "but this is not true for the following entries: . You can put the extra files into a folder prefixed with `extra-`, " + + "but this is not true for the following entries: . You can put the extra files into a folder prefixed with `extra-`, " + "but try to make it clear what's the difference between this exploit and the others.") reqFilesPerExploit = ["Makefile", "exploit.c", "exploit"] @@ -121,7 +121,17 @@ if cve != publicData["CVE"]: error(f"The CVE on the public spreadsheet for submission `{submissionId}` is `{publicData['CVE']}` but the PR is for `{cve}`.") -flagTargets = set([checkRegex(flag, r"kernelCTF\{v1:([^:]+):\d+\}", f"The flag (`{flag}`) is invalid").group(1) for flag in flags]) +flagRegex = r"kernelCTF\{(?:v1:([^:]+)|v2:([^:]+):([^:]*)):\d+\}" +def flagTarget(flag): + match = checkRegex(flag, flagRegex, f"The flag (`{flag}`) is invalid") + if match.group(1): + # v1 flag + return match.group(1) + + # v2 flag + return match.group(2) + +flagTargets = set([flagTarget(flag) for flag in flags]) if "mitigation-6.1-v2" in flagTargets: flagTargets = flagTargets - {"mitigation-6.1-v2"} | {"mitigation-6.1"} print(f"[-] Got flags for the following targets: {', '.join(flagTargets)}") @@ -153,4 +163,3 @@ def summary(success, text): ghSet("OUTPUT", f"artifact_backup_dir={'_'.join(submissionIds)}") summary(True, f"✅ The file structure verification of the PR was successful!") -