-
Notifications
You must be signed in to change notification settings - Fork 0
/
info.yml
89 lines (69 loc) · 3.57 KB
/
info.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
# The service name must contain only lowercase letters, numbers, and dashes. It MUST be the same as the repo name, sans "dc2020f-"
service_name: "nooode"
description: "Can you find the treasure?"
tags:
- web
violates_flag_format: false # if this is not "true", the flag is verfied against the flag format
# At some point we may start blocking all egress connections. Set this to True if your service needs them. DO NOT RELY ON THIS FOR BLOCKING THOUGH.
allow_egress: False
initial_flag: "OOO{asdf}" # this is the flag of the service when it first launches. For jeopardy, this is "THE FLAG"
flag_path: /flag # the location of the flag (for fresh flags). Leave blank for single-flag services (i.e., quals)
# Type can be normal or king_of_the_hill
type: normal
# Two options here, only for normal services.
# private means private team-team instances, shared means that they are shared.
# This is important to get right in both the game and the infra.
isolation: private
# This is the number of concurrent connections that a container should be able to handle.
# This will be tested by the test script
# check1.py does 4 connections, so this is really 64
concurrent_connections: 16
authors:
- kaπtain
# This is the timeout that your check scripts will be run as.
check_timeout: 120
#
# Directories below the next two are absolute in either the `service` or `interaction` docker container.
#
# These are the files that will be "public" to the teams via the scoreboard.
# The paths are relative to the repository
# They are published manually. IF YOU CHANGE THEM DURING THE GAME YELL!
public_files:
- service/public-nooode.tar.gz
# This is the file that may be patched (only 1 file is supported currently). They are relative to / in the challenge container!
patchable_file: /public-nooode.tar.gz
# The maximum difference in bytes between the original binary and the patch, if not supplied assumed to be 200 bytes
max_patchable_bytes: 2147483647
# Test scripts are heavily encouraged.
# All scripts should exit 0 if nothing went wrong.
# Scripts are automatically determined to be exploit scripts if they start with the word "exploit".
# Exploit scripts must output the flag using "FLAG: <FLAG>" and exit with 0 if the flag was captured correctly.
# The paths are absolute in the `interaction` docker container.
remote_interactions:
- /check1.py
# These local test scripts are run inside of a "local interaction" docker container that is derived from the service container.
# They are for running more hardcore tests (i.e., static analysis, etc).
# The paths are absolute in the `local-test` docker container.
local_tests:
- /check_nooop
# Services must have a unique game_port during the game
# game_port defaults to container_port, which defaults to the docker EXPOSE (grepped)
# Ideally, make EXPOSE unique and let chalmanager default to that
# game_port: some unique port number
container_port: 4017
game_port: 4017
# Resource limits that will go in k8s
# request_xxx is used for scheduling (overcommitting)
request_memory: 512m
limit_memory: 2048m
# It's strongly suggested to have a healthcheck regex
# The infrastructure will periodically connect and alert if it doesn't match anymore
#
# Example: healthcheck_tcp: awesome chall
# healthcheck_tcp_send: some intial command
# Example: healthcheck_http: Author Login
#
# It's not actually read from the info.yml, but be ready to give it to Sean (/Jacopo/Yan/...)
# It will go in inventory/group_vars/all ([email protected]:o-o-overflow/dc2020q-infra)
healthcheck_http: DOCTYPE
# TODO[quals]: other haproxy and kubernetes parameters (esp: cpu/ram resources, num instances)