Merge pull request #139 from dirtbags/substring-answers

Substring answers. John said it was okay.
This commit is contained in:
Neale Pickett 2020-03-10 17:50:23 -06:00 committed by GitHub
commit be448eadc5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 87 additions and 27 deletions

View File

@ -5,6 +5,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
## [Unreleased]
### Changed
- We are now using SHA256 instead of djb2hash
### Added
- URL parameter to points.json to allow returning only the JSON for a single
team by its team id (e.g., points.json?id=abc123).
@ -13,6 +15,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
- add_script_stream convenience function allows easy script addition to puzzle
- Autobuild Docker images to test buildability
- Extract and use X-Forwarded-For headers in mothd logging
- Mothballs can now specify `X-Answer-Pattern` header fields, which allow `*`
at the beginning, end, or both, of an answer. This is `X-` because we
are hoping to change how this works in the future.
### Fixed
- Handle cases where non-legacy puzzles don't have an `author` attribute
- Handle YAML-formatted file and script lists as expected

View File

@ -77,12 +77,12 @@ class MothRequestHandler(http.server.SimpleHTTPRequestHandler):
"status": "success",
"data": {
"short": "",
"description": "Provided answer was not in list of answers"
"description": "%r was not in list of answers" % self.req.get("answer")
},
}
if self.req.get("answer") in puzzle.answers:
ret["data"]["description"] = "Answer is correct"
ret["data"]["description"] = "Answer %r is correct" % self.req.get("answer")
self.send_response(200)
self.send_header("Content-Type", "application/json")
self.end_headers()

View File

@ -22,11 +22,8 @@ messageChars = b'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'
LOGGER = logging.getLogger(__name__)
def djb2hash(str):
h = 5381
for c in str.encode("utf-8"):
h = ((h * 33) + c) & 0xffffffff
return h
def sha256hash(str):
return hashlib.sha256(str.encode("utf-8")).hexdigest()
@contextlib.contextmanager
def pushd(newdir):
@ -130,6 +127,7 @@ class Puzzle:
self.summary = None
self.authors = []
self.answers = []
self.xAnchors = {"begin", "end"}
self.scripts = []
self.pattern = None
self.hint = None
@ -215,6 +213,16 @@ class Puzzle:
if not isinstance(val, str):
raise ValueError("Answers must be strings, got %s, instead" % (type(val),))
self.answers.append(val)
elif key == 'x-answer-pattern':
a = val.strip("*")
assert "*" not in a, "Patterns may only have * at the beginning and end"
assert "?" not in a, "Patterns do not currently support ? characters"
assert "[" not in a, "Patterns do not currently support character ranges"
self.answers.append(a)
if val.startswith("*"):
self.xAnchors.discard("begin")
if val.endswith("*"):
self.xAnchors.discard("end")
elif key == "answers":
for answer in val:
if not isinstance(answer, str):
@ -448,12 +456,13 @@ class Puzzle:
'success': self.success,
'solution': self.solution,
'ksas': self.ksas,
'xAnchors': list(self.xAnchors),
}
def hashes(self):
"Return a list of answer hashes"
return [djb2hash(a) for a in self.answers]
return [sha256hash(a) for a in self.answers]
class Category:

View File

@ -1,6 +1,8 @@
Summary: Answer patterns
Answer: command.com
Answer: COMMAND.COM
X-Answer-Pattern: PINBALL.*
X-Answer-Pattern: pinball.*
Author: neale
Pattern: [0-9A-Za-z]{1,8}\.[A-Za-z]{1,3}

View File

@ -22,6 +22,7 @@
<form>
<input type="hidden" name="cat">
<input type="hidden" name="points">
<input type="hidden" name="xAnswer">
Team ID: <input type="text" name="id"> <br>
Answer: <input type="text" name="answer" id="answer"> <span id="answer_ok"></span><br>
<input type="submit" value="Submit">

View File

@ -51,12 +51,10 @@ function devel_addin(obj, e) {
}
}
// The routine used to hash answers in compiled puzzle packages
// Hash routine used in v3.4 and earlier
function djb2hash(buf) {
let h = 5381
for (let c of (new TextEncoder).encode(buf)) { // Encode as UTF-8 and read in each byte
for (let c of (new TextEncoder()).encode(buf)) { // Encode as UTF-8 and read in each byte
// JavaScript converts everything to a signed 32-bit integer when you do bitwise operations.
// So we have to do "unsigned right shift" by zero to get it back to unsigned.
h = (((h * 33) + c) & 0xffffffff) >>> 0
@ -64,6 +62,47 @@ function djb2hash(buf) {
return h
}
// The routine used to hash answers in compiled puzzle packages
async function sha256Hash(message) {
const msgUint8 = new TextEncoder().encode(message); // encode as (utf-8) Uint8Array
const hashBuffer = await crypto.subtle.digest('SHA-256', msgUint8); // hash the message
const hashArray = Array.from(new Uint8Array(hashBuffer)); // convert buffer to byte array
const hashHex = hashArray.map(b => b.toString(16).padStart(2, '0')).join(''); // convert bytes to hex string
return hashHex;
}
// Is the provided answer possibly correct?
async function possiblyCorrect(answer) {
for (let correctHash of window.puzzle.hashes) {
// CPU time is cheap. Especially if it's not our server's time.
// So we'll just try absolutely everything and see what happens.
// We're counting on hash collisions being extremely rare with the algorithm we use.
// And honestly, this pales in comparison to the amount of CPU being eaten by
// something like the github 404 page.
if (djb2hash(answer) == correctHash) {
return answer
}
for (let len = 0; len <= answer.length; len += 1) {
if (window.puzzle.xAnchors.includes("end") && (len != answer.length)) {
continue
}
for (let pos = 0; pos < answer.length - len + 1; pos += 1) {
if (window.puzzle.xAnchors.includes("begin") && (pos > 0)) {
continue
}
let sub = answer.substring(pos, pos+len)
let digest = await sha256Hash(sub)
if (digest == correctHash) {
return sub
}
}
}
}
return false
}
// Pop up a message
function toast(message, timeout=5000) {
@ -80,9 +119,17 @@ function toast(message, timeout=5000) {
// When the user submits an answer
function submit(e) {
e.preventDefault()
let data = new FormData(e.target)
// Kludge for patterned answers
let xAnswer = data.get("xAnswer")
if (xAnswer) {
data.set("answer", xAnswer)
}
window.data = data
fetch("answer", {
method: "POST",
body: new FormData(e.target),
body: data,
})
.then(resp => {
if (resp.ok) {
@ -180,21 +227,17 @@ function answerCheck(e) {
return
}
let possiblyCorrect = false
let answerHash = djb2hash(answer)
for (let correctHash of window.puzzle.hashes) {
if (correctHash == answerHash) {
possiblyCorrect = true
possiblyCorrect(answer)
.then (correct => {
document.querySelector("[name=xAnswer").value = correct || answer
if (correct) {
ok.textContent = "⭕"
ok.title = "Possibly correct"
} else {
ok.textContent = "❌"
ok.title = "Definitely not correct"
}
}
if (possiblyCorrect) {
ok.textContent = "❓"
ok.title = "Possibly correct"
} else {
ok.textContent = "⛔"
ok.title = "Definitely not correct"
}
})
}
function init() {