diff --git a/ctfcli/cli/media.py b/ctfcli/cli/media.py index 0e7c064..e142f0b 100644 --- a/ctfcli/cli/media.py +++ b/ctfcli/cli/media.py @@ -15,8 +15,8 @@ def add(self, path): api = API() - new_file = ("file", open(path, mode="rb")) filename = os.path.basename(path) + new_file = (filename, open(path, mode="rb")) location = f"media/{filename}" file_payload = { "type": "page", @@ -24,7 +24,7 @@ def add(self, path): } # Specifically use data= here to send multipart/form-data - r = api.post("/api/v1/files", files=[new_file], data=file_payload) + r = api.post("/api/v1/files", files={"file": new_file}, data=file_payload) r.raise_for_status() resp = r.json() server_location = resp["data"][0]["location"] diff --git a/ctfcli/core/api.py b/ctfcli/core/api.py index 5487642..ae8fae7 100644 --- a/ctfcli/core/api.py +++ b/ctfcli/core/api.py @@ -1,6 +1,8 @@ +from typing import Mapping from urllib.parse import urljoin from requests import Session +from requests_toolbelt.multipart.encoder import MultipartEncoder from ctfcli.core.config import Config @@ -38,20 +40,53 @@ def __init__(self): if "cookies" in config: self.cookies.update(dict(config["cookies"])) - def request(self, method, url, *args, **kwargs): + def request(self, method, url, data=None, files=None, *args, **kwargs): # Strip out the preceding / so that urljoin creates the right url # considering the appended / on the prefix_url url = urljoin(self.prefix_url, url.lstrip("/")) - # if data= is present, do not modify the content-type - if kwargs.get("data", None) is not None: - return super(API, self).request(method, url, *args, **kwargs) + # If data or files are any kind of key/value iterable + # then encode the body as form-data + if isinstance(data, (list, tuple, Mapping)) or isinstance(files, (list, tuple, Mapping)): + # In order to use the MultipartEncoder, we need to convert data and files to the following structure : + # A list of tuple containing the key and the values : List[Tuple[str, str]] + # For files, the structure can be List[Tuple[str, Tuple[str, str, Optional[str]]]] + # Example: [ ('file', ('doc.pdf', open('doc.pdf'), 'text/plain') ) ] + + fields = list() + if isinstance(data, dict): + # int are not allowed as value in MultipartEncoder + fields = list(map(lambda v: (v[0], str(v[1]) if isinstance(v[1], int) else v[1]), data.items())) + + if files is not None: + if isinstance(files, dict): + files = list(files.items()) + fields.extend(files) # type: ignore + + multipart = MultipartEncoder(fields) + + return super(API, self).request( + method, + url, + data=multipart, + headers={"Content-Type": multipart.content_type}, + *args, + **kwargs, + ) # otherwise set the content-type to application/json for all API requests # modify the headers here instead of using self.headers because we don't want to # override the multipart/form-data case above - if kwargs.get("headers", None) is None: - kwargs["headers"] = {} + if data is None and files is None: + if kwargs.get("headers", None) is None: + kwargs["headers"] = {} + kwargs["headers"]["Content-Type"] = "application/json" - kwargs["headers"]["Content-Type"] = "application/json" - return super(API, self).request(method, url, *args, **kwargs) + return super(API, self).request( + method, + url, + data=data, + files=files, + *args, + **kwargs, + ) diff --git a/ctfcli/core/challenge.py b/ctfcli/core/challenge.py index 8bb4c6e..3814947 100644 --- a/ctfcli/core/challenge.py +++ b/ctfcli/core/challenge.py @@ -352,11 +352,11 @@ def _delete_file(self, remote_location: str): r.raise_for_status() def _create_file(self, local_path: Path): - new_file = ("file", open(local_path, mode="rb")) + new_file = (local_path.name, open(local_path, mode="rb")) file_payload = {"challenge_id": self.challenge_id, "type": "challenge"} # Specifically use data= here to send multipart/form-data - r = self.api.post("/api/v1/files", files=[new_file], data=file_payload) + r = self.api.post("/api/v1/files", files={"file": new_file}, data=file_payload) r.raise_for_status() # Close the file handle @@ -365,7 +365,8 @@ def _create_file(self, local_path: Path): def _create_all_files(self): new_files = [] for challenge_file in self["files"]: - new_files.append(("file", open(self.challenge_directory / challenge_file, mode="rb"))) + file_path = self.challenge_directory / challenge_file + new_files.append(("file", (file_path.name, file_path.open("rb")))) files_payload = {"challenge_id": self.challenge_id, "type": "challenge"} @@ -375,7 +376,7 @@ def _create_all_files(self): # Close the file handles for file_payload in new_files: - file_payload[1].close() + file_payload[1][1].close() def _delete_existing_hints(self): remote_hints = self.api.get("/api/v1/hints").json()["data"] diff --git a/poetry.lock b/poetry.lock index 598dd2f..f2c85f5 100644 --- a/poetry.lock +++ b/poetry.lock @@ -1,4 +1,4 @@ -# This file is automatically @generated by Poetry 1.6.0 and should not be changed by hand. +# This file is automatically @generated by Poetry 1.8.4 and should not be changed by hand. [[package]] name = "appdirs" @@ -439,6 +439,16 @@ files = [ {file = "MarkupSafe-2.1.3-cp311-cp311-musllinux_1_1_x86_64.whl", hash = "sha256:5bbe06f8eeafd38e5d0a4894ffec89378b6c6a625ff57e3028921f8ff59318ac"}, {file = "MarkupSafe-2.1.3-cp311-cp311-win32.whl", hash = "sha256:dd15ff04ffd7e05ffcb7fe79f1b98041b8ea30ae9234aed2a9168b5797c3effb"}, {file = "MarkupSafe-2.1.3-cp311-cp311-win_amd64.whl", hash = "sha256:134da1eca9ec0ae528110ccc9e48041e0828d79f24121a1a146161103c76e686"}, + {file = "MarkupSafe-2.1.3-cp312-cp312-macosx_10_9_universal2.whl", hash = "sha256:f698de3fd0c4e6972b92290a45bd9b1536bffe8c6759c62471efaa8acb4c37bc"}, + {file = "MarkupSafe-2.1.3-cp312-cp312-macosx_10_9_x86_64.whl", hash = "sha256:aa57bd9cf8ae831a362185ee444e15a93ecb2e344c8e52e4d721ea3ab6ef1823"}, + {file = "MarkupSafe-2.1.3-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:ffcc3f7c66b5f5b7931a5aa68fc9cecc51e685ef90282f4a82f0f5e9b704ad11"}, + {file = "MarkupSafe-2.1.3-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:47d4f1c5f80fc62fdd7777d0d40a2e9dda0a05883ab11374334f6c4de38adffd"}, + {file = "MarkupSafe-2.1.3-cp312-cp312-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:1f67c7038d560d92149c060157d623c542173016c4babc0c1913cca0564b9939"}, + {file = "MarkupSafe-2.1.3-cp312-cp312-musllinux_1_1_aarch64.whl", hash = "sha256:9aad3c1755095ce347e26488214ef77e0485a3c34a50c5a5e2471dff60b9dd9c"}, + {file = "MarkupSafe-2.1.3-cp312-cp312-musllinux_1_1_i686.whl", hash = "sha256:14ff806850827afd6b07a5f32bd917fb7f45b046ba40c57abdb636674a8b559c"}, + {file = "MarkupSafe-2.1.3-cp312-cp312-musllinux_1_1_x86_64.whl", hash = "sha256:8f9293864fe09b8149f0cc42ce56e3f0e54de883a9de90cd427f191c346eb2e1"}, + {file = "MarkupSafe-2.1.3-cp312-cp312-win32.whl", hash = "sha256:715d3562f79d540f251b99ebd6d8baa547118974341db04f5ad06d5ea3eb8007"}, + {file = "MarkupSafe-2.1.3-cp312-cp312-win_amd64.whl", hash = "sha256:1b8dd8c3fd14349433c79fa8abeb573a55fc0fdd769133baac1f5e07abf54aeb"}, {file = "MarkupSafe-2.1.3-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:8e254ae696c88d98da6555f5ace2279cf7cd5b3f52be2b5cf97feafe883b58d2"}, {file = "MarkupSafe-2.1.3-cp37-cp37m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:cb0932dc158471523c9637e807d9bfb93e06a95cbf010f1a38b98623b929ef2b"}, {file = "MarkupSafe-2.1.3-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:9402b03f1a1b4dc4c19845e5c749e3ab82d5078d16a2a4c2cd2df62d57bb0707"}, @@ -679,6 +689,7 @@ files = [ {file = "PyYAML-6.0.1-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:69b023b2b4daa7548bcfbd4aa3da05b3a74b772db9e23b982788168117739938"}, {file = "PyYAML-6.0.1-cp310-cp310-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:81e0b275a9ecc9c0c0c07b4b90ba548307583c125f54d5b6946cfee6360c733d"}, {file = "PyYAML-6.0.1-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:ba336e390cd8e4d1739f42dfe9bb83a3cc2e80f567d8805e11b46f4a943f5515"}, + {file = "PyYAML-6.0.1-cp310-cp310-musllinux_1_1_x86_64.whl", hash = "sha256:326c013efe8048858a6d312ddd31d56e468118ad4cdeda36c719bf5bb6192290"}, {file = "PyYAML-6.0.1-cp310-cp310-win32.whl", hash = "sha256:bd4af7373a854424dabd882decdc5579653d7868b8fb26dc7d0e99f823aa5924"}, {file = "PyYAML-6.0.1-cp310-cp310-win_amd64.whl", hash = "sha256:fd1592b3fdf65fff2ad0004b5e363300ef59ced41c2e6b3a99d4089fa8c5435d"}, {file = "PyYAML-6.0.1-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:6965a7bc3cf88e5a1c3bd2e0b5c22f8d677dc88a455344035f03399034eb3007"}, @@ -686,8 +697,16 @@ files = [ {file = "PyYAML-6.0.1-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:42f8152b8dbc4fe7d96729ec2b99c7097d656dc1213a3229ca5383f973a5ed6d"}, {file = "PyYAML-6.0.1-cp311-cp311-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:062582fca9fabdd2c8b54a3ef1c978d786e0f6b3a1510e0ac93ef59e0ddae2bc"}, {file = "PyYAML-6.0.1-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:d2b04aac4d386b172d5b9692e2d2da8de7bfb6c387fa4f801fbf6fb2e6ba4673"}, + {file = "PyYAML-6.0.1-cp311-cp311-musllinux_1_1_x86_64.whl", hash = "sha256:e7d73685e87afe9f3b36c799222440d6cf362062f78be1013661b00c5c6f678b"}, {file = "PyYAML-6.0.1-cp311-cp311-win32.whl", hash = "sha256:1635fd110e8d85d55237ab316b5b011de701ea0f29d07611174a1b42f1444741"}, {file = "PyYAML-6.0.1-cp311-cp311-win_amd64.whl", hash = "sha256:bf07ee2fef7014951eeb99f56f39c9bb4af143d8aa3c21b1677805985307da34"}, + {file = "PyYAML-6.0.1-cp312-cp312-macosx_10_9_x86_64.whl", hash = "sha256:855fb52b0dc35af121542a76b9a84f8d1cd886ea97c84703eaa6d88e37a2ad28"}, + {file = "PyYAML-6.0.1-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:40df9b996c2b73138957fe23a16a4f0ba614f4c0efce1e9406a184b6d07fa3a9"}, + {file = "PyYAML-6.0.1-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:a08c6f0fe150303c1c6b71ebcd7213c2858041a7e01975da3a99aed1e7a378ef"}, + {file = "PyYAML-6.0.1-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:6c22bec3fbe2524cde73d7ada88f6566758a8f7227bfbf93a408a9d86bcc12a0"}, + {file = "PyYAML-6.0.1-cp312-cp312-musllinux_1_1_x86_64.whl", hash = "sha256:8d4e9c88387b0f5c7d5f281e55304de64cf7f9c0021a3525bd3b1c542da3b0e4"}, + {file = "PyYAML-6.0.1-cp312-cp312-win32.whl", hash = "sha256:d483d2cdf104e7c9fa60c544d92981f12ad66a457afae824d146093b8c294c54"}, + {file = "PyYAML-6.0.1-cp312-cp312-win_amd64.whl", hash = "sha256:0d3304d8c0adc42be59c5f8a4d9e3d7379e6955ad754aa9d6ab7a398b59dd1df"}, {file = "PyYAML-6.0.1-cp36-cp36m-macosx_10_9_x86_64.whl", hash = "sha256:50550eb667afee136e9a77d6dc71ae76a44df8b3e51e41b77f6de2932bfe0f47"}, {file = "PyYAML-6.0.1-cp36-cp36m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:1fe35611261b29bd1de0070f0b2f47cb6ff71fa6595c077e42bd0c419fa27b98"}, {file = "PyYAML-6.0.1-cp36-cp36m-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:704219a11b772aea0d8ecd7058d0082713c3562b4e271b849ad7dc4a5c90c13c"}, @@ -704,6 +723,7 @@ files = [ {file = "PyYAML-6.0.1-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:a0cd17c15d3bb3fa06978b4e8958dcdc6e0174ccea823003a106c7d4d7899ac5"}, {file = "PyYAML-6.0.1-cp38-cp38-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:28c119d996beec18c05208a8bd78cbe4007878c6dd15091efb73a30e90539696"}, {file = "PyYAML-6.0.1-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:7e07cbde391ba96ab58e532ff4803f79c4129397514e1413a7dc761ccd755735"}, + {file = "PyYAML-6.0.1-cp38-cp38-musllinux_1_1_x86_64.whl", hash = "sha256:49a183be227561de579b4a36efbb21b3eab9651dd81b1858589f796549873dd6"}, {file = "PyYAML-6.0.1-cp38-cp38-win32.whl", hash = "sha256:184c5108a2aca3c5b3d3bf9395d50893a7ab82a38004c8f61c258d4428e80206"}, {file = "PyYAML-6.0.1-cp38-cp38-win_amd64.whl", hash = "sha256:1e2722cc9fbb45d9b87631ac70924c11d3a401b2d7f410cc0e3bbf249f2dca62"}, {file = "PyYAML-6.0.1-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:9eb6caa9a297fc2c2fb8862bc5370d0303ddba53ba97e71f08023b6cd73d16a8"}, @@ -711,6 +731,7 @@ files = [ {file = "PyYAML-6.0.1-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:5773183b6446b2c99bb77e77595dd486303b4faab2b086e7b17bc6bef28865f6"}, {file = "PyYAML-6.0.1-cp39-cp39-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:b786eecbdf8499b9ca1d697215862083bd6d2a99965554781d0d8d1ad31e13a0"}, {file = "PyYAML-6.0.1-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:bc1bf2925a1ecd43da378f4db9e4f799775d6367bdb94671027b73b393a7c42c"}, + {file = "PyYAML-6.0.1-cp39-cp39-musllinux_1_1_x86_64.whl", hash = "sha256:04ac92ad1925b2cff1db0cfebffb6ffc43457495c9b3c39d3fcae417d7125dc5"}, {file = "PyYAML-6.0.1-cp39-cp39-win32.whl", hash = "sha256:faca3bdcf85b2fc05d06ff3fbc1f83e1391b3e724afa3feba7d13eeab355484c"}, {file = "PyYAML-6.0.1-cp39-cp39-win_amd64.whl", hash = "sha256:510c9deebc5c0225e8c96813043e62b680ba2f9c50a08d3724c7f28a747d1486"}, {file = "PyYAML-6.0.1.tar.gz", hash = "sha256:bfdf460b1736c775f2ba9f6a92bca30bc2095067b8a9d77876d1fad6cc3b4a43"}, @@ -737,6 +758,20 @@ urllib3 = ">=1.21.1,<3" socks = ["PySocks (>=1.5.6,!=1.5.7)"] use-chardet-on-py3 = ["chardet (>=3.0.2,<6)"] +[[package]] +name = "requests-toolbelt" +version = "1.0.0" +description = "A utility belt for advanced users of python-requests" +optional = false +python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" +files = [ + {file = "requests-toolbelt-1.0.0.tar.gz", hash = "sha256:7681a0a3d047012b5bdc0ee37d7f8f07ebe76ab08caeccfc3921ce23c88d5bc6"}, + {file = "requests_toolbelt-1.0.0-py2.py3-none-any.whl", hash = "sha256:cccfdd665f0a24fcf4726e690f65639d272bb0637b9b92dfd91a5568ccf6bd06"}, +] + +[package.dependencies] +requests = ">=2.0.1,<3.0.0" + [[package]] name = "rich" version = "13.5.2" @@ -860,4 +895,4 @@ zstd = ["zstandard (>=0.18.0)"] [metadata] lock-version = "2.0" python-versions = "^3.8" -content-hash = "c1f14dcf687d5cbb09bb2f7f727befd2c08cfeeb33bb30869046f6c24672807f" +content-hash = "d5eb79b57d3b767c9937f46d4f19c10cb0b0b634174d82f6cb7d412ceed77ac4" diff --git a/pyproject.toml b/pyproject.toml index d7601d5..2a95f13 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -24,6 +24,7 @@ appdirs = "^1.4.4" colorama = "^0.4.6" fire = "^0.5.0" typing-extensions = "^4.7.1" +requests-toolbelt = "^1.0.0" [tool.poetry.group.dev.dependencies] black = "^23.7.0" diff --git a/tests/core/test_api.py b/tests/core/test_api.py index 152a220..d7e7785 100644 --- a/tests/core/test_api.py +++ b/tests/core/test_api.py @@ -46,8 +46,20 @@ def test_api_object_request_strips_preceding_slash_from_url_path(self, mock_requ mock_request.assert_has_calls( [ - call("GET", "https://example.com/test/path", headers={"Content-Type": "application/json"}), - call("GET", "https://example.com/test/path", headers={"Content-Type": "application/json"}), + call( + "GET", + "https://example.com/test/path", + headers={"Content-Type": "application/json"}, + data=None, + files=None, + ), + call( + "GET", + "https://example.com/test/path", + headers={"Content-Type": "application/json"}, + data=None, + files=None, + ), ] ) @@ -60,7 +72,7 @@ def test_api_object_request_assigns_prefix_url(self, mock_request: MagicMock, *a api = API() api.request("GET", "path") mock_request.assert_called_once_with( - "GET", "https://example.com/test/path", headers={"Content-Type": "application/json"} + "GET", "https://example.com/test/path", headers={"Content-Type": "application/json"}, data=None, files=None ) def test_api_object_assigns_ssl_verify(self, *args, **kwargs): @@ -170,4 +182,4 @@ def test_api_object_assigns_cookies(self, *args, **kwargs): def test_request_does_not_override_form_data_content_type(self, mock_request: MagicMock, *args, **kwargs): api = API() api.request("GET", "/test", data="some-file") - mock_request.assert_called_once_with("GET", "https://example.com/test", data="some-file") + mock_request.assert_called_once_with("GET", "https://example.com/test", data="some-file", files=None)