CTF 定義をページから分離して features/ctf モジュール群へ移動#19
Conversation
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 9576efb1bc
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
|
|
||
| const BASE64_CANDIDATE_PATTERN = /(?:[A-Za-z0-9+/]{4}){3,}(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?/g; | ||
| const HEX_CANDIDATE_PATTERN = /(?:0x)?(?:[0-9a-fA-F]{2}[\s:-]?){4,}/g; | ||
| const URL_ENCODED_PATTERN = /%(?:[0-9a-fA-F]{2})/g; |
There was a problem hiding this comment.
Group contiguous URL-encoded bytes
When the input contains a normal URL-encoded token such as %66%6c%61%67%7B...%7D, this pattern matches each %xx escape separately, so the detector returns many 3-character ranges and the suggested url-decode action only decodes one byte at a time. Any consumer that applies actions to the returned ranges cannot recover the full encoded flag/string; the regex should match a contiguous encoded run instead, e.g. one or more %HH groups.
Useful? React with 👍 / 👎.
|
確認しましたが、この PR は現状マージしません。 理由:
対応案:
|
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 0aadf764a3
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
|
|
||
| const BASE64_CANDIDATE_PATTERN = /(?:[A-Za-z0-9+/]{4}){3,}(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?/g; | ||
| const HEX_CANDIDATE_PATTERN = /(?:0x)?(?:[0-9a-fA-F]{2}[\s:-]?){4,}/g; | ||
| const URL_ENCODED_PATTERN = /(?:%[0-9a-fA-F]{2})+/g; |
There was a problem hiding this comment.
Include mixed URL-encoded runs
For URL-encoded strings that contain ordinary safe characters between escapes (for example %66%6c%61%67%7Bsample%7D), this regex still stops at sample, returning two detections instead of the full token. Fresh evidence beyond the earlier byte-grouping comment is that the new test expects this exact mixed string to be one range through input.length; with the current pattern, any consumer applying url-decode to the detected range cannot recover the complete flag.
Useful? React with 👍 / 👎.
Motivation
CtfPageに埋め込まれていた CTF の項目・変換・検出ルールを分離して責務を分け、今後 UI や設定から拡張しやすい構造にするため。Description
src/features/ctf/types.tsにCtfTransform/CtfDetector/CtfDetection/FlagPattern/CtfHintSectionなどを定義しました。src/features/ctf/transforms.tsとして分離し、各 transform はid/label/category/descriptionとrun(input, options)を持つ構造にしました(例:Base64, URL, Hex, ROT13)。src/features/ctf/detectors.tsとして分離し、検出はtype/confidence/range/recommendedActionsを返すように実装し、検出の重複を除去するロジックを追加しました(重なりの高いものを優先して一意化)。src/features/ctf/flagPatterns.tsのDEFAULT_FLAG_PATTERNSとして定義し、flag{...}/ctf{...}/HTB{...}/picoCTF{...}を用意して正規表現で管理可能にしました(buildFlagPatternRegexを提供)。src/features/ctf/hints.tsに移動し、src/pages/CtfPage.tsxはこれらのモジュールをインポートして表示するように更新しました。tests/ctfFeatures.test.tsを追加し、transform メタデータ・Base64 往復変換・初期 flag パターン・検出範囲・カスタムパターン受け入れを検証するテストを実装しました。Testing
npm run lintを実行してリンティングは成功しました。npm run buildを実行してビルドは成功しました。npx vitest runを実行してテストスイートは成功し、最終的に全58テストがパスしました(新規のtests/ctfFeatures.test.tsを含む)。Codex Task