Add option answer type and cvss module stub

Author: paul-ion

trainingportal/challenges.js

@@ -84,7 +84,6 @@ let init = async () => {
         let moduleDefinitions = getDefinitionsForModule(moduleId);
         var modulePath = getModulePath(moduleId);
         for(let level of moduleDefinitions){
-            challengeDefinitions.push(level);
             for(let challenge of level.challenges){
                 if(!util.isNullOrUndefined(challengeNames[challenge.id])){
                     throw new Error(`Duplicate challenge id: '${challenge.id}'!`);
@@ -206,6 +205,7 @@ let getChallengeDefinitions = async (moduleId) => {
 
     if(util.isNullOrUndefined(moduleId)) return [];    
     if(util.isNullOrUndefined(modules[moduleId])) return [];
+    if(!util.isNullOrUndefined(challengeDefinitions[moduleId])) return challengeDefinitions[moduleId];
 
     var modulePath = getModulePath(moduleId);
     var moduleDefinitions = getDefinitionsForModule(moduleId);
@@ -224,12 +224,17 @@ let getChallengeDefinitions = async (moduleId) => {
                 challenge.description = path.join(modulePath, description);
             }
             if(challenge.type === "quiz"){
-                challenge.question = qna.getCode(challenge.id);
+                if(util.isNullOrUndefined(challenge.options)){
+                    challenge.question = qna.getCode(challenge.id);
+                }
+                else if(!util.isNullOrUndefined(challenge.answer)){
+                    challenge.question = { "digest": qna.getDigest(challenge.answer)}
+                }
             }
         }
         returnChallenges.push(level);
     }
-        
+    challengeDefinitions[moduleId] = returnChallenges;    
     return returnChallenges;
 }
 
@@ -452,8 +457,8 @@ let apiChallengeCode = async (req) => {
     }
 
     let answer = null;
-    if(!util.isNullOrUndefined(req.body.answer)){
-        answer = req.body.answer.trim();
+    if(!util.isNullOrUndefined(req.body.answer) && typeof req.body.answer === "string"){
+        answer = req.body.answer.trim().toLowerCase();
     }
 
     if(util.isNullOrUndefined(challengeCode) || 

trainingportal/qna.js

@@ -25,8 +25,12 @@ let getSecretText = (challengeId) => {
   return secretText.toUpperCase();
 }
 
+let getDigest = (val) => {
+  return crypto.createHash('sha256').update(val.trim().toLowerCase() + masterSalt).digest('hex');
+}
+
 let getRes = (mes, code) => {
-  let digest = crypto.createHash('sha256').update(mes.trim()+masterSalt).digest('hex');
+  let digest = getDigest(mes);
   return res = {
     code:code,
     digest:digest, 
@@ -241,6 +245,7 @@ const DEFS = {
 module.exports = {
   DEFS,
   getCode,
+  getDigest,
   checkCode,
   xorOp
 }

trainingportal/static/challenges.html

@@ -74,24 +74,38 @@ <h4>Challenge</h4>
                                 The play link has been provided to you when solving the previous module or challenge. 
                                 If you have missed it read the challenge description carefully and try to figure out what it is.
                             </p>
-                            <div ng-if="challenge.question" class="alert alert-info" style="color: black;">
+                            <div ng-if="challenge.question.code" class="alert alert-info" style="color: black;">
                                 <textarea rows="10" readonly style="background-color: transparent; border: 0px; width: 100%">{{challenge.question.code}}</textarea> 
                             </div>
 
+                            <span ng-if="challenge.options">
+                                <div class="form-check" ng-repeat="op in challenge.options">
+                                    <input class="form-check-input option-{{challenge.id}}" type="radio" value="{{op.value}}" name="option" id="option-{{challenge.id}}-{{$index}}">
+                                    <label class="form-check-label" for="option-{{challenge.id}}-{{$index}}">
+                                        {{op.display}}
+                                    </label>
+                                </div>
+                            </span>
+
                             <span ng-if="!challenge.passed">
 
+                                <span ng-if="challenge.options">
+                                    <br>
+                                    <a ng-click="submitOption(challenge.id, challenge.question.digest)" class="btn btn-info btn-sm" role="button">Submit Answer</a>
+                                </span>
+
                                 <span ng-if="challenge.type !== 'quiz'">
                                     <p>
                                         Once you were able to complete the challenge you can generate a code which you can submit below.
                                     </p>
                                     <a ng-href="#!submitCode/{{moduleId}}/{{challenge.id}}/page/0" class="btn btn-info btn-sm" role="button">Submit Code</a>
                                 </span>
 
-                                <span ng-if="challenge.type === 'quiz'">
-                                    <p>
-                                        Once you were able to find the answer you can submit it below.
-                                    </p>
-                                    <a ng-href="#!submitCode/{{moduleId}}/{{challenge.id}}/quiz/{{challenge.question.digest}}" class="btn btn-info btn-sm" role="button">Submit Answer</a>
+                                <span ng-if="challenge.type === 'quiz' && !challenge.options">
+                                    <label for="answer-{{challenge.id}}">Answer:</label> &nbsp;
+                                    <input type="text" autocomplete="off" class="form-control" style="width: 100%;" id="answer-{{challenge.id}}" value=""/>
+                                    <br>
+                                    <a ng-click="submitAnswer(challenge.id, challenge.question.digest)" class="btn btn-info btn-sm" role="button">Submit Answer</a>                                
                                 </span>
 
                             </span>

trainingportal/static/challengesCtrl.js

@@ -24,6 +24,36 @@ app.controller("challengesCtrl", function($scope, $http, $routeParams) {
 
     }
 
+    $scope.submitOption = function(id, digest){
+        let answer = null;
+        let options = document.getElementsByClassName(`option-${id}`);
+        for(let op of options){
+            if(op.checked){
+                answer = op.value
+                break;
+            }
+        }
+        $scope.saveAnswer(answer,id,digest);   
+    }
+
+    $scope.submitAnswer = function(id, digest){
+        let answer = null;
+        let el = document.getElementById(`answer-${id}`);
+        if(el){
+            answer = el.value;
+        }
+        $scope.saveAnswer(answer,id,digest);
+    }
+
+    $scope.saveAnswer = function(answer, id, digest){
+        if(answer !== null){
+            localStorage.setItem("dojo.current.answer", answer);
+            localStorage.setItem("dojo.current.challenge", window.location.href);
+            window.location.href = `#!submitCode/${$scope.moduleId}/${id}/quiz/${digest}`;
+        }
+    }
+
+
     $scope.loadChallenges = function(){
         $http.get(`/challenges/${$scope.moduleId}`)
         .then(function(response) {

trainingportal/static/lessons/cvss/cvss_intro.md

@@ -0,0 +1,5 @@
+#### Agreeing on vulnerability severity
+
+The Common Vulnerability Scoring System (CVSS) is how we agree on vulnerability severity. 
+
+We need to agree on severity so we may prioritize investing our time and effort where it matters most.

trainingportal/static/lessons/cvss/cvss_intro.sol.md

@@ -0,0 +1,36 @@
+[
+    {
+        "level":0,
+        "name":"Vulnerability Investigator",
+        "challenges":[
+            {
+                "id":"cvss_intro",
+                "name":"About CVSS",
+                "description": "cvss_intro.md",
+                "solution": "cvss_intro.sol.md",
+                "type":"quiz",
+                "mission":"Choose the correct option",
+                "options":[
+                    {
+                        "display":"Confidentiality: High, Integrity: High, Availability: High",
+                        "value":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
+                    },
+                    {
+                        "display":"Confidentiality: High, Integrity: High, Availability: None",
+                        "value":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"
+                    },
+                    {
+                        "display":"Confidentiality: High, Integrity: None, Availability: None",
+                        "value":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"
+                    },
+                    {
+                        "display":"Confidentiality: None, Integrity: None, Availability: None",
+                        "value":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N"
+                    }
+                ],
+                "answer":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
+                "codeBlockIds":[]
+            }
+        ]
+    }
+]

trainingportal/static/lessons/cvss/definitions.json

@@ -14,6 +14,19 @@
         },
         "requiredModules":[]
     },
+    "cvss":{
+        "name":"Vulnerability Investigator",
+        "summary":"Understanding vulnerability severity",
+        "description":"This module covers the most important aspects of the Common Vulnerability Scoring System (CVSS)",
+        "description2": "Includes <TBD> lessons. Estimated duration 2 hours.",
+        "badgeInfo":{
+            "line1":"Secure Coding Dojo",
+            "line2":"Vulnerability Investigator",
+            "line3":"",
+            "bg":"darkorange"
+        },
+        "requiredModules":[]
+    },
     "cryptoBreaker":{
         "name":"Crypto Breaker - Part 1",
         "summary":"Introduction to Cryptography",

trainingportal/static/lessons/modules.json

@@ -6,24 +6,21 @@
     <h4 ng-if="challengeCodeValue === '0'">When you have solved the challenge, take the salt below to obtain the verification code.</h4>
     <br>
     <form autocomplete="off">
-        <div ng-if="challengeType === 'quiz'" class="form-group form-inline">
-            <label for="answer">Answer:</label> &nbsp;
-            <input type="text" autocomplete="off" class="form-control" style="width: 100%;" id="answer" value=""/>
-        </div>
-        <div ng-if="challengeCodeValue === '0'" class="form-group form-inline">
+        <div ng-if="challengeType !== 'quiz'" class="form-group form-inline">
             <label for="salt">Salt:</label> &nbsp;
             <input type="text" autocomplete="off" class="form-control" id="saltEl" value="{{salt}}"/>
             <button type="button" class="btn btn-default" onclick="document.getElementById('saltEl').select();document.execCommand('copy');">
                     <span class="oi oi-clipboard"></span>
             </button>
         </div>
-        <div ng-if="challengeCodeValue === '0'" class="form-group ">
+        <div ng-if="challengeType !== 'quiz'" class="form-group ">
             <label for="challengeCode">Challenge code:</label>        
             <input type="text" autocomplete="off" class="form-control" id="challengeCode">  
         </div>
     </form>
-    <button class="btn btn-primary" ng-click="submitAnswer()">Submit</button>
-    <button class="btn btn-secondary" onclick="window.history.back()">Back</button>
+    <button ng-if="challengeType !== 'quiz'" class="btn btn-primary" ng-click="submitAnswer()">Submit</button>
+    <button ng-if="challengeType !== 'quiz'" class="btn btn-secondary" onclick="window.history.back()">Back</button>
+    <button ng-if="challengeType === 'quiz'" class="btn btn-secondary" ng-click="goBack()">Back</button>
 
 
             <!-- Code Block Dialog -->

trainingportal/static/submitCode.html

@@ -19,6 +19,15 @@ app.controller("submitCodeCtrl", function($scope, $http, $routeParams) {
     $scope.init = function(){
         var challengeCodeValue = $routeParams.challengeCode;
         $scope.challengeType = $routeParams.challengeType;
+
+        let answerString = localStorage.getItem("dojo.current.answer");   
+
+        if(answerString){
+            localStorage.removeItem("dojo.current.answer");
+            $scope.answer = answerString;
+            $scope.submitAnswer()
+        }
+
         if(challengeCodeValue === '0'){ //this is the old style of challenge verification
             $http.get("/api/salt",window.getAjaxOpts())
             .then(function(response) {
@@ -37,13 +46,19 @@ app.controller("submitCodeCtrl", function($scope, $http, $routeParams) {
         $scope.isCodeErrorMessage = false;
     }
 
+    $scope.goBack = () => {
+        let challengeHref = localStorage.getItem("dojo.current.challenge"); 
+        if(challengeHref){
+            localStorage.removeItem("dojo.current.challenge");
+            window.location.href = challengeHref;
+        }
+    }
 
     $scope.submitAnswer = function(){
         var moduleId = $routeParams.moduleId;
         var challengeId = $routeParams.challengeId;
         var challengeType = $routeParams.challengeType;
-        var answerValue = "";
-        if(typeof answer !== "undefined") answerValue = answer.value;
+        var answerValue = $scope.answer
 
         var challengeCodeValue = "";
         if(typeof challengeCode !== "undefined"){