bnadarevic / ctfnotetaker Goto Github PK

I am not sure if its possible, but it would be nice to have a restart command, for easier restarts when updating code.

Detect if the bot didn't start correctly,
There are 3 cases that I know of.

1. Socket didn't connect properly in which case get buffer is spammed,
2. weird HTS bug we had before
3. relogged too quick and it throws an error about name in use, / name not being registered.
   There may be other cases.
   For case 3, perhaps have a backup name option, or automatically append underscores

If the bot did not start correctly, call restart() in admin commands, or move restart to a utility file.

Suggestion:
When other people login, have bot tell them how many new notes there are since they left, so we would have to log time since they last logged in, and timestamp of each note. Also there should be a configuration parameter to disable it per person (blacklist), or alternatively a whitelist.

Very low priority.
Add fuzzing to challenge names to prevent minor typos.

Medium Priority
Have some setting for what the currently active ctf is, and allow admins to set it through commands.
Have all commands that require CTF assume that the CTF is the active ctf if it is not given.

Allow privileged users to perform some basic math /encoding operations.
Operations such as:
Decode RSA, Encode RSA, Extended Euclidean Algorithm, Encode/Decode Base64 , hex encode/decode
(More can be added later)

DB Whitelist for who can perform the commands, as they may be operation heavy.

Allow users to delete their own notes, by note ID. (Hence the -v option on read)
Create an admin command to delete a challenge, and a separate command to delete a particular note.

because its exported in such manner that values are separated by comma
More complex fix than just replacing separator with some other random value.

Many files have unneccesary imports,
such as all commands having socket imported, when none of them require it. These unneccessary imports should be removed.

We should add commands to export a ctf to an external SQL file, and another command to import SQL from a file, and add that ctf to the system. This way we can store our old ctf notes easily, and I personally would like to use it to provide links to algorithmns for common functions in different languages.

#23 #5 #24

Add an admin command for creating a note, under any alias.
This is intended for use in adding a 'ctf' for algorithms, and having a link to each algorithm which is language specific. (so Java would be the contributor in one case)

This would also check to make sure the user is not a registered user in the permission db, so an admin can't fake notes as another user. (This would require that everyone in the permission system be registered on the channel)

Add support for multiple channels.
This will require a check that if the public parameter is added to a command, that it only works if command is used in a main channel, not a PM.

Add a system so that we can add aliases programatically to commands.
I.e. add a DB table with one column for Command name, second column for list of valid aliases.
Goal here is that:
~restart, ~reload, ~update all do the same thing as ~restart, without us manually doing or statements for each option.

Create a permission system in SQL, where each user is assigned to one of three ranks (More detailed tiers can be added later)
Permission tiers:
Master/Admin
Moderator - Delete anyones notes, run mathematics commands
User - Regular user

Moderators and Admins have to be added by admins.
We can then also restrict commands to permission tier. (As opposed to blanket permissions for all admin commands if admin)

Create corresponding commands to add more tiers.

.help sends message to user in a PM, each cmd with its own line.
.read displays user who created note
.add creates chalname if it doesn't exist.
if note: isn't included, don't add to db, reply with messaging they must add note:

Include setting for current CTF (I.e. its ongoing), and then have any command that needs a parameter default to it if not specified.

Make commands not delimited by space, by maybe by a comma. Perhaps in format .add(,, ) and allow people to use , as escape char. <---- This will make everything else alot easier imo, as there will be note: requirement, ctf name can have space, chalname matching will be ezr.

Allow a user to delete notes they created, create a whitelist of "bot-admins" that can delete anyones notes.

As a final thing, we can try fuzzing for Chalnames to correct basic typos.

We need to make a global variable file which sets s,c,and conn so we dont have to pass it around everywhere. Only files in the Utilities package and CTFNoteTaker.py should ever directly access s,c,conn, every single other function should use a wrapper in Utilities.

When you PM the bot, have the bot reply in a PM, not the channel.
(Do this for all commands, not just admin commands)

MAKE BOT SUPPORT SSL

Log all commands and output to a log file.

We need better looking output. (Look at lemons output for an example)
For commands that return multiple columns from db, we should add a feature at the top that pads them all, and shows the column names at top.

Currently Socket.send(), regardless of how many sends, appears to send first 512 bytes quickly, then waits a second or two, then continues sending the rest slowly. It would be far more convenient if it could send all output all at once, or to increase send size for whole application / specific areas. This may not be possible to fix.