From 2c6e06bea5d8da1c7fd6d968010c77eb6729c481 Mon Sep 17 00:00:00 2001
From: ts <thomashaw@localhost.localdomain>
Date: Thu, 2 Aug 2018 12:48:50 +0100
Subject: [PATCH] SecGen function: add directory (creates directory + any
 parent directories using mkdir -p)

---
 .../puppet/secgen_functions/manifests/create_directory.pp   | 6 ++++++
 .../secgen_functions/manifests/install_setgid_binary.pp     | 6 +++---
 .../manifests/install_setuid_root_binary.pp                 | 6 +++---
 .../setgid_pwnable_binary_example.xml                       | 4 +---
 .../setuid_pwnable_binary_example.xml                       | 4 +---
 5 files changed, 14 insertions(+), 12 deletions(-)
 create mode 100644 modules/build/puppet/secgen_functions/manifests/create_directory.pp

diff --git a/modules/build/puppet/secgen_functions/manifests/create_directory.pp b/modules/build/puppet/secgen_functions/manifests/create_directory.pp
new file mode 100644
index 000000000..51eb1c6c0
--- /dev/null
+++ b/modules/build/puppet/secgen_functions/manifests/create_directory.pp
@@ -0,0 +1,6 @@
+define secgen_functions::create_directory($path){
+  exec  { "secgen_create_directory_$path":
+    path => '/bin:/sbin:/usr/bin:/usr/sbin',
+    command => "mkdir -p $path"
+  }
+}
diff --git a/modules/build/puppet/secgen_functions/manifests/install_setgid_binary.pp b/modules/build/puppet/secgen_functions/manifests/install_setgid_binary.pp
index c37df825d..dbaeeb7dd 100644
--- a/modules/build/puppet/secgen_functions/manifests/install_setgid_binary.pp
+++ b/modules/build/puppet/secgen_functions/manifests/install_setgid_binary.pp
@@ -41,9 +41,9 @@ define secgen_functions::install_setgid_binary (
   }
 
   # Create challenge directory
-  file { "create_$challenge_directory":
+  ::secgen_functions::create_directory { "create_$challenge_directory":
     path => $challenge_directory,
-    ensure => directory,
+    notify => File["create_$compile_directory"],
   }
 
   # Move contents of the module's files directory into compile directory
@@ -58,7 +58,7 @@ define secgen_functions::install_setgid_binary (
   exec { "gcc_$challenge_name-$compile_directory":
     cwd     => $compile_directory,
     command => "/usr/bin/make",
-    require => File["create_$challenge_directory", "create_$compile_directory"]
+    require => File["create_$compile_directory"]
   }
 
   # Move the compiled binary into the challenge directory
diff --git a/modules/build/puppet/secgen_functions/manifests/install_setuid_root_binary.pp b/modules/build/puppet/secgen_functions/manifests/install_setuid_root_binary.pp
index e801725d3..f0b4a842d 100644
--- a/modules/build/puppet/secgen_functions/manifests/install_setuid_root_binary.pp
+++ b/modules/build/puppet/secgen_functions/manifests/install_setuid_root_binary.pp
@@ -39,9 +39,9 @@ define secgen_functions::install_setuid_root_binary (
   $modules_source = "puppet:///modules/$source_module_name"
 
   # Create challenge directory
-  file { "create_$challenge_directory":
+  ::secgen_functions::create_directory { "create_$challenge_directory":
     path => $challenge_directory,
-    ensure => directory,
+    notify => File["create_$compile_directory"],
   }
 
   # Move contents of the module's files directory into compile directory
@@ -56,7 +56,7 @@ define secgen_functions::install_setuid_root_binary (
   exec { "gcc_$challenge_name-$compile_directory":
     cwd     => $compile_directory,
     command => "/usr/bin/make",
-    require => [File["create_$challenge_directory", "create_$compile_directory"], Package['build-essential', 'gcc-multilib']]
+    require => [File["create_$compile_directory"], Package['build-essential', 'gcc-multilib']]
   }
 
   # Move the compiled binary into the challenge directory
diff --git a/scenarios/examples/ctf_challenge_examples/setgid_pwnable_binary_example.xml b/scenarios/examples/ctf_challenge_examples/setgid_pwnable_binary_example.xml
index 7d7b029a3..1adb30094 100644
--- a/scenarios/examples/ctf_challenge_examples/setgid_pwnable_binary_example.xml
+++ b/scenarios/examples/ctf_challenge_examples/setgid_pwnable_binary_example.xml
@@ -9,8 +9,6 @@
 		<system_name>group_challenges</system_name>
 		<base platform="linux" type="server"/>
 
-		<!--TODO: use same pattern for all type=".*pwnable_binary" -->
-
 		<!-- 1) Default uses an account and drops the binary in the users home directory -->
 		<vulnerability type="pwnable_binary">
           <input into="group">
@@ -27,7 +25,7 @@
             <!--<value/>-->
           <!--</input>-->
           <!--<input into="storage_directory">-->
-            <!--<value>/home</value>-->
+            <!--<value>/test/hidden/challenges</value>-->
           <!--</input>-->
         <!--</vulnerability>-->
 
diff --git a/scenarios/examples/ctf_challenge_examples/setuid_pwnable_binary_example.xml b/scenarios/examples/ctf_challenge_examples/setuid_pwnable_binary_example.xml
index 53414f1de..321cf904c 100644
--- a/scenarios/examples/ctf_challenge_examples/setuid_pwnable_binary_example.xml
+++ b/scenarios/examples/ctf_challenge_examples/setuid_pwnable_binary_example.xml
@@ -9,8 +9,6 @@
 		<system_name>reverse_me</system_name>
 		<base platform="linux" type="server"/>
 
-		<!--TODO: use same pattern for all type=".*pwnable_binary" -->
-
 		<!-- 1) Default uses an account and drops the binary in the users home directory
 				(username/pw: challenges/password) -->
 		<vulnerability type="pwnable_binary"/>
@@ -21,7 +19,7 @@
             <!--<value/>-->
           <!--</input>-->
           <!--<input into="storage_directory">-->
-            <!--<value>/home</value>-->
+            <!--<value>/test/hidden/challenges</value>-->
           <!--</input>-->
         <!--</vulnerability>-->