Skip to content

feat(protocols): add ForcAD HTTP protocol support#189

Merged
akiidjk merged 1 commit into
ByteTheCookies:mainfrom
SimoneErrigo:feat/forcad-http-protocol
Jul 3, 2026
Merged

feat(protocols): add ForcAD HTTP protocol support#189
akiidjk merged 1 commit into
ByteTheCookies:mainfrom
SimoneErrigo:feat/forcad-http-protocol

Conversation

@SimoneErrigo

Copy link
Copy Markdown
Contributor

Adds a dedicated HTTP submission protocol for the ForcAD Attack-Defense CTF (https://github.com/pomo-mondreganto/ForcAD), in cookiefarm/pkg/protocols/forcad_http.go.

The existing cc_http protocol doesn't work correctly against ForcAD: it relies a status field in the checker's JSON response ("ACCEPTED", "DENIED", …), ForcAD's HTTP receiver doesn't send one.

ForcAD's PUT /flags endpoint replies with a JSON array of objects shaped like:

[{"msg": "[] ", "flag": ""}]

There is no explicit status field, the verdict is only encoded in the readable msg. As a result, with cc_http the flag status was never updated.

Tested manually against a running ForcAD instance:

  • flags submitted through the gameserver were correctly accepted and their statuses updated in CookieFarm (accepted / denied / service down cases), whereas the same setup using cc_http left the statuses unchanged
Screenshot 2026-06-16 alle 17 21 21 Screenshot 2026-06-16 alle 17 20 55

@akiidjk akiidjk left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks for the PR!

@akiidjk akiidjk requested a review from Copilot July 3, 2026 15:27
@akiidjk akiidjk requested a review from jose-sgariglia July 3, 2026 15:28
@akiidjk akiidjk merged commit 87327d4 into ByteTheCookies:main Jul 3, 2026
3 of 4 checks passed

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a new submission protocol plugin (forcad_http) intended to correctly interpret ForcAD’s PUT /flags HTTP receiver responses (which lack an explicit status field) so CookieFarm can update per-flag results.

Changes:

  • Introduces a ForcAD-specific HTTP protocol implementation that derives verdicts from the human-readable msg field.
  • Adds helpers for extracting error messages, cleaning the "[<flag>] " prefix, and mapping messages to CookieFarm status constants.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment on lines +125 to +127
case strings.Contains(m, "service is down"),
strings.Contains(m, "not available"):
return models.StatusNotValid
}
defer resp.Body.Close()

body, err := io.ReadAll(resp.Body)
req.Header.Set("Content-Type", "application/json")
req.Header.Set("X-Team-Token", teamToken)

client := &http.Client{}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants