Skip to content

Commit

Permalink
kernelCTF: add metadata schema v3 (exploits structure change)
Browse files Browse the repository at this point in the history
  • Loading branch information
koczkatamas committed Sep 17, 2023
1 parent 093b8fd commit 7e10b04
Show file tree
Hide file tree
Showing 2 changed files with 106 additions and 1 deletion.
105 changes: 105 additions & 0 deletions kernelctf/metadata.schema.v3.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,105 @@
{
"$id": "https://google.github.io/security-research/kernelctf/metadata.schema.v3.json",
"$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "kernelCTF submission metadata",
"type": "object",
"required": ["$schema", "submission_ids", "vulnerability", "exploits"],
"properties": {
"$schema": {
"const": "https://google.github.io/security-research/kernelctf/metadata.schema.v3.json"
},
"submission_ids": {
"description": "Identifier(s) of the submission(s). Can be found on the public kernelCTF spreadsheet (https://docs.google.com/spreadsheets/d/e/2PACX-1vS1REdTA29OJftst8xN5B5x8iIUcxuK6bXdzF8G1UXCmRtoNsoQ9MbebdRdFnj6qZ0Yd7LwQfvYC2oF/pubhtml?gid=2095368189) after a valid flag was submitted via the submission form.",
"type": "array",
"uniqueItems": true,
"items": {
"type": "string",
"pattern": "^exp[0-9]+$"
}
},
"vulnerability": {
"type": "object",
"required": ["patch_commit", "cve", "affected_versions", "requirements"],
"properties": {
"summary": {
"type": "string",
"description": "Short, one line summary of the vulnerability"
},
"patch_commit": {
"type": "string",
"pattern": "^https://git.kernel.org/pub/scm/linux/kernel/git/(torvalds|stable)/linux.git/commit/"
},
"cve": {
"type": "string",
"pattern": "^CVE-[0-9]{4}-[0-9]{4,5}$"
},
"affected_versions": {
"description": "Linux kernel versions affected by the vulnerability, inclusive range.",
"type": "array",
"uniqueItems": true,
"items": {
"type": "string",
"pattern": "^[0-9]+(\\.[0-9]+)+(-rc[0-9]+)? - [0-9]+(\\.[0-9]+)+(-rc[0-9]+)?$"
}
},
"requirements": {
"type": "object",
"required": ["attack_surface", "capabilities", "kernel_config"],
"properties": {
"attack_surface": {
"type": "array",
"uniqueItems": true,
"items": {
"enum": ["userns", "io_uring"]
}
},
"capabilities": {
"type": "array",
"uniqueItems": true,
"items": {
"type": "string",
"pattern": "^CAP_"
}
},
"kernel_config": {
"type": "array",
"uniqueItems": true,
"items": {
"type": "string",
"pattern": "^CONFIG_"
}
}
}
},
"syzkaller_reference": {
"pattern": "^https://syzkaller.appspot.com/"
}
}
},
"exploits": {
"type": "object",
"additionalProperties": false,
"patternProperties": {
"^((lts-[0-9]+.[0-9]+(\\.[0-9]+)?)|(mitigation-[0-9]+\\.[0-9]+(\\.[0-9]+)?)|(cos-[0-9]{2,}-[0-9]+\\.[0-9]+\\.[0-9]+)|extra-.*)$": {
"type": "object",
"required": ["uses", "requires_separate_kaslr_leak", "stability_notes"],
"properties": {
"uses": {
"type": "array",
"uniqueItems": true,
"items": { "enum": ["userns", "io_uring"] }
},
"requires_separate_kaslr_leak": {
"type": "boolean",
"description": "Whether the exploit requires a separate KASLR leak or KASLR bruteforce."
},
"stability_notes": {
"type": "string",
"description": "Notes on the stability of the exploit. How percentage the exploit can get the flag or how many times needs to be run on average to get the flag (e.g. 90%, 50%, or needs to be run 10 times to get the flag once)."
}
}
}
}
}
}
}
2 changes: 1 addition & 1 deletion kernelctf/rules.md
Original file line number Diff line number Diff line change
Expand Up @@ -263,7 +263,7 @@ The structure of this submission folder should be:

* `metadata.json`

* Required, structured metadata information following [this JSON schema (version 2)](metadata.schema.v2.json).
* Required, structured metadata information following [this JSON schema (version 2)](metadata.schema.v3.json).

* `docs/vulnerability.md`

Expand Down

0 comments on commit 7e10b04

Please sign in to comment.