Skip to content

Commit

Permalink
kernelCTF: add metadata schema v2
Browse files Browse the repository at this point in the history
  • Loading branch information
@koczkatamas
koczkatamas committed Jul 31, 2023
1 parent 75123ed commit 4bef77e
Show file tree
Hide file tree
Showing 2 changed files with 107 additions and 1 deletion.
106 changes: 106 additions & 0 deletions kernelctf/metadata.schema.v2.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,106 @@
{
"$id": "https://google.github.io/security-research/kernelctf/metadata.schema.v1.json",
"$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "kernelCTF submission metadata",
"type": "object",
"required": ["$schema", "submission_id", "vulnerability", "exploits"],
"properties": {
"$schema": {
"const": "https://google.github.io/security-research/kernelctf/metadata.schema.v1.json"
},
"submission_ids": {
"description": "Identifier(s) of the submission(s). Can be found on the public kernelCTF spreadsheet (https://docs.google.com/spreadsheets/d/e/2PACX-1vS1REdTA29OJftst8xN5B5x8iIUcxuK6bXdzF8G1UXCmRtoNsoQ9MbebdRdFnj6qZ0Yd7LwQfvYC2oF/pubhtml?gid=2095368189) after a valid flag was submitted via the submission form.",
"type": "array",
"uniqueItems": true,
"items": {
"type": "string",
"pattern": "^exp[0-9]+$"
}
},
"vulnerability": {
"type": "object",
"required": ["patch_commit", "cve", "affected_versions", "requirements"],
"properties": {
"summary": {
"type": "string",
"description": "Short, one line summary of the vulnerability"
},
"patch_commit": {
"type": "string",
"pattern": "^https://git.kernel.org/pub/scm/linux/kernel/git/(torvalds|stable)/linux.git/commit/"
},
"cve": {
"type": "string",
"pattern": "^CVE-[0-9]{4}-[0-9]{4,5}$"
},
"affected_versions": {
"description": "Linux kernel versions affected by the vulnerability, inclusive range.",
"type": "array",
"uniqueItems": true,
"items": {
"type": "string",
"pattern": "^[0-9]+(\\.[0-9]+)+(-rc[0-9]+)? - [0-9]+(\\.[0-9]+)+(-rc[0-9]+)?$"
}
},
"requirements": {
"type": "object",
"required": ["attack_surface", "capabilities", "kernel_config"],
"properties": {
"attack_surface": {
"type": "array",
"uniqueItems": true,
"items": {
"enum": ["userns", "io_uring"]
}
},
"capabilities": {
"type": "array",
"uniqueItems": true,
"items": {
"type": "string",
"pattern": "^CAP_"
}
},
"kernel_config": {
"type": "array",
"uniqueItems": true,
"items": {
"type": "string",
"pattern": "^CONFIG_"
}
}
}
},
"syzkaller_reference": {
"pattern": "^https://syzkaller.appspot.com/"
}
}
},
"exploits": {
"type": "array",
"items": {
"type": "object",
"required": ["environment", "stability_notes"],
"properties": {
"environment": {
"type": "string",
"pattern": "^((lts-[0-9]+.[0-9]+(\\.[0-9]+)?)|(mitigation-[0-9]+\\.[0-9]+(\\.[0-9]+)?)|(cos-[0-9]{2,}-[0-9]+\\.[0-9]+\\.[0-9]+))$"
},
"uses": {
"type": "array",
"uniqueItems": true,
"items": { "enum": ["userns", "io_uring"] }
},
"requires_separate_kaslr_leak": {
"type": "boolean",
"description": "Whether the exploit requires a separate KASLR leak or KASLR bruteforce."
},
"stability_notes": {
"type": "string",
"description": "Notes on the stability of the exploit. How percentage the exploit can get the flag or how many times needs to be run on average to get the flag (e.g. 90%, 50%, or needs to be run 10 times to get the flag once)."
}
}
}
}
}
}
2 changes: 1 addition & 1 deletion kernelctf/rules.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -257,7 +257,7 @@ The structure of this submission folder should be:

* `metadata.json`

* Required, structured metadata information following [this JSON schema](metadata.schema.v1.json).
* Required, structured metadata information following [this JSON schema (version 2)](metadata.schema.v2.json).

* `docs/vulnerability.md`

Expand Down

0 comments on commit 4bef77e

Please sign in to comment.