add: commit on db before sending event on redis

backend/app.py

@@ -241,6 +241,7 @@ async def set_status(data: Dict[str, str|int|None], db: DBSession):
     config = Configuration.model_validate(config.model_dump() | data)
     await config.write_on_db()
     config.PASSWORD_HASH = "********" if config.PASSWORD_HASH else None
+    await db.commit()
     await redis_conn.publish(redis_channels.config, "update")
     return {"status": ResponseStatus.OK, "message": "The configuration has been updated", "response": config.model_dump()}
 

backend/routes/clients.py

@@ -24,6 +24,7 @@ async def client_new_or_edit(data: ClientAddForm, db: DBSession):
                 set_=json_like(data)
             ).returning(Client)
     )).one()
+    await db.commit()
     await redis_conn.publish(redis_channels.client, "update")
     return { "message": "Client created/updated successfully", "response": client }
 
@@ -47,6 +48,7 @@ async def client_delete_hashed_or_uuid(client_id: ClientID, db: DBSession):
     if not result:
         raise HTTPException(404, "Client not found")
 
+    await db.commit()
     await redis_conn.publish(redis_channels.client, "update")
     return { "message": "Client deleted successfully", "response": json_like(result, unset=True) }
 
@@ -55,5 +57,6 @@ async def client_edit(client_id: UnHashedClientID, data: ClientEditForm, db: DBS
     client = (await db.scalars(sqla.update(Client).values(json_like(data)).where(Client.id == client_id).returning(Client))).one_or_none()
     if not client:
         raise HTTPException(404, "Client not found")
+    await db.commit()
     await redis_conn.publish(redis_channels.client, "update")
     return { "message": "Client updated successfully", "response": json_like(client, unset=True) }

backend/routes/exploits.py

@@ -58,7 +58,7 @@ async def exploit_new_or_edit(data: ExploitAddForm, db: DBSession):
                 set_={ k: v for k, v in data.db_data().items() if k != "created_by" }
         ).returning(Exploit)
     )).one()
-
+    await db.commit()
     await redis_conn.publish(redis_channels.exploit, "update")
     return { "message": "Exploit created/updated successfully", "response": json_like(exploit, unset=True) }
 
@@ -79,7 +79,7 @@ async def exploit_delete(exploit_id: ExploitID, db: DBSession):
         file_path = os.path.join(EXPLOIT_SOURCES_DIR, f"{source.hash}.tar.gz")
         if os.path.exists(file_path):
             os.remove(file_path)
-
+    await db.commit()
     await redis_conn.publish(redis_channels.exploit, "update")
     return { "message": "Exploit deleted successfully", "response": json_like(exploit, unset=True) }
 
@@ -102,7 +102,7 @@ async def exploit_edit(exploit_id: ExploitID, data: ExploitEditForm, db: DBSessi
 
     if not result:
         raise HTTPException(404, "Exploit not found")
-
+    await db.commit()
     await redis_conn.publish(redis_channels.exploit, "update")
     return { "message": "Exploit updated successfully", "response": json_like(result, unset=True) }
 
@@ -149,6 +149,7 @@ async def attack_exec_commit(parsed_data: Dict[str, str]) -> int:
         return len(flags)
 
     results = await asyncio.gather(*[attack_exec_commit(data) for data in [ele.db_data() for ele in data]])
+    await db.commit()
     if trigger_exploit_update:
         await redis_conn.publish(redis_channels.exploit, "update")
     await redis_conn.publish(redis_channels.attack_execution, "update")
@@ -186,6 +187,7 @@ async def exploit_submit_manual(data: ManualSubmitForm, db: DBSession):
                 .returning(Flag)
         )).all()
 
+    await db.commit()
     await redis_conn.publish(redis_channels.attack_execution, "update")
     return { "message": "Attack results submitted successfully", "response": { "flags": len(flags) } }
 
@@ -241,6 +243,8 @@ async def new_exploit_source(
             final_file_path = os.path.join(EXPLOIT_SOURCES_DIR, f"{hash_id}.tar.gz")
             if not os.path.exists(final_file_path):
                 shutil.move(temp_file.name, final_file_path)
+
+    await db.commit()
     await redis_conn.publish(redis_channels.exploit_source, "update")
     return { "message": "Exploit Source pushed correctly", "response": expl_src.id }
 
@@ -284,6 +288,8 @@ async def delete_exploit_source(source_id: ExploitSourceID, db: DBSession):
         if ele.id == source_id:
             await db.delete(ele)
             break
+
+    await db.commit()
     await redis_conn.publish(redis_channels.exploit_source, "update")
     return { "message": "Source deleted successfully", "response": source_id }
 
@@ -295,5 +301,6 @@ async def edit_exploit_source(source_id: ExploitSourceID, data: ExploitSourcePus
     )).one_or_none()
     if source_metadata is None:
         raise HTTPException(404, "Source file not found")
+    await db.commit()
     await redis_conn.publish(redis_channels.exploit_source, "update")
     return { "message": "Exploit source updated successfully", "response": json_like(source_metadata, unset=True) }

backend/routes/services.py

@@ -18,6 +18,7 @@ async def service_new(data: ServiceAddForm, db: DBSession):
             .values(json_like(data))
             .returning(Service)
     )).one()
+    await db.commit()
     await redis_conn.publish(redis_channels.service, "update")
     return { "message": "Service created successfully", "response": service }
 
@@ -31,6 +32,7 @@ async def service_delete(service_id: ServiceID, db: DBSession):
     )).one_or_none()
     if not service:
         raise HTTPException(404, "Service not found")
+    await db.commit()
     await redis_conn.publish(redis_channels.service, "update")
     return { "message": "Service deleted successfully", "response": service }
 
@@ -44,5 +46,6 @@ async def service_edit(service_id: ServiceID, data: ServiceEditForm, db: DBSessi
     )).one_or_none()
     if not service:
         raise HTTPException(404, "Service not found")
+    await db.commit()
     await redis_conn.publish(redis_channels.service, "update")
     return { "message": "Service updated successfully", "response": service }

backend/routes/submitters.py

@@ -43,7 +43,7 @@ async def new_submitter(data: SubmitterAddForm, db: DBSession):
         .returning(Submitter)
     )).one()
     submitter.model_validate(submitter)
-
+    await db.commit()
     await redis_conn.publish(redis_channels.submitter, "update")
     return { "message": "The submitter has been created", "response": json_like(submitter, unset=True)}
 
@@ -117,6 +117,7 @@ async def update_submitter(submitter_id: SubmitterID, data: SubmitterEditForm, d
         .values(json_like(data))
         .returning(Submitter)
     )).one()
+    await db.commit()
     await redis_conn.publish(redis_channels.submitter, "update")
     return { "message": "The submitter has been updated", "response": json_like(submitter, unset=True)}
 
@@ -136,6 +137,7 @@ async def delete_submitter(submitter_id: SubmitterID, db: DBSession):
         raise HTTPException(404, "Submitter not found")
 
     await db.delete(submitter)
+    await db.commit()
     await redis_conn.publish(redis_channels.submitter, "update")
     return { "message": "The submitter has been deleted", "response": json_like(submitter, unset=True)}
 

backend/routes/teams.py

@@ -24,13 +24,15 @@ async def team_new(data: List[TeamAddForm], db: DBSession):
 async def team_delete_list(data: List[TeamID], db: DBSession):
     stsm = sqla.delete(Team).where(Team.id.in_(data)).returning(Team)
     teams = (await db.scalars(stsm)).all()
+    await db.commit()
     await redis_conn.publish(redis_channels.submitter, "update")
     return { "message": "Teams deleted successfully", "response": json_like(teams, unset=True) }
 
 @router.delete("/{team_id}", response_model=MessageResponse[TeamDTO])
 async def team_delete(team_id: TeamID, db: DBSession):
     stmt = sqla.delete(Team).where(Team.id == team_id).returning(Team)
     team = (await db.scalars(stmt)).one()
+    await db.commit()
     await redis_conn.publish(redis_channels.submitter, "update")
     return { "message": "Team deleted successfully", "response": json_like(team, unset=True) }
 
@@ -45,6 +47,7 @@ async def team_edit_list(data: List[TeamEditForm], db: DBSession):
     ]
     teams = [o.one_or_none() for o in await asyncio.gather(*[db.scalars(ele) for ele in updates_queries])]
     teams = [team for team in teams if team is not None]
+    await db.commit()
     await redis_conn.publish(redis_channels.submitter, "update")
     return { "message": "Teams updated successfully", "response": json_like(teams, unset=True) }
 

backend/skio.py

@@ -59,6 +59,7 @@ async def check_exploits_disabled():
                 elif current_status != ExploitStatus.disabled and expl.id in disabled_exploits:
                     disabled_exploits.remove(expl.id)
             if trigger_update:
+                await db.commit()
                 await redis_conn.publish(redis_channels.exploit, "update")
             await asyncio.sleep(5)
 

backend/submitter.py

@@ -202,6 +202,7 @@ async def submit_flags():
             updated = (await db.scalars(stmt)).all()
             if len(updated) > 0:
                 logging.warning(f"{len(updated)} flags have been timeouted by FLAG_TIMEOUT")
+                await db.commit()
                 await redis_conn.publish(redis_channels.attack_execution, "update")
 
         flags_to_submit = (
@@ -220,6 +221,7 @@ async def submit_flags():
         logging.info(f"Submitting {len(flags_to_submit)} flags")
         print(datetime_now(), f"Submitting {len(flags_to_submit)} flags")
         status = await run_submit_routine(flags_to_submit)
+        await db.commit()
         await err_warn_event_update()
 
         g.last_submission = time.time()

tests/xploit_test/config.toml

@@ -3,4 +3,4 @@ name = "xploit_test"
 interpreter = "python3"
 run = "main.py"
 language = "python"
-service = "2e0a6092-5fd3-41f8-8d29-f93083c66f3c"
+service = "4fccde4a-d591-4903-835a-55afaab913fd"