Lucas Tesson

icon indicating an email [email protected]

icon company CTFer.io icon location Your servers icon location Ph.D. Student, cyberdefense engineer, CVSS SIG member, Gopher. @ctfer-io co-founder, working on CTFs infrastructures (as Code).

Results 17 issues of Lucas Tesson

Let's improve everything: less spaghetti code, scan algorithm and CI improvement, lighter binary

Hi, St******* told me about this repo. I saw Go. I was not able not to contribute. :smile: So here is my PR (he challenged me to do it the...

Undocumented and unauthenticated API notifications endpoint ?

3 comment

**Environment**: - CTFd Version/Commit: `2474d6000dcaa9bec64d40aebcb8b6818dbe629c`, version `3.5.2` - Operating System: Linux (6.1.27-1kali1 x86_64) - Web Browser and Version: `Firefox 102.10.0esr`, trusted not relevant here **What happened?** When reviewing the API...

Get List Challenges does not work

3 comment

**Environment**: - CTFd Version/Commit: 3.5.3 - Operating System: Linux - Web Browser and Version: N/A **What happened?** When querying challenges, none is returned whereas multiple exist. For instance, querying: ```bash...

API Tokens "won't be shown again" but not really

2 comment

**Environment**: - CTFd Version/Commit: `2474d6000dcaa9bec64d40aebcb8b6818dbe629c`, version `3.5.2`, trusted not relevant here - Operating System: Linux (6.1.27-1kali1 x86_64) - Web Browser and Version: `Firefox 102.10.0esr`, trusted not relevant here **What happened?**...

Clarify CVSS v2 and v3 capabilities

1 comment

Hey, SIG CVSS member and [github.com/pandatix/go-cvss](https://github.com/pandatix/go-cvss) maintainer. While looking at the [vulnerabilities_fixed_60_days](https://github.com/coreinfrastructure/best-practices-badge/blob/main/docs/criteria.md#vulnerabilities_fixed_60_days) details I though there should be improvements. > A vulnerability is considered medium or higher severity if its...

criteria-clarification

Invalid CVSS v2 environmental score computation

Still while fuzzing the implementation, I discovered that environmental scores were not computed properly, leading to invalid scores. For instance, the following Go code computes the three scores and prints...

Improper Input Validation in CVSS v2 parsing

While fuzzing this implementation, I discovered that some invalid inputs did not raise errors. This could be categorized as [CWE-20](https://cwe.mitre.org/data/definitions/20.html). For instance, the following Go code does not produce any...

Improper Input Validation in CVSS v3 parsing

While fuzzing this implementation, I discovered that some invalid inputs did not raise errors. This could be categorized as [CWE-20](https://cwe.mitre.org/data/definitions/20.html). For instance, the following Go code does not produce any...

ABNF grammar of Annex D and case-sensitivity

Hey, I echo to #664 and the discussions on the ABNF grammar described as part of SPDX v3.0. Given RFC 5234 Section 2.3 "Terminal Values": > ABNF strings are case...

Add CVSS v4.0 support, fix CVSS v2.0 invalid calculator link

6 comment

#### What type of PR is this? /kind feature /kind cleanup #### What this PR does / why we need it: FIRST.ORG SIG CVSS (which I'm part of) released CVSS...

cncf-cla: yes
size/M
kind/feature
needs-rebase
needs-ok-to-test
release-note-none
sig/release
kind/cleanup
area/release-eng
needs-priority