Complete Challenges Locally

You can clone challenges locally on your workstation and use your own tools to run, test and fix them. You can then push your changes to start server side testing and get the score.

Local development setup

We can run and test a challenge app directly on our own machine. SecDim supports two ways of running the challenge locally:

  • Using the Docker container

  • Using the host machine

By using the container, all the required app’s dependencies will be automatically installed.

By using the host, you need to manually install the app’s required dependencies.

You can decide which method you prefer to use. We recommend using the container method as it is more convenient and faster.

This guide assumes you run Linux or MacOS. If you are running Windows, please first follow Installing Docker on Windows.

Cloning the challenge

Start any challenge and click on the clone button on the top right. You can either clone from a terminal using the SSH link (git clone <ssh link>) or use the button to clone the challenge in the cloud-based Visual Studio Code.

Before being able to clone the repository, you need to have a SSH key added to your SecDim ID.

clone

Setting up your SSH Key

Adding a SSH public key to your SecDim ID will allow you to git clone challenges locally. You can then run, debug, test and push your code.

Run the following command to generate and add a SSH Public Key to your SecDim account.

bash -c "$(curl -sSfL https://raw.githubusercontent.com/secdim/play-setup-script/main/setup.sh)"

If you successfully added your SSH key using the above command, you can skip the following section, otherwise, follow it to add your SSH key manually.

Add or Update a SSH key manually

To add or update your SSH key, login to SecDim ID and go to https://id.secdim.com/account/sshkey.

Follow the instructions given to generate a default pair of SSH keys or copy your default ssh public key to your account.

  • Generate a pair of default SSH keys ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519

  • Copy the contents of your default SSH public key cat ~/.ssh/id_ed25519.pub

  • Paste the content of your SSH public key in the space given in your https://id.secdim.com/account/sshkey settings

  • Click Save to ensure your SSH Key is properly registered with your SecDim ID.

Test SSH connection

To test, run ssh -T git@game.secdim.com and you should see your username and the connection will be closed immediately.

$ ssh -T git@game.secdim.com
Hi there, <your username>! You ve successfully authenticated with the key named <name>...

The above output means you have setup SSH correctly.

For SSH troubleshooting, please refer to SSH Troubleshooting

Quick start

Run the following command to quickly setup your workstation. It will add a SSH public key to your SecDim ID and then install docker, make, and git.

bash -c "$(curl -sSfL https://raw.githubusercontent.com/secdim/play-setup-script/main/setup.sh)"

If the above command failed, follow the following section to install required tools on your workstation.

Install Required Tools

For most challenge you only need docker, git (available by default on OSX and most Linux distros) and make (available by default on OSX and most Linux distros)

Using the Docker container

To use the dockerized app, we need to install the following tools:

  1. Docker

  2. Make

  3. Git

After installing them, we can start working on the challenge. From the terminal the following commands will be available:

  1. make build: Build the app.

  2. make test: Run usability tests

  3. make securitytest: Run security tests. These tests will fail.

  4. make run: Run the program

  5. make push: Shortcut for git add . && git commit -m 'security fix' && git push

After a few seconds your commit will show up in the challenge’s commit page and testing will start. If server side tests pass, you will get the score for the challenge.

While tests are running on the server, run make status to get the test outcome from the server in your terminal.

To speed up the debugging process run make debug to get a shell from the container. This will volume maps src directory to the container. Anytime you change any file, you can use the shell to run and test. e.g. python main.py or pytest

Using host

  1. Install the required language (e.g. python) and the package manager (e.g. pip).

  2. Go to src/ and install the app’s dependencies, e.g. run pip install -r requirements for python.

  3. Use your own IDE to open src directory.

  4. Address the security vulnerability.

  5. Run and test the program, i.e. pytest or python manage.py test for python.

  6. Run usability and security tests to check if your patch has addressed the vulnerability.

  7. make push: Shortcut for git add . && git commit -m 'security fix' && git push

  8. After a few seconds your commit will show up in the challenge’s commit page and testing will start.

  9. If server side tests pass, you will get the score for the challenge.

Important notes

  1. Push only to master branch. This is a default branch.

  2. All tests will be overwritten on the server.

  3. You cannot install new dependencies. Solve the challenge using your own solution.

Installing Docker on Windows

Docker is required to run SecDim’s secure coding challenges locally. Follow the steps below to install Docker on Windows.

Prerequisites

Before installing Docker, ensure your system meets the following requirements:

  • Windows 10 (Pro, Enterprise, or Education) or Windows 11 (Pro, Enterprise, or Education)

  • Windows Subsystem for Linux 2 (WSL 2) enabled

  • Virtualisation enabled in BIOS

  • At least 4GB of RAM

Docker Installation

  1. Download Docker Desktop Go to the official Docker website and download Docker Desktop for Windows: https://www.docker.com/products/docker-desktop

  2. Install Docker Desktop

    • Run the downloaded installer (Docker Desktop Installer.exe).

    • Follow the installation wizard and select the WSL 2 based engine option when prompted.

    • Click Install and wait for the process to complete.

  3. Enable WSL 2 (if not already enabled) If you haven’t enabled WSL 2, follow these steps:

    • Open PowerShell as Administrator and run: powershell wsl --install

    • Restart your computer if required.

  4. Start Docker Desktop

    • Open Docker Desktop from the Start menu.

    • Wait for it to initialise. The Docker icon should appear in the system tray.

  5. Verify Installation Open PowerShell or Command Prompt and run: docker --version`