fix: deprecated checkout actions by niklashaug · Pull Request #192 · mniedermaier/CybICS

niklashaug · 2026-05-07T06:41:35Z

GitHub shows the following:

Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: actions/checkout@v4, actions/setup-python@v5. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Node.js 20 will be removed from the runner on September 16th, 2026.

I bumped the actions accordingly, let's see if the tests still run

Implements the update mechanism described in issue #3: - Python daemon polling http://update.cybics:8080 for firmware updates - MAC verification using MD5(secret || firmware) - vulnerable to Length Extension Attack - Flash via OpenOCD telnet (port 4444) - Docker container with entrypoint that generates a 16-byte MAC key on first run - CTF setup helper (generate_mac.py) - Integration into both software/docker-compose.yaml and .devcontainer/virtual/docker-compose.yml Co-authored-by: zierh <48314848+zierh@users.noreply.github.com> Agent-Logs-Url: https://github.com/niklashaug/CybICS/sessions/cfab9622-f941-46ac-b589-03acc5207742

Tests cover: - MAC verification (valid/invalid MAC, modified firmware, wrong secret) - Pure-Python MD5 Length Extension Attack proof (forges valid MAC without the secret) - save_firmware function - flash_via_openocd with mock OpenOCD TCP server - poll_for_update: happy path, 404, bad MAC, unreachable server - Docker image build, entrypoint key generation, generate_mac.py script Co-authored-by: zierh <48314848+zierh@users.noreply.github.com> Agent-Logs-Url: https://github.com/niklashaug/CybICS/sessions/ce8276a7-c2c6-45a1-a7f0-ca5e43cffd92

…ded.sh) - Add flash_firmware.sh: pipes OpenOCD program command via nc to the running OpenOCD telnet server, following the same shell-script pattern as flash_if_needed.sh in the stm32 container - Update Dockerfile to install netcat-openbsd and copy flash_firmware.sh - Replace raw Python socket/telnet code in update_daemon.py with a subprocess call to flash_firmware.sh - Add _SCRIPT_TIMEOUT_BUFFER constant for clarity; all 16 tests still pass Co-authored-by: zierh <48314848+zierh@users.noreply.github.com> Agent-Logs-Url: https://github.com/niklashaug/CybICS/sessions/136a9380-5004-431e-8cf2-252dc04cc859

Co-authored-by: zierh <48314848+zierh@users.noreply.github.com> Agent-Logs-Url: https://github.com/niklashaug/CybICS/sessions/719a51a4-17a1-43a7-b01a-33151f6d8506

…h_if_needed.sh)" This reverts commit 4b49cb3.

the url path '../OpenPLC_v3' could not be resolved on any other dev machine.

landing page was not reachable with network mode host

the docker socket under /var/run was not the one beeing used in NixOS. This prevented the use of docker to start the open-wrt container for the 'Time Travelers Update'-CTF challenge from inside the landing page container.

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

fix: tests in fork repositories

Fix/landing page availability

landing page was not reachable with network mode host

the docker socket under /var/run was not the one beeing used in NixOS. This prevented the use of docker to start the open-wrt container for the 'Time Travelers Update'-CTF challenge from inside the landing page container.

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

fix: CTF challenge lifecycle status

this failed on slower systems before.

fix: stm32 docker image build

+        firmware = f.read()
+    with open(key_path, "rb") as f:
+        secret = f.read()
+    return hashlib.md5(secret + firmware).hexdigest()


+    Intentionally vulnerable to Length Extension Attack because MD5 uses
+    the Merkle-Damgård construction.
+    """
+    expected = hashlib.md5(secret + firmware).hexdigest()


+def challenge_status(challenge_id):
+    """Get lifecycle status for a challenge"""
+    result, status_code = lifecycle_manager.get_status(challenge_id)
+    return jsonify(result), status_code


+def start_challenge_environment(challenge_id):
+    """Start lifecycle resources for a challenge"""
+    result, status_code = lifecycle_manager.start_challenge(challenge_id)
+    return jsonify(result), status_code


+def stop_challenge_environment(challenge_id):
+    """Stop lifecycle resources for a challenge"""
+    result, status_code = lifecycle_manager.stop_challenge(challenge_id)
+    return jsonify(result), status_code


+def challenge_status(challenge_id):
+    """Get lifecycle status for a challenge"""
+    result, status_code = lifecycle_manager.get_status(challenge_id)
+    return jsonify(result), status_code


+def start_challenge_environment(challenge_id):
+    """Start lifecycle resources for a challenge"""
+    result, status_code = lifecycle_manager.start_challenge(challenge_id)
+    return jsonify(result), status_code


+def start_challenge_environment(challenge_id):
+    """Start lifecycle resources for a challenge"""
+    result, status_code = lifecycle_manager.start_challenge(challenge_id)
+    return jsonify(result), status_code


+def stop_challenge_environment(challenge_id):
+    """Stop lifecycle resources for a challenge"""
+    result, status_code = lifecycle_manager.stop_challenge(challenge_id)
+    return jsonify(result), status_code


+def stop_challenge_environment(challenge_id):
+    """Stop lifecycle resources for a challenge"""
+    result, status_code = lifecycle_manager.stop_challenge(challenge_id)
+    return jsonify(result), status_code


frnzfk and others added 30 commits March 18, 2026 10:20

test

5e2a046

fix port allocation

2fa2ee2

change port in virtual

b50a169

fix: navigation to ctf challenges from within iframe

0c9c1ff

Merge branch 'fix-macos-docker-setup'

893ff82

Merge remote-tracking branch 'origin/fix-ctf-navigation'

04eb191

add draft for CTF challenge

ba5f5ba

Initial plan

92e3b49

Merge branch 'main' of github.com:niklashaug/CybICS

b43e3d1

Merge branch 'main' of github.com:niklashaug/CybICS

7266fa2

Add pyyaml to tests/requirements.txt for firmware-updater tests

6e571af

Co-authored-by: zierh <48314848+zierh@users.noreply.github.com> Agent-Logs-Url: https://github.com/niklashaug/CybICS/sessions/719a51a4-17a1-43a7-b01a-33151f6d8506

Revert "Refactor flashing to use flash_firmware.sh (analogous to flas…

e1df6f1

…h_if_needed.sh)" This reverts commit 4b49cb3.

draft: add lifecycle status controls to challenge

9639fd3

draft: test lifecycle for ids ctf

2fd23fe

draft: show setup container as floating banner

3df4bb1

add openwrt dockerfile

22ea468

add tap interfaces

a960163

draft: aktueller stand mit qemu (bäääh)

196dc17

per ssh erreichbar

2f91e3b

refactor lifecycle process to use profile instead of service ids

8693f60

add fastapi firmware update server

66eaf0c

change int network name

6c1fb9b

debug commit

c67972e

add router test

0a3bb97

update hints regarding update machnism analysis step

0d6fdc8

Merge branch 'mniedermaier:main' into main

5b773c0

router jetzt gateway

6daeafe

niklashaug and others added 28 commits April 30, 2026 14:32

rm legacy /landing/scripts folder from Dockerfile

ada8c75

fix: use remote submodule url instead of local path

d6d75ec

the url path '../OpenPLC_v3' could not be resolved on any other dev machine.

fix: landing page availability

fc52d87

landing page was not reachable with network mode host

fix: use correct host docker socket in container

207c01a

the docker socket under /var/run was not the one beeing used in NixOS. This prevented the use of docker to start the open-wrt container for the 'Time Travelers Update'-CTF challenge from inside the landing page container.

add fallback for XDG_RUNTIME_DIR

07a9064

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

fix: add proper fallback for XDG_RUNTIME_DIR

cdbca8e

add polling for lifecycle status in CTF challenge

178d373

improve lifecycle starting healthcheck

b54fd97

perform proper router cleanup to avoid stale docker network ids

09891f1

remove test-router script

43cde94

remove openwrt test container

6a9c414

make Docker Hub login optional

cbb42e1

Merge pull request #16 from niklashaug/fix-tests-in-fork-repositories

8314a98

fix: tests in fork repositories

Merge pull request #14 from niklashaug/fix/landing-page-availability

d30f332

Fix/landing page availability

skip building & pushing docker images in fork repositories

3476021

make Docker Hub login optional

7a533e2

fix: landing page availability

f39a190

landing page was not reachable with network mode host

fix: use correct host docker socket in container

3b93dda

the docker socket under /var/run was not the one beeing used in NixOS. This prevented the use of docker to start the open-wrt container for the 'Time Travelers Update'-CTF challenge from inside the landing page container.

add fallback for XDG_RUNTIME_DIR

9a9439d

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

fix: add proper fallback for XDG_RUNTIME_DIR

bf81a63

Merge pull request #15 from niklashaug/fix-challenge-lifecycle-status

7fbc61e

fix: CTF challenge lifecycle status

add zephyr build step to stm32 Dockerfile

b6bf42d

adjust Zephyr SDK installation

cf4d8fc

set platform to linux/amd64 for stm32 compose

0f277f5

fix: increase startup timeouts

b910e2c

this failed on slower systems before.

Merge pull request #17 from niklashaug/fix-stm32-build

bcf62b4

fix: stm32 docker image build

bump actions/checkout to v6

786bdfa

bump actions/setup-python to v6

ec8b9d2

niklashaug closed this May 7, 2026

github-advanced-security AI found potential problems May 7, 2026

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix: deprecated checkout actions#192

fix: deprecated checkout actions#192
niklashaug wants to merge 71 commits into
mniedermaier:mainfrom
niklashaug:fix-deprecated-checkout-actions

niklashaug commented May 7, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants

Conversation

niklashaug commented May 7, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants