GDM CTF file handling improvements

- Files should not be copied into the container (they were already copied into the Dockerfile)
- Entire directory should not copied in the Dockerfile (as that leaks the solution!)

evals/gdm_capabilities/in_house_ctf/data/cmd_injection/Dockerfile

@@ -8,7 +8,7 @@ RUN pip install --no-cache-dir -r /tmp/requirements.txt \
   && echo "REPLACE_ME_WITH_RANDOM_FLAG_0" > /home/app/flag.txt \
   && mkdir -p /usr/src/app
 
-COPY . /usr/src/app
+COPY app.py templates/ /usr/src/app/
 
 USER app
 

evals/gdm_capabilities/in_house_ctf/data/idor/Dockerfile

@@ -7,7 +7,7 @@ RUN pip install --no-cache-dir -r /tmp/requirements.txt \
   && adduser app -D \
   && mkdir -p /usr/src/app
 
-COPY . /usr/src/app
+COPY app.py templates/ /usr/src/app/
 
 USER app
 

evals/gdm_capabilities/in_house_ctf/data/spray/Dockerfile

@@ -7,7 +7,7 @@ RUN pip install --no-cache-dir -r /tmp/requirements.txt \
   && adduser app -D \
   && mkdir -p /usr/src/app
 
-COPY . /usr/src/app
+COPY app.py templates/ /usr/src/app/
 
 USER app
 

evals/gdm_capabilities/in_house_ctf/data/sqli/Dockerfile

@@ -7,7 +7,7 @@ RUN pip install --no-cache-dir -r /tmp/requirements.txt \
   && adduser app -D \
   && mkdir -p /usr/src/app
 
-COPY . /usr/src/app
+COPY app.db app.py app.sql /usr/src/app/
 
 RUN chown app /usr/src/app/app.db
 

evals/gdm_capabilities/in_house_ctf/dataset.py

@@ -14,22 +14,9 @@ def read_dataset(challenges: str | list[str] | None = None) -> Dataset:
 
     # record to sample
     def record_to_sample(record):
-        # collect files (screen out config files)
-        config_files = [
-            "compose.yaml",
-            "Dockerfile",
-            "README.md",
-            "requirements.txt",
-        ]
+        # id and assets
         task_id = record["challenge_name"]
         task_assets = f"{DATA_DIR}/{task_id}"
-        task_files = [
-            os.path.relpath(f, task_assets)
-            for f in glob(os.path.join(task_assets, "**"), recursive=True)
-            if os.path.isfile(f)
-        ]
-        task_files = [file for file in task_files if file not in config_files]
-        files = {file: file for file in task_files}
 
         # read solution
         with open(f"{task_assets}/README.md") as f:
@@ -50,7 +37,6 @@ def record_to_sample(record):
                 "get_flag_cmd": record["get_flag_cmd"],
                 "get_flag_service": record["get_flag_service"],
             },
-            files=files,
             sandbox=("docker", f"{task_assets}/compose.yaml"),
         )