nsec · MOBergeron · May 26, 2026 · May 26, 2026
diff --git a/ctf/commands/check.py b/ctf/commands/check.py
@@ -52,5 +52,5 @@ def check(
     # Check if Git LFS is installed on the system as it will be required for deployment.
     if not check_git_lfs():
         LOG.warning(
-            msg="Git LFS is missing from  your system. Install it before deploying."
+            "Git LFS is missing from  your system. Install it before deploying."
         )
diff --git a/ctf/commands/deploy.py b/ctf/commands/deploy.py
@@ -121,7 +121,7 @@ def deploy(
     # Check if Git LFS is installed on the system as it is required for deployment.
     if not check_git_lfs():
         LOG.critical(
-            msg="Git LFS is missing from  your system. Install it before deploying."
+            "Git LFS is missing from  your system. Install it before deploying."
         )
         exit(1)
 
@@ -376,18 +376,14 @@ def deploy(
             and (track_index := int(track_index))
             and 0 < track_index <= len(tracks_list)
         ):
-            LOG.info(
-                msg=f"Running `incus project switch {tracks_list[track_index - 1]}`"
-            )
+            LOG.info(f"Running `incus project switch {tracks_list[track_index - 1]}`")
             subprocess.run(
                 args=["incus", "project", "switch", tracks_list[track_index - 1].name],
                 check=True,
                 env=ENV,
             )
         elif track_index:
-            LOG.warning(
-                msg=f"Could not switch project, unrecognized input: {track_index}."
-            )
+            LOG.warning(f"Could not switch project, unrecognized input: {track_index}.")
 
 
 def terraform_apply(

diff --git a/ctf/commands/destroy.py b/ctf/commands/destroy.py
@@ -3,6 +3,7 @@
 
 import typer
 from pydantic import ValidationError
+from rich.prompt import Confirm
 from typing_extensions import Annotated
 
 from ctf import ENV
@@ -109,7 +110,7 @@ def destroy(
         project_list = list((projects - terraform_tracks))
         if len(project_list) == 0:
             LOG.critical(
-                msg="No project to switch to. This should never happen as the default should always exists."
+                "No project to switch to. This should never happen as the default should always exists."
             )
             exit(1)
 
@@ -178,13 +179,22 @@ def destroy(
         )
     }
 
+    network_zones = {
+        Track(name=network_zone["name"])
+        for network_zone in json.loads(
+            s=subprocess.run(
+                args=["incus", "network", "zone", "list", "--format=json"],
+                check=False,
+                capture_output=True,
+                env=ENV,
+            ).stdout.decode()
+        )
+    }
+
     for module in terraform_tracks:
         if module in projects:
             LOG.warning(f"The project {module.name} was not destroyed properly.")
-            if (
-                force
-                or (input("Do you want to destroy it? [Y/n] ").lower() or "y") == "y"
-            ):
+            if force or Confirm.ask("Do you want to destroy it?", default=True):
                 subprocess.run(
                     args=["incus", "project", "delete", module.name, "--force"],
                     check=False,
@@ -194,13 +204,8 @@ def destroy(
                 )
 
         if (tmp_module_name := module.name[:15]) in networks:
-            LOG.warning(
-                msg=f"The network {tmp_module_name} was not destroyed properly."
-            )
-            if (
-                force
-                or (input("Do you want to destroy it? [Y/n] ").lower() or "y") == "y"
-            ):
+            LOG.warning(f"The network {tmp_module_name} was not destroyed properly.")
+            if force or Confirm.ask("Do you want to destroy it?", default=True):
                 subprocess.run(
                     args=["incus", "network", "delete", tmp_module_name],
                     check=False,
@@ -212,19 +217,38 @@ def destroy(
             tmp_module := Track(name=f"{module.name}-default")
         ) in network_acls:
             LOG.warning(
-                msg=f"The network ACL {tmp_module.name} was not destroyed properly."
+                f"The network ACL {tmp_module.name} was not destroyed properly."
             )
-            if (
-                force
-                or (input("Do you want to destroy it? [Y/n] ").lower() or "y") == "y"
-            ):
+            if force or Confirm.ask("Do you want to destroy it?", default=True):
                 subprocess.run(
                     args=["incus", "network", "acl", "delete", tmp_module.name],
                     check=False,
                     capture_output=True,
                     env=ENV,
                 )
 
+    if Track(name="ctf") in network_zones:
+        LOG.warning('The network zone "ctf" was not destroyed properly.')
+        if force or Confirm.ask("Do you want to destroy it?", default=True):
+            subprocess.run(
+                args=["incus", "network", "zone", "delete", "ctf"],
+                check=False,
+                capture_output=True,
+                env=ENV,
+            )
+
+    if Track(name="simulated-production-acl") in network_acls:
+        LOG.warning(
+            'The network ACL "simulated-production-acl" was not destroyed properly.'
+        )
+        if force or Confirm.ask("Do you want to destroy it?", default=True):
+            subprocess.run(
+                args=["incus", "network", "acl", "delete", "simulated-production-acl"],
+                check=False,
+                capture_output=True,
+                env=ENV,
+            )
+
     remove_tracks_from_terraform_modules(
         tracks=terraform_tracks,
         remote=remote,

diff --git a/ctf/commands/flags.py b/ctf/commands/flags.py
@@ -1,7 +1,6 @@
 import csv
 import io
 import json
-import os
 from enum import StrEnum
 
 import rich
@@ -39,16 +38,16 @@ def flags(
 ) -> None:
     distinct_tracks: set[Track] = set()
 
-    for entry in os.listdir(
+    for entry in (
         challenges_directory := (find_ctf_root_directory() / "challenges")
-    ):
+    ).iterdir():
         if (track_directory := challenges_directory / entry).is_dir() and (
             track_directory / "track.yaml"
         ).exists():
             if not tracks:
-                distinct_tracks.add(Track(name=entry))
-            elif entry in tracks:
-                distinct_tracks.add(Track(name=entry))
+                distinct_tracks.add(Track(name=entry.name))
+            elif entry.name in tracks:
+                distinct_tracks.add(Track(name=entry.name))
 
     flags = []
     for track in distinct_tracks:

diff --git a/ctf/commands/new.py b/ctf/commands/new.py
@@ -70,7 +70,7 @@ def new(
     LOG.info(f"Creating a new track: {name}")
     if not re.match(pattern=r"^[a-z][a-z0-9\-]{0,61}[a-z0-9]$", string=name):
         LOG.critical(
-            msg="""The track name Valid instance names must fulfill the following requirements:
+            """The track name Valid instance names must fulfill the following requirements:
 * The name must be between 1 and 63 characters long;
 * The name must contain only letters, numbers and dashes from the ASCII table;
 * The name must not start with a digit or a dash;
@@ -136,17 +136,17 @@ def new(
                 "with_virtual_machine": with_virtual_machine,
             }
         )
-        with open(
-            (p := new_challenge_directory / "track.yaml"), mode="w", encoding="utf-8"
+        with (p := new_challenge_directory / "track.yaml").open(
+            mode="w", encoding="utf-8"
         ) as f:
             f.write(render)
 
         LOG.debug(f"Wrote {p}.")
 
         readme_template = env.get_template(name=os.path.join("common", "README.md.j2"))
         render = readme_template.render(data={"name": name})
-        with open(
-            (p := new_challenge_directory / "README.md"), mode="w", encoding="utf-8"
+        with (p := new_challenge_directory / "README.md").open(
+            mode="w", encoding="utf-8"
         ) as f:
             f.write(render)
 
@@ -159,17 +159,16 @@ def new(
 
         track_template = env.get_template(name=os.path.join("common", "topic.yaml.j2"))
         render = track_template.render(data={"name": name})
-        with open(
-            (p := posts_directory / f"{name}.yaml"), mode="w", encoding="utf-8"
+        with (p := posts_directory / f"{name}.yaml").open(
+            mode="w", encoding="utf-8"
         ) as f:
             f.write(render)
 
         LOG.debug(f"Wrote {p}.")
 
         track_template = env.get_template(name=os.path.join("common", "post.yaml.j2"))
         render = track_template.render(data={"name": name})
-        with open(
-            (p := os.path.join(posts_directory, f"{name}_flag1.yaml")),
+        with (p := posts_directory / f"{name}_flag1.yaml").open(
             mode="w",
             encoding="utf-8",
         ) as f:
@@ -205,8 +204,8 @@ def new(
                 "is_windows": template == Template.WINDOWS_VM,
             }
         )
-        with open(
-            (p := terraform_directory / "main.tf"), mode="w", encoding="utf-8"
+        with (p := terraform_directory / "main.tf").open(
+            mode="w", encoding="utf-8"
         ) as f:
             f.write(render)
 
@@ -243,8 +242,8 @@ def new(
                 "with_virtual_machine": with_virtual_machine,
             }
         )
-        with open(
-            (p := ansible_directory / "deploy.yaml"), mode="w", encoding="utf-8"
+        with (p := ansible_directory / "deploy.yaml").open(
+            mode="w", encoding="utf-8"
         ) as f:
             f.write(render)
 
@@ -264,8 +263,8 @@ def new(
                 data={"name": name, "with_build": with_build_container}
             )
 
-            with open(
-                (p := ansible_directory / "build.yaml"), mode="w", encoding="utf-8"
+            with (p := ansible_directory / "build.yaml").open(
+                mode="w", encoding="utf-8"
             ) as f:
                 f.write(render)
             LOG.debug(f"Wrote {p}.")
@@ -279,8 +278,8 @@ def new(
                 "is_windows": template == Template.WINDOWS_VM,
             }
         )
-        with open(
-            (p := ansible_directory / "inventory"), mode="w", encoding="utf-8"
+        with (p := ansible_directory / "inventory").open(
+            mode="w", encoding="utf-8"
         ) as f:
             f.write(render)
 
@@ -296,8 +295,7 @@ def new(
                 os.path.join(Template.APACHE_PHP, "index.php.j2")
             )
             render = track_template.render(data={"name": name})
-            with open(
-                (p := ansible_challenge_directory / "index.php"),
+            with (p := ansible_challenge_directory / "index.php").open(
                 mode="w",
                 encoding="utf-8",
             ) as f:
@@ -310,17 +308,15 @@ def new(
                 os.path.join(Template.PYTHON_SERVICE, "app.py.j2")
             )
             render = track_template.render(data={"name": name})
-            with open(
-                (p := ansible_challenge_directory / "app.py"),
+            with (p := ansible_challenge_directory / "app.py").open(
                 mode="w",
                 encoding="utf-8",
             ) as f:
                 f.write(render)
 
             LOG.debug(f"Wrote {p}.")
 
-            with open(
-                (p := ansible_challenge_directory / "flag-1.txt"),
+            with (p := ansible_challenge_directory / "flag-1.txt").open(
                 mode="w",
                 encoding="utf-8",
             ) as f:
@@ -341,8 +337,7 @@ def new(
                 os.path.join(Template.RUST_WEBSERVICE, "Cargo.toml.j2")
             )
             render = manifest_template.render(data={"name": name})
-            with open(
-                (p := ansible_challenge_directory / "Cargo.toml"),
+            with (p := ansible_challenge_directory / "Cargo.toml").open(
                 mode="w",
                 encoding="utf-8",
             ) as f: