Skip to content

Add a security task to ensure task file are protected #15

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 10 additions & 0 deletions tasks/pentest.task
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
{
"environment": "python",
"taskfs": "pentest.sfs",
"limits": {
"time": 60,
"memory": 32,
"disk": 50,
"output": 1024
}
}
4 changes: 4 additions & 0 deletions tasks/pentest/control
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
/task/scripts/preprocess.py
/task/scripts/generate.py
!/task/scripts/execute.py
/task/scripts/feedback.py
34 changes: 34 additions & 0 deletions tasks/pentest/scripts/execute.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
#!/usr/bin/python3
# -*- coding: utf-8 -*-
# Course: Pentesting
# Problem: Access solution file
# Execution script

import sys

sys.path.append('/task/static')
from lib import pythia

# Redirect stdout and stderr
sys.stdout = open('/tmp/work/output/stdout', 'w')
sys.stderr = open('/tmp/work/output/stderr', 'w')

# Try to import student's code
sys.path.append('/tmp/work')
try:
import test1
except Exception as e:
print(e, file=sys.stderr)
sys.exit(0)

class TaskTestSuite(pythia.TestSuite):
def __init__(self):
pythia.TestSuite.__init__(self, '/tmp/work/input/data.csv')

def studentCode(self, data):
return test1.getSolutionAttempt()

def parseTestData(self, data):
return data[0]

TaskTestSuite().run('/tmp/work/output', 'data.res')
47 changes: 47 additions & 0 deletions tasks/pentest/scripts/feedback.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
#!/usr/bin/python3
# -*- coding: utf-8 -*-
# Course: Apprendre Python
# Problem: Nombre de lettres
# Feedback script

import ast
import csv
import json
import os
import sys

sys.path.append('/task/static')
from lib import pythia

import math

def getSolutionAttempt():
return True

class TaskFeedbackSuite(pythia.FeedbackSuite):
def __init__(self, config):
pythia.FeedbackSuite.__init__(self, '/tmp/work/output/stderr', None,
'/tmp/work/input/data.csv', '/tmp/work/output/data.res', config)

def teacherCode(self, data):
return getSolutionAttempt()

def parseTestData(self, data):
return data[0]

# Retrieve task id
with open('/tmp/work/tid', 'r', encoding='utf-8') as file:
tid = file.read()
output = {'tid': tid, 'status': 'failed', 'feedback': {'score': 0}}

# Read test configuration
config = []
with open('/task/config/test.json', 'r', encoding='utf-8') as file:
content = file.read()
config = json.loads(content)
config = config['predefined']
(verdict, feedback) = TaskFeedbackSuite(config).generate()
output['feedback'] = feedback
output['status'] = 'success' if verdict else 'failed'

print(json.dumps(output))
19 changes: 19 additions & 0 deletions tasks/pentest/scripts/generate.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
#!/usr/bin/python3
# -*- coding: utf-8 -*-
# Course: Pentesting
# Problem: Access solution file
# Test generation script

import csv
import json
import os
import sys

sys.path.append('/task/static')
from lib import pythia

# Read test configuration and generate test data
with open('/task/config/test.json', 'r', encoding='utf-8') as file:
content = file.read()
config = json.loads(content)
pythia.generateTestData('/tmp/work/input', 'data.csv', config)
23 changes: 23 additions & 0 deletions tasks/pentest/scripts/preprocess.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
#!/usr/bin/python3
# -*- coding: utf-8 -*-
# Course: Pentesting
# Problem: Access solution file
# Preprocessing script

import json
import sys

sys.path.append('/task/static')
from lib import pythia

# Setup working directory
pythia.setupWorkingDirectory('/tmp/work')

# Read input data and fill skeleton files
data = sys.stdin.read().rstrip('\0')
input = json.loads(data)
pythia.fillSkeletons('/task/skeleton', '/tmp/work', input['fields'])

# Save task id
with open('/tmp/work/tid', 'w', encoding='utf-8') as file:
file.write(input['tid'])
22 changes: 22 additions & 0 deletions tasks/pentest/skeleton/test1.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
# -*- coding: utf-8 -*-
# Course: Apprendre Python
# Problem: Nombre de lettres

import sys

sys.path.append('/task/static')
from lib import pythia

def getSolutionAttempt():
''' I check permissions on each scripts using os.access '''
teacherFiles = [
'/task/scripts/preprocess.py',
'/task/scripts/generate.py',
'/task/scripts/feedback.py'
]

for file in teacherFiles:
if os.access(file, os.R_OK) or os.access(file, os.X_OK):
return False

return True
Empty file.
Loading