From c698e50f84ab204afdec43ded7b757b5e83fc2d6 Mon Sep 17 00:00:00 2001 From: sagarishere <5121817+sagarishere@users.noreply.github.com> Date: Tue, 24 Jan 2023 22:11:51 +0200 Subject: [PATCH] Improved checking for import, moved removeComments Improved checking of imports and moved removeComments to separate function, clearly explaining that it's limited to javascript type of comments. --- js/tests/test.mjs | 28 +++++++++++++++++++--------- 1 file changed, 19 insertions(+), 9 deletions(-) diff --git a/js/tests/test.mjs b/js/tests/test.mjs index c41770fab5..0d83765132 100644 --- a/js/tests/test.mjs +++ b/js/tests/test.mjs @@ -149,17 +149,27 @@ ${tests.trim()};`.trim() } const loadAndSanitizeSolution = async () => { - const path = `${solutionPath}/${name}.js` - const rawCode = await read(path, "student solution") - - // this is a very crude and basic removal of comments - // since checking code is only use to prevent cheating - // it's not that important if it doesn't work 100% of the time. - const code = rawCode.replace(/\/\*[\s\S]*?\*\/|\/\/.*/g, "").trim() - if (code.includes("import")) fatal("import keyword not allowed") - return { code, rawCode, path } + try { + const path = `${solutionPath}/${name}.js` + const rawCode = await read(path, "student solution") + const sanitizedCode = removeComments(rawCode) + + if (sanitizedCode.includes("import ")) { // space is important as it prevents "imported" or "importance" or other words containing "import" + throw new Error("The use of the 'import' keyword is not allowed.") + } + return { code: sanitizedCode, rawCode, path } + } catch (error) { + console.error(error) + } } +const removeComments = (code) => { + // removes JS single line and multi-line comments only. Not for bash files etc. + // for use with multiple file-types, I suggest writing a removeComments function with language-type as input and then handling accordingly + return code.replace(/\/\*[\s\S]*?\*\/|\/\/.*/g, "").trim() +} + + const runTests = async ({ url, path, code }) => { const { setup, tests } = await import(url).catch(err => fatal(`Unable to execute ${name}, error:\n${stackFmt(err, url)}`),