So, I created a script to grade some programming submissions that didn’t fit inside of our auto-grading framework. It worked, but I have found a race condition and a security vulnerability. I’d like to have a way to detect which students can figure out the vulnerability and exploit it so we can give them some extra credit.
Here is what I have now. I did this in 2 hours, so don’t be too harsh now.
#!/bin/bash
rm -rf cs1122
mkdir cs1122
ls cs1122/
cp submissions.zip cs1122/
cd cs1122 || exit
unzip submissions.zip &> /dev/null
ls *.java | while read -r i
do
BASENAME="$(echo "$i" | cut -d_ -f 1)"
if [ -d "testdir-$BASENAME" ]
then
continue
fi
mkdir "testdir-$BASENAME"
mv "$BASENAME"* "testdir-$BASENAME"/
cd "testdir-$BASENAME" || exit
ls *.java | while read -r file
do
mv "$file" "$(echo "$file" | cut -d_ -f 4)" &> /dev/null
done;
rename 's/-[0-9]*//' ./*.java &> /dev/null
rm -f Sort.java SortInterface.java
ln -rs ../../Sort.java Sort.java
ln -rs ../../SortInterface.java SortInterface.java
javac -cp /usr/share/java/junit4.jar ./*.java &>> report.txt
jar -cvfe toGrade.jar *.class &>> report.txt
java -cp /usr/share/java/junit4.jar:toGrade.jar:. org.junit.runner.JUnitCore SortTest &>> report.txt
cd ..
done;