Help detecting and containing a reflection attack for EC for my students

So, I created a script to grade some programming submissions that didn’t fit inside of our auto-grading framework. It worked, but I have found a race condition and a security vulnerability. I’d like to have a way to detect which students can figure out the vulnerability and exploit it so we can give them some extra credit.

Here is what I have now. I did this in 2 hours, so don’t be too harsh now.

#!/bin/bash
rm -rf cs1122
mkdir cs1122
ls cs1122/
cp submissions.zip cs1122/
cd cs1122 || exit
unzip submissions.zip &> /dev/null

ls *.java | while read -r i
   do
   BASENAME="$(echo "$i" | cut -d_ -f 1)"
   if [ -d "testdir-$BASENAME" ]
      then
      continue
   fi
   mkdir  "testdir-$BASENAME"
   mv "$BASENAME"* "testdir-$BASENAME"/
   cd "testdir-$BASENAME" || exit
   ls *.java | while read -r file
      do
     mv "$file" "$(echo "$file" | cut -d_ -f 4)" &> /dev/null
   done;
   rename 's/-[0-9]*//' ./*.java &> /dev/null
   rm -f Sort.java SortInterface.java
   ln -rs ../../Sort.java Sort.java
   ln -rs ../../SortInterface.java SortInterface.java
   javac -cp /usr/share/java/junit4.jar ./*.java &>> report.txt
   jar -cvfe toGrade.jar *.class &>> report.txt
   java -cp /usr/share/java/junit4.jar:toGrade.jar:. org.junit.runner.JUnitCore SortTest &>> report.txt
   cd ..
done;

have them just write comments in the code so they understand it (if they do at all), those who do will be able to find the exploit. Then just have them submit the source file.