search

CodeGrade / bottlenose

CS assignment / grade mangement system
GNU Affero General Public License v3.0
40 stars 21 forks source link

Feature: ability to fetch files from lib/assets #274

Closed williams-jack closed 2 months ago

williams-jack commented 1 year ago

Problem Description

We should be able to access publicly available (e.g., tester.jar, checkstyle.rkt, etc.) files from Bottlenose. These

Solution

Additional Notes

Initially was thought allowing any file in lib/assets with introduce a directory traversal vulnerability, however Rails seems to auto-magically collapse ../ into just /.

Linked Issue

273

williams-jack commented 1 year ago

Logic is sound; abstract out test and controller logic into helper (for each).