search

inducer / relate

RELATE is an Environment for Learning And TEaching
http://documen.tician.de/relate
Other
383 stars 118 forks source link

Student code can wreak havoc on global Python state #324

Open inducer opened 7 years ago

inducer commented 7 years ago

In autograded questions, students have write access to the entirety of the Python interpreter, so they can muck it up as they please. (Such as by overwriting parts of numpy, matplotlib, whatever.) This can then lead to grading code crashes.

inducer commented 7 years ago

It's not obvious that a good solution to this exists. Perhaps force student code through a linter...?

inducer commented 7 years ago

https://gitlab.tiker.net/teaching/cs357-s17/issues/81

lukeolson commented 7 years ago

This one is a problem for us.

If a student writes plt.xlabel = 'x', then the test code runs plt.xlabel('x') it throws a str is not callable TypeError.

-------------------------------------
message
-------------------------------------
TypeError: 'str' object is not callable
-------------------------------------
traceback
-------------------------------------
Traceback (most recent call last):
 File "/opt/runpy/code_runpy_backend.py", line 294, in run_code
   exec(test_code, maint_ctx)
 File "[test code]", line 62, in <module>
 File "[test code]", line 39, in __init__
TypeError: 'str' object is not callable
davis68 commented 6 years ago

There's some discussion of read-only properties (using function decorators) here: https://stackoverflow.com/questions/14594120/python-read-only-property

That's not feasible without wrapping every import though, which isn't feasible, ergo not feasible at all.

We get a lot of similar crud from student code... right now I wrap the entire autograder code in try/except to catch this sort of thing.

inducer commented 6 years ago

Here's a related hack for module-level data:

https://stackoverflow.com/questions/3711657/can-i-prevent-modifying-an-object-in-python

This is simple enough that it might be worth it for the matplotlib use case above.

That's not feasible without wrapping every import though, which isn't feasible, ergo not feasible at all.

If you're desperate enough, it's eminently doable. There's sys.modules and import hooks, which gives you all the rope you need for that.

davis68 commented 6 years ago

It's only really an issue for the first three or four weeks, then they normally figure it out. I find that catching NameErrors and TypeErrors handles most of it. I'll take a look at sys.modules though.