search

jazkarta / edx-platform

the edX learning management system (LMS) and course authoring tool, Studio
http://code.edx.org/
GNU Affero General Public License v3.0
1 stars 0 forks source link

Error in ccx for problem with "unsafe code" #100

Closed cewing closed 9 years ago

cewing commented 9 years ago

@pdpinch This error message appears the the CCX I've built from the example course in my local environment:

Problem ccx-block-v1:edX+DemoX+Rerun1+ccx@1+type@problem+block@d7daeff25e4f4026bdd269ae69e03e02 has an error:
cannot create LoncapaProblem ccx-block-v1:edX+DemoX+Rerun1+ccx@1+type@problem+block@d7daeff25e4f4026bdd269ae69e03e02: Execution of unsafe Javascript code is not allowed.

The problem appears to arise from a check in xmodule.capa_base in the CapaMixin class when a new lcp is created for the object with this mixin.

In the process of creating the problem block, the system checks to see if unsafe code is allowed, using a attribute from the runtime for the object.

This attribute is a lambda that calls a function by the same name from utils.sandboxing, passing in a course id.

The function checks a value COURSES_WITH_UNSAFE_CODE from settings, which appears to be set to an empty list. Checking through settings files verifies that this list is empty except in some tests where it is overridden.

I don't think this is actually a problem with CCX, but wanted to open an issue in case it is a sign of something serious.

pdpinch commented 9 years ago

This sounds like a problem in the courseware. It would help if I knew what the problem was, but I wouldn't be surprised if there were demos of problem types in the demo course which are no longer considered "safe."

In production, I'm pretty sure that 6.002x -- the first course, from before there was even an edX -- has to be in that "COURSES_WITH_UNSAFE_CODE" list.

@cgee do you know anything about COURSES_WITH_UNSAFE_CODE ?

On Jun 3, 2015, at 8:25 PM, Cris Ewing notifications@github.com wrote:

@pdpinch This error message appears the the CCX I've built from the example course in my local environment:

Problem ccx-block-v1:edX+DemoX+Rerun1+ccx@1+type@problem+block@d7daeff25e4f4026bdd269ae69e03e02 has an error: cannot create LoncapaProblem ccx-block-v1:edX+DemoX+Rerun1+ccx@1+type@problem+block@d7daeff25e4f4026bdd269ae69e03e02: Execution of unsafe Javascript code is not allowed. The problem appears to arise from a check in xmodule.capa_base in the CapaMixin class when a new lcp is created for the object with this mixin.

In the process of creating the problem block, the system checks to see if unsafe code is allowed, using a attribute from the runtime for the object.

This attribute is a lambda that calls a function by the same name from utils.sandboxing, passing in a course id.

The function checks a value COURSES_WITH_UNSAFE_CODE from settings, which appears to be set to an empty list. Checking through settings files verifies that this list is empty except in some tests where it is overridden.

I don't think this is actually a problem with CCX, but wanted to open an issue in case it is a sign of something serious.

— Reply to this email directly or view it on GitHub.

cewing commented 9 years ago

The problem is the "instructor supplied responses" question in the 'question types' sequence in the "homework" part of the first example module. It's worth noting that the same problem fails in the same way when viewing the original example course as a rerun.

pdpinch commented 9 years ago

Is this the problem?

https://github.com/edx/edx-demo-course/blob/9aad9f2d084171aec9cc5090dcc95ed70eb9eedf/drafts/problem/d7daeff25e4f4026bdd269ae69e03e02.xml

Consider the game tree shown below. As in the previous problem, trapezoids that point up, such as the top node (root), represent choices for the maximizing player; trapezoids that point down represent choices for the minimizing player.

This is actually from the drafts folder of the demo course. There may be a bug in the re-run code that unintentionally restores items in the drafts folder.

In any case, this doesn't seem to be a problem specific to CCXs.

On Jun 3, 2015, at 9:02 PM, Cris Ewing notifications@github.com wrote:

The problem is the "instructor supplied responses" question in the 'question types' sequence in the "homework" part of the first example module. It's worth noting that the same problem fails in the same way when viewing the original example course as a rerun.

— Reply to this email directly or view it on GitHub.

cewing commented 9 years ago

That's the one.

Suggestions on how to handle the possible bug?

I can certainly close this.

pdpinch commented 9 years ago

I submitted the bug to edX: https://openedx.atlassian.net/browse/CRI-23

cewing commented 9 years ago

cool