search

softwareconstruction240 / autograder

Autograder for BYU's CS 240 Chess project
https://cs240.click
2 stars 2 forks source link

Backend: Verify Commit Authorship Identities #370

Closed frozenfrank closed 4 months ago

frozenfrank commented 4 months ago

Overview

Currently, there are some some ways a student may hijack another student's code and submit it as their own. There are also some pretty straightforward ways we could put systems in place to detect this kind of cheating by leveraging the commit verification system introduced in #160.

These additional checks in the commit verification system would assert that the commits are authored by unique individuals, and that they are working alone on the project. Of course, student's could still get around these by simply sharing computers or GitHub logins or other more devious techniques (like using changing the author of all commits to their own).

Proposed Checks

  1. Should we assert that only one email address is used to author and commit data into student’s repositories?
    • This would detect students committing to each other’s repositories, and
    • it would flag when a TA submits a pull request on a student’s repo.
    • It would also falsly flag students who use multiple GitHub logins to work on their project from multiple devices (one signed in with an obfuscated email address, and one with their actual email address).
  2. Should we assert that the primary email address used to author and commit data is unique among all students?
    • This would detect if a student attempts to submit another student’s GitHub url (or a fork of someone else’s repository) in place of their own work.
    • We would need to be careful not to let the TEST STUDENT's url hijack any actual students.
    • This is the most important of the checks listed here.
  3. Should we assert that the author and committer of all commits are the same? This would detect some ways that a student could attempt to change the author on the commits by inserting their own name.
    • This would hardly ever give a false positive, and it would identify some ways a student would (poorly) claim credit for another's commits.
    • This would be easy to circumvent because anyone who has set out to change the author name, would likely also know to change the commiter name. If they messed up though, this would catch them.
frozenfrank commented 4 months ago

In a discussion as a TA group, we decided that this wouldn't be very helpful, and wouldn't catch anyone helpful. Not worth the development effort.