Java upload tab - Githubissues

source-academy / frontend

Frontend of Source Academy, an online experiential environment for computational thinking (React, Redux, Saga, Blueprint)

https://sourceacademy.org

Apache License 2.0

103 stars 167 forks source link

Java upload tab #2945

Closed Chang-CH closed 6 months ago

Chang-CH commented 7 months ago

Description

Allows users to bypass compiler + type checker in local development by uploading class files to run directly.

Supports multiple file uploads.

Type of change

[ ] Bug fix (non-breaking change which fixes an issue)
[x] New feature (non-breaking change which adds functionality)
[ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
[ ] This change requires a documentation update
[ ] Code quality improvements

How to test

Compile java file(s) with javac *.java -target 8 -source 8 and upload

Checklist

[x] I have tested this code
[ ] I have updated the documentation

coveralls commented 7 months ago

Pull Request Test Coverage Report for Build 9049753998

Details

10 of 64 (15.63%) changed or added relevant lines in 8 files are covered.
No unchanged relevant lines lost coverage.
Overall coverage decreased (-0.05%) to 32.062%

Changes Missing Coverage	Covered Lines	Changed/Added Lines	%
src/pages/playground/Playground.tsx	1	2	50.0%
src/commons/workspace/WorkspaceActions.ts	2	4	50.0%
src/commons/sagas/PlaygroundSaga.ts	0	3	0.0%
src/commons/workspace/WorkspaceReducer.ts	0	6	0.0%
src/commons/sideContent/content/SideContentUpload.tsx	2	21	9.52%
src/commons/utils/JavaHelper.ts	0	23	0.0%
<!--	Total:	10	64	15.63%	-->

Totals
Change from base Build 8971907944:	-0.05%
Covered Lines:	5021
Relevant Lines:	14700

💛 - Coveralls

Chang-CH commented 7 months ago

Will this be safe (considering one can upload any file)? Any potential social engineering attack vector? Is it possible to access the JS environment from Java (and e.g. steal browser cookies)?

At the moment most of the standard library is not yet implemented, there are no native functions that access network.

Ideally we only need the run tab, but due to the limitations of the type checker and compiler this was requested as a feature.

martin-henz commented 7 months ago

Yes, maybe this feature should only be available in the command line tool and not in sourceacademy.org? I agree that for now it's ok. Maybe we include it for the project presentation next week and then remove it?

Chang-CH commented 7 months ago

Yes, maybe this feature should only be available in the command line tool and not in sourceacademy.org? I agree that for now it's ok. Maybe we include it for the project presentation next week and then remove it?

I am planning to use localhost for presentation. I think mei tin is using the localhost approach as well. Is there a way we only enable it for dev and not production? do we have feature flags?

RichDom2185 commented 7 months ago

Is there a way we only enable it for dev and not production?

Not sure, does process.env.NODE_ENV work?

do we have feature flags?

No we don't (at least not yet for now…)

Chang-CH commented 7 months ago

Is there a way we only enable it for dev and not production?

Not sure, does process.env.NODE_ENV work?

looks like it does, added the check.