search

virtual-labs-archive / computer-graphics-iiith

This repository contains sources to Computer Graphics lab.
https://cse18-iiith.vlabs.ac.in/
Other
2 stars 233 forks source link

Transformations:Translation_Quiz #200

Open shradhasehgal opened 5 years ago

shradhasehgal commented 5 years ago

Defect description:

The answers for the Transformations: Translation quiz are stored in a JavaScript file, evaluate.js, which is stored on the front-end and can be viewed by anyone at http://cse18-iiith.vlabs.ac.in/exp5a/evaluate.js. This poses a significant threat to the security of answer validation, therefore defeating the purpose of the quiz.

Steps to reproduce the issue:

  1. Go to the Transformations: Translation Quiz in Computer Graphics
  2. Open the console of your browser
  3. Open the 'Sources' tab and click on evaluate.js to view it (or go to http://cse18-iiith.vlabs.ac.in/exp5a/evaluate.js)
  4. View the answers in lines 6-8

Expected result:

All answers should be stored on the server and validated through functions on the back-end.

Actual result:

All answers are stored in a JavaScript file on the front-end which can be viewed by anyone.

Screenshot:

ansss