Can matlab grader questions be vulnerable by hackers through pretest?

2 views (last 30 days)
Hermes Pantoja
Hermes Pantoja on 30 Apr 2022
Commented: Piotr Kot on 20 Dec 2024
for example:
Using ethical hacking it was obtained
then replaced in Learner template

Sign in to answer this question.

Accepted Answer

Cris LaPierre
Cris LaPierre on 30 Apr 2022
Edited: Cris LaPierre on 30 Apr 2022
If the pretest assessment is a MATLAB Code test type, then learners can expand the test to see the underlying assessment test code.
If that code gives away too much, then consider not making that assessment a pretest. If you are not limiting the number of submissions (default behavior in MATLAB Grader), then there is really no value to making any of the tests pretests anyway.
For an example of how to use pretests, consider looking at the "Calculating voltage using Kirchhoff loops" example problem in the Getting Started with MATLAB Grader problem collection.
I do have some concerns with the code you have shown. Perhaps if you can explain what you are trying to do with this code, perhaps there is an opportunity to modify the problem design.

More Answers (2)

Jeff Alderson
Jeff Alderson on 30 Apr 2022
Every time a learner solution is submitted, the solution is recorded and made available to the instructor. Solutions that use obvious attempts at circumventing assessment tests would be very transparent when compared to learner solutions that attempt to solve the problem in good faith. Additionally, the instructor can check for the presence of certain keywords and functions and fail the assessment if they are found. Similarly, the instructor could look for the presence of keywords necessary to solve the problem in the desired way, and fail the assessment if they are not found.
Piotr Kot
Piotr Kot on 15 Dec 2024
Edited: Piotr Kot on 15 Dec 2024
Nonsense
hack:
fprintf(fopen('./solutionTest.m', 'w'), '%s', '');
always works even if 'fopen' and 'fprintf' keywords are disabled
  15 Comments
Show 13 older comments
Piotr Kot
Piotr Kot on 20 Dec 2024
One more small note. My attempt to solve the problem can also be overcome. It turns out that the /tmp directory is available for writing to anyone who wants it. And then, of course, we run a script with any commands we want.
Piotr Kot
Piotr Kot on 20 Dec 2024
And finally, to sum up the Matlab Grader team's response:
„The behavior explained through the reproduction steps is intended. The MATLAB session running within Grader operates within an isolated containerized instance. Logged-in users are permitted to run MATLAB functions, including commands that interact programmatically with the operating system and the MATLAB application. Therefore, executing the 'system' command does not introduce any additional risk to MATLAB Grader."

Sign in to comment.

Communities

More Answers in the  Distance Learning Community

Categories

Find more on Testing Frameworks in Help Center and File Exchange

Tags

Community Treasure Hunt

Find the treasures in MATLAB Central and discover how the community can help you!

Start Hunting!