Hi, I teach a CS course, and I was wondering if there is a practical way in which to setup a server that would accept student’s tar files, run some tests, and show them the results.
I could go “full unix mode” and roll up some accounts let them ssh into a server, scp their their files… but I was wondering if there is a prepacked solution for this that is nicer to the eye. And I thought maybe you know some.
My university used Artemis to do basically what you’re describing. Files are uploaded via git. But it seems like selfhosting would be a lot of work.
Did a takehome for a company recently that did it well. They required that I make a docker file (you could give them one if you wanted) where when ran it would run tests. It was a neat use of docker IMO, it standardized that builds were just “build the docker file” and running was just “run the dockerfile”. You would t have to deal with tar or anything then.
Thousand ways to skin a cat there
Why give your students a way to get RCE on your institutions servers through anything less than perfect file upload implementation.
For a .tar? I wish you the best…
Instead of that, simplify.
Use unique salts for each assignment per student.
Align hashes with those salts to check the outcome for each students assignment.
Literally have them send you a CTF style sha256 string.
Do it step by step where each step doesn’t depend on the next, grade as a percentage of flags accurately procured.
Absolutely this. Even if you had fancy jails or docker setups for each submission, this will be a nightmare to properly handle. Students DOSing each other exactly before the submission deadline, too.
I mean just for the love of God don’t spin up something on your company’s infrastructure that accepts file uploads.
Just don’t.
If you’re reading this and going “well, it’s just internal,” or “well, it doesn’t do much it just accepts this exact file type.” My god. Ask your CISA. And if they’re okay with it, cool. That’s on them.
Unless your whole business is transferring files, don’t. And even then… Don’t.
And if you’re still confused, the answer is to use another company’s infrastructure for this. Use Azure. Use AWS. Use Google cloud or even g suites. Don’t accept that liability. Let the trillionaires do it.
You could use automated testing tools to do the work for you. You define your requirements as individual tests and every input is tested separately giving you a report which tests failed and which succeeded.
My university had a system like this. They also had all the tests and the expected answers in a file at …/tests.txt and …/results.txt u could read both files look at the command line args passed to ur code find what line in the tests file they passed and return that same line number from the results file. 100% on every single item. They pulled me into a meeting to complain about it but granted me the marks anyways cos I was technically correct according to the marking criteria. Needless to say they fixed the access perms and rewrote the marking criteria for the next year.
Yeah this is a bad idea if not done extremely carefully cos rce. There is CodeRunner as a moodle plugin. If u wanna roll ur own then u would wanna use something like Firecracker for secure execution.
If you use moodle, it has a plugin for that, with instructions.
If you don’t use moodle, you may want to check the instructions on the plugin anyway.
That sounds like build automation. You can use some Git forge software.
Full unix mode is probably easier than working up some kind of sandboxing mechanism that accepts arbitrary scripts/binaries.
As far as nice to the eye, you can spin up a python FastAPI site and frontend in about 10 minutes with Claude Code
