Deprecate and remove view_types from the course definition #60
Labels
area: security
Issue related to security
priority: low
status: blocked by
Issue can't progress until other linked issues are fixed
type: feature
New feature or change to a feature
Comments
jaguarfi
added
priority: high
markkuriekkinen
added
priority: low
status: blocked by
|
Blocked by: some courses depend on custom view types and there is no solution for running view type code in a sandbox. This issue has low priority since we trust that no teacher tries to abuse the system with custom view types. |
This is true, however it also introduces blocker for wide spread use. For now, I would presume this will get fixed with a next generation of the grader. To help with the issue, one can create a dedicated instance of the MOOC-Grader for a trust group, thus limiting the potential problems. |
16 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Defining relative imports like
view_type: .exercises.customshould not be allowed as it's A potential security issue (running unaudited code).Basically, grader shouldn't run any code from course repository without sandbox.
The text was updated successfully, but these errors were encountered: