This used to work.

test:

var frogs = 42;

test("Adding numbers works", function() {
  
  expect(3);
  
  ok(updateFrogs, "function exists");
  
  equal(updateFrogs(7), 42);
  
  equal(frogs, 49);
  
});

solution:

function updateFrogs(x) {
  var f = frogs;
  frogs = frogs + x;
  return f;
}

output:

FAIL: Died on test #2: "frogs" is not defined.

When var frogs; is added to the solution, it all works.

Submitted by Elmer van Chastelet on 27 February 2014 at 12:01

On 27 February 2014 at 12:04 Elmer van Chastelet commented:

Might be introduced by rhino update in https://bitbucket.org/examinr/labback/commits/453e0ff758cb6ef33f6890d4dd47ad6e8a0b5c93


On 27 February 2014 at 12:54 Jeff Smits commented:

I’m pretty sure this is desired behaviour, not a bug.

In both Scala and C the solution code is imported in the tests so the tests can actually access the code that should be tested.
In JavaScript being able to access anything from the test code pretty much means being able to access everything from the test code. And given JavaScripts dynamic nature / meta-programming facilities, having access to the tests from the student code poses a security risk as students can change the tests or try to read them.

As for introduction of the behaviour in LabBack that makes this example in the question fail the tests: I think I made the changes in the code to fix the security leak last year. Tim de Jong and I discussed the security leak with Vlad and made changes in our Bachelor Project fork of the labback git repo (was hosted on bitbucket but has been removed again). I can’t access the labback git repo anymore so I can’t look for it for you, but see if you can find a merge commit or pull request from repo labback-bsc.


On 27 February 2014 at 13:11 Elmer van Chastelet commented:

Ah, that makes sense. Thanks… closing this issue :)


On 27 February 2014 at 13:11 Elmer van Chastelet closed this issue.

Log in to post comments