Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: Event: Any day submission acceptance with no solution #1238

Open
SanariSan opened this issue Dec 2, 2023 · 6 comments
Open

[Bug]: Event: Any day submission acceptance with no solution #1238

SanariSan opened this issue Dec 2, 2023 · 6 comments
Assignees
@bautistaaa
Labels
bug Something isn't working

Comments

@SanariSan
Copy link

SanariSan commented Dec 2, 2023
edited by bautistaaa

What happened?

Briefly described in my posts on twitter, but will elaborate here.

Yesterday I could peek any locked day by opening https://typehero.dev/challenge/day-X/submissions (only with /submissions).
There was only test data, description section locked as it has to be.
After that I looked at submission req and played with it a bit, so I can complete any challenge.

As I can see recent #1234 fixed upcoming tests peeking, and possibly submissions for locked days, but actually there's still a loophole.

Submission is not connected to challenge.slug, so I can clip any viable slug to pass that check, then persist submission.

Fix would be to probably hold slug in submission or having a slug:submission map for verifying before saving.

GAVadvQXcAAuArE
GAVXJpEXAAEZ6x-

What browsers are you seeing the problem on?

All

Relevant log output

No response
@SanariSan SanariSan added bug Something isn't working triage labels Dec 2, 2023
@zaCKoZAck0 zaCKoZAck0 self-assigned this Dec 2, 2023
@bautistaaa
Copy link
Member

bautistaaa commented Dec 2, 2023
edited

Thank you for this.

Will work on solution asap. We have plans to also do server side validation on the code being submitted which will help tremendously here

@bautistaaa bautistaaa removed the triage label Dec 2, 2023
@bautistaaa
Copy link
Member

i removed the script so others wont easy steal it. i think next time its best to keep the sensitive ones. i think we have this one (see image) but i honestly havent tested it haha

CleanShot 2023-12-02 at 07 26 50@2x

@SanariSan
Copy link
Author

i removed the script so others wont easy steal it. i think next time its best to keep the sensitive ones. i think we have this one (see image) but i honestly havent tested it haha
CleanShot 2023-12-02 at 07 26 50@2x

I was considering this option, but got assured it's fine to just open an issue

image
image

@zaCKoZAck0
Copy link
Collaborator

i removed the script so others wont easy steal it. i think next time its best to keep the sensitive ones. i think we have this one (see image) but i honestly havent tested it haha
CleanShot 2023-12-02 at 07 26 50@2x

I was considering this option, but got assured it's fine to just open an issue

image image

MB

@Hacksore
Copy link
Member

Hacksore commented Dec 2, 2023

Work for server side typescript evaluation exists in a PoC here.

https://github.com/Hacksore/typecheck-service/tree/feat/worker-cf

I’ve not touched it in some time as there are many things that need to be addressed.

if anyone is willing to help bring this to a better state feel free.

🫡

@zaCKoZAck0 zaCKoZAck0 removed their assignment Dec 2, 2023
@bautistaaa bautistaaa self-assigned this Dec 2, 2023
@bautistaaa
Copy link
Member

i think its okay for now but im kinda unsure how to handle this slug loophole

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bautistaaa bautistaaa

Labels
bug Something isn't working
Projects
typehero
Status: Todo
Milestone
No milestone
Development

No branches or pull requests
4 participants
@Hacksore @bautistaaa @zaCKoZAck0 @SanariSan