PROD.2025/DataRush
1
0
Fork 0
mirror of https://gitlab.com/megazordpobeda/DataRush.git synced 2026-05-23 22:37:10 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

who did this

Browse Source
This commit is contained in:
ITQ
2025-03-02 17:07:02 +03:00
parent 9612b67721
commit 1669ec5546
1 changed files with 40 additions and 138 deletions
Download Patch File Download Diff File Expand all files Collapse all files
services/backend/apps/task/tasks.py
+40 -138
View File
@@ -1,148 +1,50 @@
import ast import requests
import contextlib from celery import shared_task
import hashlib from django.core.files.base import ContentFile
import os
import sys
import tempfile
from io import StringIO
from config.celery import app from django.conf import settings
from apps.task.models import CompetitionTaskSubmission
ALLOWED_MODULES = {
"pandas",
"numpy",
"matplotlib",
"seaborn",
"scipy",
"sklearn",
"datetime",
"json",
"csv",
"math",
"statistics",
"statsmodels",
}
class SecurityException(Exception): @shared_task(bind=True, max_retries=3)
pass def analyze_data_task(self, submission_id):
from .models import CompetitionTaskSubmission
submission = CompetitionTaskSubmission.objects.get(id=submission_id)
def validate_code(code_str):
try: try:
tree = ast.parse(code_str) code = submission.content.read().decode()
except SyntaxError as e: files = [
raise SecurityException(f"Syntax error: {e!s}") (f.name, f.file.open("rb"))
for f in submission.task.attachments.filter(public=True)
]
class ImportVisitor(ast.NodeVisitor): response = requests.post(
def visit_Import(self, node): f"{settings.CHECKER_API_ENDPOINT}/execute",
for alias in node.names: files=[("files", (f.name, f)) for f in files]
module = alias.name.split(".")[0] + [
if module not in ALLOWED_MODULES: ("code", code),
raise SecurityException(f"Disallowed import: {module}") ("expected_hash", submission.task.correct_answer_hash),
],
timeout=30,
)
response.raise_for_status()
result = response.json()
def visit_ImportFrom(self, node): submission.stdout.save("output.txt", ContentFile(result["output"]))
if node.module: submission.result = {
module = node.module.split(".")[0] "correct": result["hash_match"],
if module not in ALLOWED_MODULES: "result_hash": result["result_hash"],
raise SecurityException( "error": result.get("error"),
f"Disallowed import from: {module}"
)
class SecurityVisitor(ast.NodeVisitor):
def generic_visit(self, node):
if isinstance(node, (ast.Call, ast.Attribute)):
if "system" in getattr(node, "attr", ""):
raise SecurityException("Dangerous system call detected")
super().generic_visit(node)
try:
ImportVisitor().visit(tree)
SecurityVisitor().visit(tree)
except SecurityException:
raise
except Exception as e:
raise SecurityException(f"Security check failed: {e!s}")
def secure_exec(code_str, result_path, input_files=None):
original_dir = os.getcwd()
original_stdout = sys.stdout
sys.stdout = captured_stdout = StringIO()
result_content = None
if input_files is None:
input_files = []
with tempfile.TemporaryDirectory() as temp_dir:
try:
os.chdir(temp_dir)
for file in input_files:
file_path = os.path.join(temp_dir, file["bind_at"])
os.makedirs(os.path.dirname(file_path), exist_ok=True)
with open(file_path, "wb") as f:
f.write(file["content"])
restricted_globals = {
"__builtins__": {
"open": open,
"print": print,
"str": str,
"int": int,
"float": float,
"bool": bool,
"list": list,
"dict": dict,
"tuple": tuple,
"set": set,
}
}
exec(code_str, restricted_globals)
if result_path == "stdout":
result_content = captured_stdout.getvalue().encode("utf-8")
else:
with open(result_path, "rb") as f:
result_content = f.read()
except Exception as e:
raise RuntimeError(f"Execution error: {e!s}")
finally:
os.chdir(original_dir)
sys.stdout = original_stdout
return result_content
@app.task(bind=True)
def analyze_data_task(
self, code_str, result_path, expected_file_link, submission_id, input_files=[]
):
try:
validate_code(code_str)
result_content = secure_exec(code_str, result_path, input_files)
result_hash = hashlib.sha256(result_content).hexdigest()
expected_hash = hashlib.sha256(expected_bytes).hexdigest()
with contextlib.suppress(CompetitionTaskSubmission.DoesNotExist):
submission = CompetitionTaskSubmission.objects.get(id=submission_id)
submission.result = {"correct": True}
return {
"success": True,
"match": result_hash == expected_hash,
"result_hash": result_hash,
"expected_hash": expected_hash,
} }
submission.earned_points = (
submission.task.points if result["hash_match"] else 0
)
submission.status = CompetitionTaskSubmission.StatusChoices.CHECKED
except SecurityException as e: except requests.exceptions.RequestException as e:
return {"success": False, "error": f"Security violation: {e!s}"} self.retry(countdown=2**self.request.retries)
except RuntimeError as e:
return {"success": False, "error": f"Execution error: {e!s}"}
except Exception as e: except Exception as e:
return {"success": False, "error": f"Unexpected error: {e!s}"} submission.result = {"error": str(e)}
submission.status = CompetitionTaskSubmission.StatusChoices.CHECKED
submission.earned_points = 0
finally:
submission.save()