From ffd0de446d1580469988ed05a3c7b27c28a8c24b Mon Sep 17 00:00:00 2001
From: prixod <prixod.il2000@yandex.ru>
Date: Tue, 4 Nov 2025 23:22:11 +0400
Subject: [PATCH] update isolate integrity

---
 src/LiquidCode.Tester.Worker/Program.cs       | 27 +------------
 .../Services/CompilationServiceFactory.cs     | 40 +++++--------------
 .../Services/CppCompilationServiceIsolate.cs  | 36 ++++++++++++++---
 .../Services/ExecutionServiceFactory.cs       | 40 +++++--------------
 .../Services/OutputCheckerService.cs          | 26 +++++-------
 .../Services/PackageParserService.cs          |  4 +-
 src/LiquidCode.Tester.Worker/appsettings.json |  2 +-
 7 files changed, 64 insertions(+), 111 deletions(-)

diff --git a/src/LiquidCode.Tester.Worker/Program.cs b/src/LiquidCode.Tester.Worker/Program.cs
index c1917d0..5f43921 100644
--- a/src/LiquidCode.Tester.Worker/Program.cs
+++ b/src/LiquidCode.Tester.Worker/Program.cs
@@ -22,48 +22,25 @@ builder.Services.AddSingleton(sp =>
 // Register application services
 builder.Services.AddSingleton<PolygonProblemXmlParser>();
 builder.Services.AddSingleton<AnswerGenerationService>();
-builder.Services.AddSingleton<CheckerService>();
 builder.Services.AddSingleton<CheckerServiceIsolate>();
 builder.Services.AddSingleton<IPackageParserService, PackageParserService>();
 builder.Services.AddSingleton<IOutputCheckerService, OutputCheckerService>();
 builder.Services.AddSingleton<ICallbackService, CallbackService>();
 
-// Register compilation services
-// Always register both standard and isolate versions
-builder.Services.AddSingleton<CppCompilationService>();
+// Register Isolate compilation services
 builder.Services.AddSingleton<CppCompilationServiceIsolate>();
-
-builder.Services.AddSingleton<JavaCompilationService>();
 builder.Services.AddSingleton<JavaCompilationServiceIsolate>();
-
-builder.Services.AddSingleton<KotlinCompilationService>();
 builder.Services.AddSingleton<KotlinCompilationServiceIsolate>();
-
-builder.Services.AddSingleton<CSharpCompilationService>();
 builder.Services.AddSingleton<CSharpCompilationServiceIsolate>();
-
-builder.Services.AddSingleton<PythonCompilationService>();
 builder.Services.AddSingleton<PythonCompilationServiceIsolate>();
-
 builder.Services.AddSingleton<ICompilationServiceFactory, CompilationServiceFactory>();
 
-// Register execution services
-// Always register both standard and isolate versions
-builder.Services.AddSingleton<CppExecutionService>();
+// Register Isolate execution services
 builder.Services.AddSingleton<CppExecutionServiceIsolate>();
-
-builder.Services.AddSingleton<JavaExecutionService>();
 builder.Services.AddSingleton<JavaExecutionServiceIsolate>();
-
-builder.Services.AddSingleton<KotlinExecutionService>();
 builder.Services.AddSingleton<KotlinExecutionServiceIsolate>();
-
-builder.Services.AddSingleton<CSharpExecutionService>();
 builder.Services.AddSingleton<CSharpExecutionServiceIsolate>();
-
-builder.Services.AddSingleton<PythonExecutionService>();
 builder.Services.AddSingleton<PythonExecutionServiceIsolate>();
-
 builder.Services.AddSingleton<IExecutionServiceFactory, ExecutionServiceFactory>();
 
 // Register testing service
diff --git a/src/LiquidCode.Tester.Worker/Services/CompilationServiceFactory.cs b/src/LiquidCode.Tester.Worker/Services/CompilationServiceFactory.cs
index d3e31dc..6546437 100644
--- a/src/LiquidCode.Tester.Worker/Services/CompilationServiceFactory.cs
+++ b/src/LiquidCode.Tester.Worker/Services/CompilationServiceFactory.cs
@@ -1,56 +1,36 @@
 namespace LiquidCode.Tester.Worker.Services;
 
+/// <summary>
+/// Factory for compilation services - always uses Isolate sandbox for security
+/// </summary>
 public class CompilationServiceFactory : ICompilationServiceFactory
 {
     private readonly IServiceProvider _serviceProvider;
-    private readonly IConfiguration _configuration;
     private readonly ILogger<CompilationServiceFactory> _logger;
-    private readonly bool _useIsolate;
 
     public CompilationServiceFactory(
         IServiceProvider serviceProvider,
-        IConfiguration configuration,
         ILogger<CompilationServiceFactory> logger)
     {
         _serviceProvider = serviceProvider;
-        _configuration = configuration;
         _logger = logger;
-        _useIsolate = configuration.GetValue<bool>("Isolate:Enabled", false);
 
-        if (_useIsolate)
-        {
-            _logger.LogInformation("Isolate sandbox is ENABLED for compilation");
-        }
-        else
-        {
-            _logger.LogWarning("Isolate sandbox is DISABLED for compilation - using standard compilation (NOT SECURE for production!)");
-        }
+        _logger.LogInformation("Compilation services configured to use Isolate sandbox");
     }
 
     public ICompilationService GetCompilationService(string language)
     {
         var normalizedLanguage = language.ToLowerInvariant().Replace(" ", "");
 
-        _logger.LogInformation("Getting compilation service for language: {Language} (Isolate: {UseIsolate})",
-            normalizedLanguage, _useIsolate);
+        _logger.LogDebug("Getting Isolate compilation service for language: {Language}", normalizedLanguage);
 
         return normalizedLanguage switch
         {
-            "c++" or "cpp" => _useIsolate
-                ? _serviceProvider.GetRequiredService<CppCompilationServiceIsolate>()
-                : _serviceProvider.GetRequiredService<CppCompilationService>(),
-            "java" => _useIsolate
-                ? _serviceProvider.GetRequiredService<JavaCompilationServiceIsolate>()
-                : _serviceProvider.GetRequiredService<JavaCompilationService>(),
-            "kotlin" => _useIsolate
-                ? _serviceProvider.GetRequiredService<KotlinCompilationServiceIsolate>()
-                : _serviceProvider.GetRequiredService<KotlinCompilationService>(),
-            "c#" or "csharp" => _useIsolate
-                ? _serviceProvider.GetRequiredService<CSharpCompilationServiceIsolate>()
-                : _serviceProvider.GetRequiredService<CSharpCompilationService>(),
-            "python" => _useIsolate
-                ? _serviceProvider.GetRequiredService<PythonCompilationServiceIsolate>()
-                : _serviceProvider.GetRequiredService<PythonCompilationService>(),
+            "c++" or "cpp" => _serviceProvider.GetRequiredService<CppCompilationServiceIsolate>(),
+            "java" => _serviceProvider.GetRequiredService<JavaCompilationServiceIsolate>(),
+            "kotlin" => _serviceProvider.GetRequiredService<KotlinCompilationServiceIsolate>(),
+            "c#" or "csharp" => _serviceProvider.GetRequiredService<CSharpCompilationServiceIsolate>(),
+            "python" => _serviceProvider.GetRequiredService<PythonCompilationServiceIsolate>(),
             _ => throw new NotSupportedException($"Language '{language}' is not supported")
         };
     }
diff --git a/src/LiquidCode.Tester.Worker/Services/CppCompilationServiceIsolate.cs b/src/LiquidCode.Tester.Worker/Services/CppCompilationServiceIsolate.cs
index 654693e..ef2d694 100644
--- a/src/LiquidCode.Tester.Worker/Services/CppCompilationServiceIsolate.cs
+++ b/src/LiquidCode.Tester.Worker/Services/CppCompilationServiceIsolate.cs
@@ -42,7 +42,7 @@ public class CppCompilationServiceIsolate : ICompilationService
         try
         {
             await File.WriteAllTextAsync(sourceFilePath, sourceCode);
-            return await CompileFileInIsolateAsync(sourceFilePath, executablePath, version);
+            return await CompileFileAsync(sourceFilePath, executablePath, version);
         }
         catch (Exception ex)
         {
@@ -55,10 +55,15 @@ public class CppCompilationServiceIsolate : ICompilationService
         }
     }
 
-    private async Task<CompilationResult> CompileFileInIsolateAsync(
+    /// <summary>
+    /// Compile a C++ source file to an executable using Isolate sandbox
+    /// </summary>
+    public async Task<CompilationResult> CompileFileAsync(
         string sourceFilePath,
         string outputExecutablePath,
-        string? version = null)
+        string? version = null,
+        IEnumerable<string>? includeDirectories = null,
+        IEnumerable<string>? additionalFlags = null)
     {
         int boxId = -1;
 
@@ -75,8 +80,8 @@ public class CppCompilationServiceIsolate : ICompilationService
             var boxDir = $"/var/local/lib/isolate/{boxId}/box";
             var sourceFileName = Path.GetFileName(sourceFilePath);
             var boxSourcePath = Path.Combine(boxDir, sourceFileName);
-            var boxOutputName = "solution";
-            var boxOutputPath = Path.Combine(boxDir, boxOutputName);
+            var outputFileName = Path.GetFileName(outputExecutablePath);
+            var boxOutputPath = Path.Combine(boxDir, outputFileName);
 
             File.Copy(sourceFilePath, boxSourcePath, overwrite: true);
 
@@ -86,9 +91,28 @@ public class CppCompilationServiceIsolate : ICompilationService
 
             // Build compiler arguments
             var arguments = new List<string>(compilerFlags);
+
+            // Add include directories
+            if (includeDirectories != null)
+            {
+                foreach (var includeDir in includeDirectories.Where(d => !string.IsNullOrWhiteSpace(d)))
+                {
+                    arguments.Add($"-I{includeDir}");
+                }
+            }
+
+            // Add additional flags
+            if (additionalFlags != null)
+            {
+                foreach (var flag in additionalFlags.Where(f => !string.IsNullOrWhiteSpace(f)))
+                {
+                    arguments.Add(flag);
+                }
+            }
+
             arguments.Add($"/box/{sourceFileName}");
             arguments.Add("-o");
-            arguments.Add($"/box/{boxOutputName}");
+            arguments.Add($"/box/{outputFileName}");
 
             // Prepare stderr output file for compiler messages
             var stderrFilePath = Path.Combine(boxDir, "compile_stderr.txt");
diff --git a/src/LiquidCode.Tester.Worker/Services/ExecutionServiceFactory.cs b/src/LiquidCode.Tester.Worker/Services/ExecutionServiceFactory.cs
index 68a639c..3c32ac3 100644
--- a/src/LiquidCode.Tester.Worker/Services/ExecutionServiceFactory.cs
+++ b/src/LiquidCode.Tester.Worker/Services/ExecutionServiceFactory.cs
@@ -1,56 +1,36 @@
 namespace LiquidCode.Tester.Worker.Services;
 
+/// <summary>
+/// Factory for execution services - always uses Isolate sandbox for security
+/// </summary>
 public class ExecutionServiceFactory : IExecutionServiceFactory
 {
     private readonly IServiceProvider _serviceProvider;
-    private readonly IConfiguration _configuration;
     private readonly ILogger<ExecutionServiceFactory> _logger;
-    private readonly bool _useIsolate;
 
     public ExecutionServiceFactory(
         IServiceProvider serviceProvider,
-        IConfiguration configuration,
         ILogger<ExecutionServiceFactory> logger)
     {
         _serviceProvider = serviceProvider;
-        _configuration = configuration;
         _logger = logger;
-        _useIsolate = configuration.GetValue<bool>("Isolate:Enabled", false);
 
-        if (_useIsolate)
-        {
-            _logger.LogInformation("Isolate sandbox is ENABLED for code execution");
-        }
-        else
-        {
-            _logger.LogWarning("Isolate sandbox is DISABLED - using standard execution (NOT SECURE for production!)");
-        }
+        _logger.LogInformation("Execution services configured to use Isolate sandbox");
     }
 
     public IExecutionService GetExecutionService(string language)
     {
         var normalizedLanguage = language.ToLowerInvariant().Replace(" ", "");
 
-        _logger.LogInformation("Getting execution service for language: {Language} (Isolate: {UseIsolate})",
-            normalizedLanguage, _useIsolate);
+        _logger.LogDebug("Getting Isolate execution service for language: {Language}", normalizedLanguage);
 
         return normalizedLanguage switch
         {
-            "c++" or "cpp" => _useIsolate
-                ? _serviceProvider.GetRequiredService<CppExecutionServiceIsolate>()
-                : _serviceProvider.GetRequiredService<CppExecutionService>(),
-            "java" => _useIsolate
-                ? _serviceProvider.GetRequiredService<JavaExecutionServiceIsolate>()
-                : _serviceProvider.GetRequiredService<JavaExecutionService>(),
-            "kotlin" => _useIsolate
-                ? _serviceProvider.GetRequiredService<KotlinExecutionServiceIsolate>()
-                : _serviceProvider.GetRequiredService<KotlinExecutionService>(),
-            "c#" or "csharp" => _useIsolate
-                ? _serviceProvider.GetRequiredService<CSharpExecutionServiceIsolate>()
-                : _serviceProvider.GetRequiredService<CSharpExecutionService>(),
-            "python" => _useIsolate
-                ? _serviceProvider.GetRequiredService<PythonExecutionServiceIsolate>()
-                : _serviceProvider.GetRequiredService<PythonExecutionService>(),
+            "c++" or "cpp" => _serviceProvider.GetRequiredService<CppExecutionServiceIsolate>(),
+            "java" => _serviceProvider.GetRequiredService<JavaExecutionServiceIsolate>(),
+            "kotlin" => _serviceProvider.GetRequiredService<KotlinExecutionServiceIsolate>(),
+            "c#" or "csharp" => _serviceProvider.GetRequiredService<CSharpExecutionServiceIsolate>(),
+            "python" => _serviceProvider.GetRequiredService<PythonExecutionServiceIsolate>(),
             _ => throw new NotSupportedException($"Language '{language}' is not supported")
         };
     }
diff --git a/src/LiquidCode.Tester.Worker/Services/OutputCheckerService.cs b/src/LiquidCode.Tester.Worker/Services/OutputCheckerService.cs
index ede72d2..401a188 100644
--- a/src/LiquidCode.Tester.Worker/Services/OutputCheckerService.cs
+++ b/src/LiquidCode.Tester.Worker/Services/OutputCheckerService.cs
@@ -1,27 +1,21 @@
 namespace LiquidCode.Tester.Worker.Services;
 
+/// <summary>
+/// Output checker service - always uses Isolate sandbox for checker execution
+/// </summary>
 public class OutputCheckerService : IOutputCheckerService
 {
     private readonly ILogger<OutputCheckerService> _logger;
-    private readonly CheckerService _checkerService;
-    private readonly CheckerServiceIsolate _checkerServiceIsolate;
-    private readonly bool _useIsolate;
+    private readonly CheckerServiceIsolate _checkerService;
 
     public OutputCheckerService(
         ILogger<OutputCheckerService> logger,
-        CheckerService checkerService,
-        CheckerServiceIsolate checkerServiceIsolate,
-        IConfiguration configuration)
+        CheckerServiceIsolate checkerService)
     {
         _logger = logger;
         _checkerService = checkerService;
-        _checkerServiceIsolate = checkerServiceIsolate;
-        _useIsolate = configuration.GetValue<bool>("Isolate:Enabled", false);
 
-        if (_useIsolate)
-        {
-            _logger.LogInformation("Using Isolate sandbox for checker execution");
-        }
+        _logger.LogInformation("Checker service configured to use Isolate sandbox");
     }
 
     public async Task<bool> CheckOutputAsync(string actualOutput, string expectedOutputPath)
@@ -82,12 +76,10 @@ public class OutputCheckerService : IOutputCheckerService
         // If custom checker is available, use it
         if (!string.IsNullOrEmpty(checkerPath) && File.Exists(checkerPath))
         {
-            _logger.LogDebug("Using custom checker: {CheckerPath} (Isolate: {UseIsolate})",
-                checkerPath, _useIsolate);
+            _logger.LogDebug("Using custom checker in Isolate: {CheckerPath}", checkerPath);
 
-            var checkerResult = _useIsolate
-                ? await _checkerServiceIsolate.CheckAsync(checkerPath, inputFilePath, actualOutput, expectedOutputPath)
-                : await _checkerService.CheckAsync(checkerPath, inputFilePath, actualOutput, expectedOutputPath);
+            var checkerResult = await _checkerService.CheckAsync(
+                checkerPath, inputFilePath, actualOutput, expectedOutputPath);
 
             if (!checkerResult.Accepted)
             {
diff --git a/src/LiquidCode.Tester.Worker/Services/PackageParserService.cs b/src/LiquidCode.Tester.Worker/Services/PackageParserService.cs
index b887c27..3b7b655 100644
--- a/src/LiquidCode.Tester.Worker/Services/PackageParserService.cs
+++ b/src/LiquidCode.Tester.Worker/Services/PackageParserService.cs
@@ -14,13 +14,13 @@ public class PackageParserService : IPackageParserService
     private readonly ILogger<PackageParserService> _logger;
     private readonly PolygonProblemXmlParser _polygonParser;
     private readonly AnswerGenerationService _answerGenerator;
-    private readonly CppCompilationService _cppCompilation;
+    private readonly CppCompilationServiceIsolate _cppCompilation;
 
     public PackageParserService(
         ILogger<PackageParserService> logger,
         PolygonProblemXmlParser polygonParser,
         AnswerGenerationService answerGenerator,
-        CppCompilationService cppCompilation)
+        CppCompilationServiceIsolate cppCompilation)
     {
         _logger = logger;
         _polygonParser = polygonParser;
diff --git a/src/LiquidCode.Tester.Worker/appsettings.json b/src/LiquidCode.Tester.Worker/appsettings.json
index 4714921..0f9a340 100644
--- a/src/LiquidCode.Tester.Worker/appsettings.json
+++ b/src/LiquidCode.Tester.Worker/appsettings.json
@@ -7,7 +7,6 @@
   },
   "AllowedHosts": "*",
   "Isolate": {
-    "Enabled": true,
     "MaxBoxes": 100
   },
   "Cpp": {
@@ -76,6 +75,7 @@
   },
   "Python": {
     "Executable": "python3",
+    "ValidateSyntax": true,
     "Versions": {
       "3.8": {
         "Executable": "python3.8"