update isolate integrity

2025-11-04 23:22:11 +04:00
parent 44cb179cf5
commit ffd0de446d
7 changed files with 64 additions and 111 deletions
--- a/src/LiquidCode.Tester.Worker/Program.cs
+++ b/src/LiquidCode.Tester.Worker/Program.cs
@@ -22,48 +22,25 @@ builder.Services.AddSingleton(sp =>
 // Register application services
 builder.Services.AddSingleton<PolygonProblemXmlParser>();
 builder.Services.AddSingleton<AnswerGenerationService>();
-builder.Services.AddSingleton<CheckerService>();
 builder.Services.AddSingleton<CheckerServiceIsolate>();
 builder.Services.AddSingleton<IPackageParserService, PackageParserService>();
 builder.Services.AddSingleton<IOutputCheckerService, OutputCheckerService>();
 builder.Services.AddSingleton<ICallbackService, CallbackService>();

-// Register compilation services
-// Always register both standard and isolate versions
-builder.Services.AddSingleton<CppCompilationService>();
+// Register Isolate compilation services
 builder.Services.AddSingleton<CppCompilationServiceIsolate>();
-
-builder.Services.AddSingleton<JavaCompilationService>();
 builder.Services.AddSingleton<JavaCompilationServiceIsolate>();
-
-builder.Services.AddSingleton<KotlinCompilationService>();
 builder.Services.AddSingleton<KotlinCompilationServiceIsolate>();
-
-builder.Services.AddSingleton<CSharpCompilationService>();
 builder.Services.AddSingleton<CSharpCompilationServiceIsolate>();
-
-builder.Services.AddSingleton<PythonCompilationService>();
 builder.Services.AddSingleton<PythonCompilationServiceIsolate>();
-
 builder.Services.AddSingleton<ICompilationServiceFactory, CompilationServiceFactory>();

-// Register execution services
-// Always register both standard and isolate versions
-builder.Services.AddSingleton<CppExecutionService>();
+// Register Isolate execution services
 builder.Services.AddSingleton<CppExecutionServiceIsolate>();
-
-builder.Services.AddSingleton<JavaExecutionService>();
 builder.Services.AddSingleton<JavaExecutionServiceIsolate>();
-
-builder.Services.AddSingleton<KotlinExecutionService>();
 builder.Services.AddSingleton<KotlinExecutionServiceIsolate>();
-
-builder.Services.AddSingleton<CSharpExecutionService>();
 builder.Services.AddSingleton<CSharpExecutionServiceIsolate>();
-
-builder.Services.AddSingleton<PythonExecutionService>();
 builder.Services.AddSingleton<PythonExecutionServiceIsolate>();
-
 builder.Services.AddSingleton<IExecutionServiceFactory, ExecutionServiceFactory>();

 // Register testing service
--- a/src/LiquidCode.Tester.Worker/Services/CompilationServiceFactory.cs
+++ b/src/LiquidCode.Tester.Worker/Services/CompilationServiceFactory.cs
@@ -1,56 +1,36 @@
 namespace LiquidCode.Tester.Worker.Services;

+/// <summary>
+/// Factory for compilation services - always uses Isolate sandbox for security
+/// </summary>
 public class CompilationServiceFactory : ICompilationServiceFactory
 {
    private readonly IServiceProvider _serviceProvider;
-    private readonly IConfiguration _configuration;
    private readonly ILogger<CompilationServiceFactory> _logger;
-    private readonly bool _useIsolate;

    public CompilationServiceFactory(
        IServiceProvider serviceProvider,
-        IConfiguration configuration,
        ILogger<CompilationServiceFactory> logger)
    {
        _serviceProvider = serviceProvider;
-        _configuration = configuration;
        _logger = logger;
-        _useIsolate = configuration.GetValue<bool>("Isolate:Enabled", false);

-        if (_useIsolate)
-        {
-            _logger.LogInformation("Isolate sandbox is ENABLED for compilation");
-        }
-        else
-        {
-            _logger.LogWarning("Isolate sandbox is DISABLED for compilation - using standard compilation (NOT SECURE for production!)");
-        }
+        _logger.LogInformation("Compilation services configured to use Isolate sandbox");
    }

    public ICompilationService GetCompilationService(string language)
    {
        var normalizedLanguage = language.ToLowerInvariant().Replace(" ", "");

-        _logger.LogInformation("Getting compilation service for language: {Language} (Isolate: {UseIsolate})",
-            normalizedLanguage, _useIsolate);
+        _logger.LogDebug("Getting Isolate compilation service for language: {Language}", normalizedLanguage);

        return normalizedLanguage switch
        {
-            "c++" or "cpp" => _useIsolate
-                ? _serviceProvider.GetRequiredService<CppCompilationServiceIsolate>()
-                : _serviceProvider.GetRequiredService<CppCompilationService>(),
-            "java" => _useIsolate
-                ? _serviceProvider.GetRequiredService<JavaCompilationServiceIsolate>()
-                : _serviceProvider.GetRequiredService<JavaCompilationService>(),
-            "kotlin" => _useIsolate
-                ? _serviceProvider.GetRequiredService<KotlinCompilationServiceIsolate>()
-                : _serviceProvider.GetRequiredService<KotlinCompilationService>(),
-            "c#" or "csharp" => _useIsolate
-                ? _serviceProvider.GetRequiredService<CSharpCompilationServiceIsolate>()
-                : _serviceProvider.GetRequiredService<CSharpCompilationService>(),
-            "python" => _useIsolate
-                ? _serviceProvider.GetRequiredService<PythonCompilationServiceIsolate>()
-                : _serviceProvider.GetRequiredService<PythonCompilationService>(),
+            "c++" or "cpp" => _serviceProvider.GetRequiredService<CppCompilationServiceIsolate>(),
+            "java" => _serviceProvider.GetRequiredService<JavaCompilationServiceIsolate>(),
+            "kotlin" => _serviceProvider.GetRequiredService<KotlinCompilationServiceIsolate>(),
+            "c#" or "csharp" => _serviceProvider.GetRequiredService<CSharpCompilationServiceIsolate>(),
+            "python" => _serviceProvider.GetRequiredService<PythonCompilationServiceIsolate>(),
            _ => throw new NotSupportedException($"Language '{language}' is not supported")
        };
    }
--- a/src/LiquidCode.Tester.Worker/Services/CppCompilationServiceIsolate.cs
+++ b/src/LiquidCode.Tester.Worker/Services/CppCompilationServiceIsolate.cs
@@ -42,7 +42,7 @@ public class CppCompilationServiceIsolate : ICompilationService
        try
        {
            await File.WriteAllTextAsync(sourceFilePath, sourceCode);
-            return await CompileFileInIsolateAsync(sourceFilePath, executablePath, version);
+            return await CompileFileAsync(sourceFilePath, executablePath, version);
        }
        catch (Exception ex)
        {
@@ -55,10 +55,15 @@ public class CppCompilationServiceIsolate : ICompilationService
        }
    }

-    private async Task<CompilationResult> CompileFileInIsolateAsync(
+    /// <summary>
+    /// Compile a C++ source file to an executable using Isolate sandbox
+    /// </summary>
+    public async Task<CompilationResult> CompileFileAsync(
        string sourceFilePath,
        string outputExecutablePath,
-        string? version = null)
+        string? version = null,
+        IEnumerable<string>? includeDirectories = null,
+        IEnumerable<string>? additionalFlags = null)
    {
        int boxId = -1;

@@ -75,8 +80,8 @@ public class CppCompilationServiceIsolate : ICompilationService
            var boxDir = $"/var/local/lib/isolate/{boxId}/box";
            var sourceFileName = Path.GetFileName(sourceFilePath);
            var boxSourcePath = Path.Combine(boxDir, sourceFileName);
-            var boxOutputName = "solution";
-            var boxOutputPath = Path.Combine(boxDir, boxOutputName);
+            var outputFileName = Path.GetFileName(outputExecutablePath);
+            var boxOutputPath = Path.Combine(boxDir, outputFileName);

            File.Copy(sourceFilePath, boxSourcePath, overwrite: true);

@@ -86,9 +91,28 @@ public class CppCompilationServiceIsolate : ICompilationService

            // Build compiler arguments
            var arguments = new List<string>(compilerFlags);
+
+            // Add include directories
+            if (includeDirectories != null)
+            {
+                foreach (var includeDir in includeDirectories.Where(d => !string.IsNullOrWhiteSpace(d)))
+                {
+                    arguments.Add($"-I{includeDir}");
+                }
+            }
+
+            // Add additional flags
+            if (additionalFlags != null)
+            {
+                foreach (var flag in additionalFlags.Where(f => !string.IsNullOrWhiteSpace(f)))
+                {
+                    arguments.Add(flag);
+                }
+            }
+
            arguments.Add($"/box/{sourceFileName}");
            arguments.Add("-o");
-            arguments.Add($"/box/{boxOutputName}");
+            arguments.Add($"/box/{outputFileName}");

            // Prepare stderr output file for compiler messages
            var stderrFilePath = Path.Combine(boxDir, "compile_stderr.txt");
--- a/src/LiquidCode.Tester.Worker/Services/ExecutionServiceFactory.cs
+++ b/src/LiquidCode.Tester.Worker/Services/ExecutionServiceFactory.cs
@@ -1,56 +1,36 @@
 namespace LiquidCode.Tester.Worker.Services;

+/// <summary>
+/// Factory for execution services - always uses Isolate sandbox for security
+/// </summary>
 public class ExecutionServiceFactory : IExecutionServiceFactory
 {
    private readonly IServiceProvider _serviceProvider;
-    private readonly IConfiguration _configuration;
    private readonly ILogger<ExecutionServiceFactory> _logger;
-    private readonly bool _useIsolate;

    public ExecutionServiceFactory(
        IServiceProvider serviceProvider,
-        IConfiguration configuration,
        ILogger<ExecutionServiceFactory> logger)
    {
        _serviceProvider = serviceProvider;
-        _configuration = configuration;
        _logger = logger;
-        _useIsolate = configuration.GetValue<bool>("Isolate:Enabled", false);

-        if (_useIsolate)
-        {
-            _logger.LogInformation("Isolate sandbox is ENABLED for code execution");
-        }
-        else
-        {
-            _logger.LogWarning("Isolate sandbox is DISABLED - using standard execution (NOT SECURE for production!)");
-        }
+        _logger.LogInformation("Execution services configured to use Isolate sandbox");
    }

    public IExecutionService GetExecutionService(string language)
    {
        var normalizedLanguage = language.ToLowerInvariant().Replace(" ", "");

-        _logger.LogInformation("Getting execution service for language: {Language} (Isolate: {UseIsolate})",
-            normalizedLanguage, _useIsolate);
+        _logger.LogDebug("Getting Isolate execution service for language: {Language}", normalizedLanguage);

        return normalizedLanguage switch
        {
-            "c++" or "cpp" => _useIsolate
-                ? _serviceProvider.GetRequiredService<CppExecutionServiceIsolate>()
-                : _serviceProvider.GetRequiredService<CppExecutionService>(),
-            "java" => _useIsolate
-                ? _serviceProvider.GetRequiredService<JavaExecutionServiceIsolate>()
-                : _serviceProvider.GetRequiredService<JavaExecutionService>(),
-            "kotlin" => _useIsolate
-                ? _serviceProvider.GetRequiredService<KotlinExecutionServiceIsolate>()
-                : _serviceProvider.GetRequiredService<KotlinExecutionService>(),
-            "c#" or "csharp" => _useIsolate
-                ? _serviceProvider.GetRequiredService<CSharpExecutionServiceIsolate>()
-                : _serviceProvider.GetRequiredService<CSharpExecutionService>(),
-            "python" => _useIsolate
-                ? _serviceProvider.GetRequiredService<PythonExecutionServiceIsolate>()
-                : _serviceProvider.GetRequiredService<PythonExecutionService>(),
+            "c++" or "cpp" => _serviceProvider.GetRequiredService<CppExecutionServiceIsolate>(),
+            "java" => _serviceProvider.GetRequiredService<JavaExecutionServiceIsolate>(),
+            "kotlin" => _serviceProvider.GetRequiredService<KotlinExecutionServiceIsolate>(),
+            "c#" or "csharp" => _serviceProvider.GetRequiredService<CSharpExecutionServiceIsolate>(),
+            "python" => _serviceProvider.GetRequiredService<PythonExecutionServiceIsolate>(),
            _ => throw new NotSupportedException($"Language '{language}' is not supported")
        };
    }
--- a/src/LiquidCode.Tester.Worker/Services/OutputCheckerService.cs
+++ b/src/LiquidCode.Tester.Worker/Services/OutputCheckerService.cs
@@ -1,27 +1,21 @@
 namespace LiquidCode.Tester.Worker.Services;

+/// <summary>
+/// Output checker service - always uses Isolate sandbox for checker execution
+/// </summary>
 public class OutputCheckerService : IOutputCheckerService
 {
    private readonly ILogger<OutputCheckerService> _logger;
-    private readonly CheckerService _checkerService;
-    private readonly CheckerServiceIsolate _checkerServiceIsolate;
-    private readonly bool _useIsolate;
+    private readonly CheckerServiceIsolate _checkerService;

    public OutputCheckerService(
        ILogger<OutputCheckerService> logger,
-        CheckerService checkerService,
-        CheckerServiceIsolate checkerServiceIsolate,
-        IConfiguration configuration)
+        CheckerServiceIsolate checkerService)
    {
        _logger = logger;
        _checkerService = checkerService;
-        _checkerServiceIsolate = checkerServiceIsolate;
-        _useIsolate = configuration.GetValue<bool>("Isolate:Enabled", false);

-        if (_useIsolate)
-        {
-            _logger.LogInformation("Using Isolate sandbox for checker execution");
-        }
+        _logger.LogInformation("Checker service configured to use Isolate sandbox");
    }

    public async Task<bool> CheckOutputAsync(string actualOutput, string expectedOutputPath)
@@ -82,12 +76,10 @@ public class OutputCheckerService : IOutputCheckerService
        // If custom checker is available, use it
        if (!string.IsNullOrEmpty(checkerPath) && File.Exists(checkerPath))
        {
-            _logger.LogDebug("Using custom checker: {CheckerPath} (Isolate: {UseIsolate})",
-                checkerPath, _useIsolate);
+            _logger.LogDebug("Using custom checker in Isolate: {CheckerPath}", checkerPath);

-            var checkerResult = _useIsolate
-                ? await _checkerServiceIsolate.CheckAsync(checkerPath, inputFilePath, actualOutput, expectedOutputPath)
-                : await _checkerService.CheckAsync(checkerPath, inputFilePath, actualOutput, expectedOutputPath);
+            var checkerResult = await _checkerService.CheckAsync(
+                checkerPath, inputFilePath, actualOutput, expectedOutputPath);

            if (!checkerResult.Accepted)
            {
--- a/src/LiquidCode.Tester.Worker/Services/PackageParserService.cs
+++ b/src/LiquidCode.Tester.Worker/Services/PackageParserService.cs
@@ -14,13 +14,13 @@ public class PackageParserService : IPackageParserService
    private readonly ILogger<PackageParserService> _logger;
    private readonly PolygonProblemXmlParser _polygonParser;
    private readonly AnswerGenerationService _answerGenerator;
-    private readonly CppCompilationService _cppCompilation;
+    private readonly CppCompilationServiceIsolate _cppCompilation;

    public PackageParserService(
        ILogger<PackageParserService> logger,
        PolygonProblemXmlParser polygonParser,
        AnswerGenerationService answerGenerator,
-        CppCompilationService cppCompilation)
+        CppCompilationServiceIsolate cppCompilation)
    {
        _logger = logger;
        _polygonParser = polygonParser;
--- a/src/LiquidCode.Tester.Worker/appsettings.json
+++ b/src/LiquidCode.Tester.Worker/appsettings.json
@@ -7,7 +7,6 @@
  },
  "AllowedHosts": "*",
  "Isolate": {
-    "Enabled": true,
    "MaxBoxes": 100
  },
  "Cpp": {
@@ -76,6 +75,7 @@
  },
  "Python": {
    "Executable": "python3",
+    "ValidateSyntax": true,
    "Versions": {
      "3.8": {
        "Executable": "python3.8"