-
-
Notifications
You must be signed in to change notification settings - Fork 24
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix plagiarism detection from evaluation #5957
Conversation
WalkthroughThe changes involve a modification to the JavaScript initialization of the Dolos button in the exercises progress table's HTML template. The Changes
Suggested reviewers
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
CodeRabbit Configuration File (
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 1
@@ -50,7 +50,7 @@ | |||
</a> | |||
<script> | |||
dodona.ready.then(() =>{ | |||
dodona.initDolosBtn('dolos-btn-<%= meta[:exercise].id %>', "<%= series_exports_path(@evaluation.series, token: (@evaluation.series.access_token if @evaluation.series.hidden?), selected_ids: [meta[:exercise].id], evaluation: true) %>", "<%= meta[:exercise].programming_language&.renderer_name %>"); | |||
dodona.initDolosBtn('dolos-btn-<%= meta[:exercise].id %>', "<%= raw series_exports_path(@evaluation.series, token: (@evaluation.series.access_token if @evaluation.series.hidden?), selected_ids: [meta[:exercise].id], evaluation: true) %>", "<%= meta[:exercise].programming_language&.renderer_name %>"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
💡 Codebase verification
Similar URL encoding patterns found - needs consistent fixes
The search results reveal that there are similar patterns of URL encoding in the codebase that should be handled consistently:
- In
submissions/index.html.erb
:
dodona.initDolosBtn("dolos-btn", "<%= series_exports_path(@series, token: (@series.access_token if @series.hidden?), selected_ids: [@activity.id]) %>", ...)
- In
visualizations/_punchcard.html.erb
and_heatmap.html.erb
:
dodona.initPunchcard('<%= raw punchcard_path(...) %>');
dodona.initHeatmap('<%= raw heatmap_path(...) %>');
The raw
helper is already being used correctly in the visualization templates, but missing in the submissions view's Dolos button initialization, which likely suffers from the same double-encoding issue.
submissions/index.html.erb
: Addraw
helper to prevent double encoding of the URL parameters
🔗 Analysis chain
LGTM! The fix appropriately prevents URL double encoding.
The use of raw
here is safe as all parameters are from trusted sources and properly escaped by Rails path helpers. This resolves the issue of URL parameters not being transmitted correctly to the backend.
Let's verify if there are other similar patterns that might need the same fix:
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash
# Description: Find similar patterns of JavaScript initialization with path helpers
# that might need the same fix to prevent double encoding
# Look for similar JavaScript initializations with path helpers
rg -g '*.erb' "dodona\.init.*Path.*\""
# Look for other potential URL encoding issues in JavaScript
ast-grep --pattern 'dodona.init$_($_, $_)'
Length of output: 84
Script:
#!/bin/bash
# Let's try a broader search to find similar patterns
# Look for all dodona.init calls in erb files
rg -g '*.erb' 'dodona\.init' -B 1 -A 1
# Look for series_exports_path usage
rg -g '*.erb' 'series_exports_path'
# Look for other potential raw usage with paths
rg -g '*.erb' 'raw.*_path'
Length of output: 13966
This pull request fixes the detect plagiarism button on the evaluations page.
The url being html encoded caused some parameters to not be passed properly to the backend