Be extra sure that no forbidden files are hanging around.

giomasce · giomasce · commit 74999248571e · 2015-01-07T00:06:30.000+01:00
Hopefully this is not strictly required, but it is better to avoid
a blank catch-all except clause when dealing with security details.

The test may fail for example if the program manages to make the
directory not writable by the user running CMS. In this case the
removal fails, but CMS ignores it. I do not know if this could
happen now, but in line of principle it may happen in the future
if we change the owner model without remembering of this snippet.
diff --git a/cms/grading/tasktypes/Batch.py b/cms/grading/tasktypes/Batch.py
@@ -2,7 +2,7 @@
 # -*- coding: utf-8 -*-
 
 # Contest Management System - http://cms-dev.github.io/
-# Copyright © 2010-2014 Giovanni Mascellani <mascellani@poisson.phc.unipi.it>
+# Copyright © 2010-2015 Giovanni Mascellani <mascellani@poisson.phc.unipi.it>
 # Copyright © 2010-2014 Stefano Maggiolo <s.maggiolo@gmail.com>
 # Copyright © 2010-2012 Matteo Boscariol <boscarim@hotmail.com>
 # Copyright © 2012-2014 Luca Wehrstedt <luca.wehrstedt@gmail.com>
@@ -342,7 +342,10 @@ def evaluate(self, job, file_cacher):
                             try:
                                 sandbox.remove_file(input_filename)
                             except OSError as e:
-                                pass
+                                # Let us be extra sure that the file
+                                # was actually removed and we did not
+                                # mess up with permissions.
+                                assert not sandbox.file_exists(input_filename)
                             sandbox.create_file_from_storage(
                                 input_filename,
                                 job.input)
