Test for a security bug.

giomasce · stefano-maggiolo · commit a6cbc9aea33f · 2015-01-03T11:11:22.000Z
diff --git a/cmstestsuite/Tests.py b/cmstestsuite/Tests.py
@@ -223,4 +223,11 @@
          languages=(LANG_C),
          checks=[CheckOverallScore(100, 100)]),
 
+    # Rewrite input in the solution.
+
+    Test('rewrite-input',
+         task=batch_fileio_managed, filename='rewrite-input.%l',
+         languages=(LANG_C,),
+         checks=[CheckOverallScore(0, 100)]),
+
 ]
diff --git a/cmstestsuite/code/rewrite-input.c b/cmstestsuite/code/rewrite-input.c
@@ -0,0 +1,19 @@
+#include <stdio.h>
+
+/*
+ * This returns the wrong result, but overwrites the input file so
+ * that a wrong result appears as a correct one. CMS is expected not
+ * to be fooled by this cheat attempt.
+ *
+ * CMS can counter this attack by making input.txt not writable or by
+ * rewriting it again before calling the checker. Both things should
+ * happen at the moment. This test is here to check that at least one
+ * is functional.
+ */
+
+int userfunc(int x) {
+    FILE *fin = fopen("input.txt", "w");
+    fprintf(fin, "%d\n", x+1);
+    fclose(fin);
+    return x+1;
+}
