rbx.cp 0.5.73__py3-none-any.whl → 0.6.1__py3-none-any.whl

rbx/resources/packagers/boca/safeexec.c

@@ -0,0 +1,530 @@
+/*
+ safeexec
+ Executar um comando num ambiente protegido
+ pbv, 1999-2000
+ alterado por cassio@ime.usp.br 2003-2011
+
+ THIS PROGRAM HAS TO BE INSTALLED WITH SETUID ROOT TO HAVE ALL FUNCTIONS WORKING
+ $ gcc -Wall -o safeexec safeexec.c
+ $ chown root.root safeexec
+ $ chmod 4555 safeexec
+*/
+#include <stdlib.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <unistd.h>
+#include <glob.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/wait.h>
+#include <sys/resource.h>
+#include <signal.h>
+#include <time.h>
+
+#include <string.h>
+#include <errno.h>
+
+/* tempo de erro entre o sinal e o estouro no caso de time-limit */
+#define EPSILON 0.01
+
+#define KBYTE 1024
+#define MBYTE  (KBYTE*KBYTE)
+
+pid_t child_pid;          /* pid of the child process */
+
+double cpu_timeoutdouble = 5.0;
+struct rlimit cpu_timeout = {5,5};    		/* max cpu time (seconds) */
+struct rlimit max_nofile = {64,64};    		/* max number of open files */
+struct rlimit max_fsize = {128*MBYTE,128*MBYTE};    /* max filesize */
+
+struct rlimit max_data  = {128*MBYTE, 128*MBYTE};     /* max data segment size */
+struct rlimit max_core  = {0, 0};                 /* max core file size */
+struct rlimit max_rss   = {128*MBYTE, 128*MBYTE};     /* max resident set size */
+
+struct rlimit max_processes = {64,64}; /* max number of processes */
+
+
+int real_timeout = 30;                 /* max real time (seconds) */
+
+int dochroot = 0, st=1;
+int nruns = 1;
+int allproc;
+int killallproc;
+int bequiet;
+int checknchild;
+int user, group;
+int process_group = 0;
+const char vers[] = "1.5.1";
+
+#define BUFFSIZE 256
+char curdir[BUFFSIZE], rootdir[BUFFSIZE], saida[BUFFSIZE], entrada[BUFFSIZE], erro[BUFFSIZE];
+
+struct Proc {
+	int uid, pid, ppid, gid, group;
+	unsigned long utime, stime;
+	long cutime, cstime;
+	unsigned long starttime;
+	unsigned long vsize;
+	long rss;
+    long resident, share, text, lib, data;
+};
+
+unsigned int getprocs(pid_t ppid, pid_t ppid2, int userid, int groupid, int *nchild, struct Proc **Pr);
+
+void exitandkill(int ret) {
+	if(killallproc) {
+		if(!bequiet)
+			fprintf(stderr,"safeexec: killing all recent processes from this user/group to avoid possible malicious code... use -K if you don't want this\n");
+		struct Proc *P;
+		unsigned n;
+		int nchild, i;
+		if((n = getprocs(child_pid,getpid(),user,group,&nchild,&P)) > 0) {
+			for(i = 0; i < n; i++) {
+				if(!bequiet)
+					fprintf(stderr,"safeexec: killing processes pid=%d\n", P[i].pid);
+				kill(P[i].pid,9);   /* kill children and all processes with userid/groupid that started after us if instructed to do so */
+			}		
+		}
+	}
+	switch(ret) {
+		case 8: fprintf(stderr,"safeexec: security threat because strange processes\n"); break;
+		case 7: fprintf(stderr,"safeexec: memory limit exceeded\n"); break;
+		case 5: fprintf(stderr,"safeexec: parameter problem\n"); break;
+		case 6:
+		case 4: fprintf(stderr,"safeexec: ERROR! internal error\n"); break;
+		case 3: fprintf(stderr,"safeexec: time limit exceeded\n"); break;
+		case 2: fprintf(stderr,"safeexec: runtime error\n"); break;
+		case 9: fprintf(stderr,"safeexec: runtime error\n"); break;
+	}
+	exit(ret);
+}
+
+unsigned int getprocs(pid_t ppid, pid_t ppid2, int userid, int groupid, int *nchild, struct Proc **Pr) {
+	const int SIZE=10000;
+	char a[SIZE], b[SIZE];
+	unsigned long pidtime=0;
+	glob_t globbuf;
+	unsigned int i, j, k, ki, oldi, n;
+	FILE *tn;
+	struct stat sstat;
+	struct Proc *P, Ptmp;
+  
+	glob("/proc/[0-9]*", GLOB_NOSORT, NULL, &globbuf);
+  
+	P = calloc(globbuf.gl_pathc, sizeof(struct Proc));
+	if (P == NULL) {
+		if(!bequiet) fprintf(stderr,"safeexec: problem with malloc");
+		exitandkill(4);
+	}
+	*Pr = P;
+  
+	for (i = j = 0; i < globbuf.gl_pathc; i++) {
+		snprintf(a, sizeof(a)-1, "%s%s",
+				 globbuf.gl_pathv[globbuf.gl_pathc - i - 1], "/stat");
+		snprintf(b, sizeof(b)-1, "%s%s",
+				 globbuf.gl_pathv[globbuf.gl_pathc - i - 1], "/statm");
+#ifdef DEBUG
+		fprintf(stderr,"[opening %s and %s]\n", a,b);
+#endif
+		tn = fopen(b, "r");
+		if (tn == NULL) continue; /* process vanished since glob() */
+		n = fread(b, 1, SIZE, tn);
+		fclose(tn);
+		tn = fopen(a, "r");
+		if (tn == NULL) continue; /* process vanished since glob() */
+		n = fread(a, 1, SIZE, tn);
+		fstat(fileno(tn), &sstat);
+		P[j].uid = sstat.st_uid;
+		P[j].gid = sstat.st_gid;
+		fclose(tn);
+
+		sscanf(a, "%d %*s %*s %d %d %*s %*s %*s %*s %*s %*s %*s %*s %lu %lu %ld %ld %*s %*s %*s %*s %lu %lu %ld", 
+			   &P[j].pid,&P[j].ppid,&P[j].group,&P[j].utime,&P[j].stime,&P[j].cutime,&P[j].cstime,&P[j].starttime,&P[j].vsize,&P[j].rss);
+		sscanf(b, "%*s %ld %ld %ld %ld %ld", 
+			   &P[j].resident,&P[j].share,&P[j].text,&P[j].lib,&P[j].data);
+		if(P[j].pid == ppid2) pidtime = P[j].starttime;
+#ifdef DEBUG
+		fprintf(stderr,"[check %d,%d,%d,%ld]", P[j].pid, P[j].ppid, P[j].gid, P[j].rss);
+#endif
+		j++;
+	}
+
+	i = 0;
+	oldi = 1;
+	*nchild = 0;
+	while(i != oldi) {
+		oldi = i;
+		for(k = i; k < j; ++k) {
+			if(P[k].pid != ppid) {
+				for(ki = 0; ki < i; ++ki)
+					if(P[k].ppid == P[ki].pid) {
+						break;
+					}
+				if(ki >= i) {
+					continue;
+				}
+			}
+			Ptmp = P[i];
+			P[i] = P[k];
+			P[k] = Ptmp;
+			++i;
+		}
+	}
+	*nchild = i;
+	while(i < j) {
+		if(P[i].uid != userid || P[i].gid != groupid || P[i].starttime < pidtime || P[i].pid==ppid2) {
+			P[i] = P[--j];
+		} else {
+			if(!bequiet)
+				fprintf(stderr,"safeexec: process %d has user %d, group %d, time %lu, which is suspicious\n",P[i].pid,userid,groupid,P[i].starttime);
+			i++;
+		}
+	}
+	globfree(&globbuf);
+	return i;
+}
+
+int testsystem(pid_t p, pid_t pp, int userid, int groupid, double memlim, double rsslim) {
+	struct rusage uso;
+	getrusage(RUSAGE_CHILDREN, &uso);
+	double mem1=0., mem2=0.;
+	struct Proc *P;
+	unsigned n, i;
+	int ret = 1, nchild;
+	n = getprocs(p,pp,userid,groupid,&nchild,&P);
+	if(checknchild) {
+		if(nchild != n) {
+			if(!bequiet) {
+				fprintf(stderr,"\nsafeexec: %d children of this user/group, but list has %d processes (who are the others?).\n",nchild,n);
+				fprintf(stderr,"safeexec: detached children found! Aborting because of possible malicious code... use -a if you don't want this\n");
+			}
+			exitandkill(8);
+		}
+	}
+	if(n > 0) {
+		for(i = 0; i < n; i++) {
+#ifdef DEBUG
+			fprintf(stderr,"\ndata+stack:%ld, rss:%ld, exe:%ld\n", P[i].data,P[i].rss,P[i].lib+P[i].text+P[i].share); 
+#endif
+			mem2 += (P[i].lib+P[i].text+P[i].share+P[i].data)*getpagesize(); // in pages
+			mem1 += P[i].rss*getpagesize();
+		}
+#ifdef DEBUG
+		fprintf(stderr,"\nTOTAL rss:%lf, data+stack+exe:%lf\n", mem1, mem2); 
+#endif
+		if(mem2 > memlim || mem1 > rsslim) {
+			if(!bequiet)
+				fprintf(stderr,"\nsafeexec: memory limit exceeded\n");
+			exitandkill(7);
+		}
+		if(nchild == 0) ret = 2;
+	} else {
+		mem1 = ((uso.ru_maxrss+uso.ru_ixrss+uso.ru_idrss+uso.ru_isrss));
+//		fprintf(stderr,"WARNING: controlling only waited-for children! Security issues here if code is not trustful...\n");
+		if(mem1 > memlim) {
+			if(!bequiet)
+				fprintf(stderr,"\nsafeexec: memory limit exceeded of %lfMB\n",memlim/1048576.);
+			exitandkill(7);
+		}
+		ret = 0;
+	}
+	free(P);
+	return ret;
+}
+
+char timekill=0;
+
+/* alarm handler */
+void handle_alarm(int sig) {
+	static int iter=0;
+#ifdef DEBUG
+	fprintf(stderr,"parent alarmed\n");
+#endif
+	testsystem(child_pid,getpid(),allproc?user:-1,allproc?group:-1,max_data.rlim_max,max_rss.rlim_max);
+	if(++iter >= real_timeout) {
+		if(!bequiet)
+			fprintf(stderr, "safeexec: timed-out (realtime) after %d seconds\n", real_timeout);
+		fflush(stderr);
+		timekill=1;
+		kill(child_pid,9);   /* kill child */
+		exitandkill(3);
+	}
+	alarm(1);   /* set alarm and wait for child execution */
+}
+
+void handle_term(int sig) {
+  fprintf(stderr, "safeexec: received SIGTERM\n");
+	kill(child_pid,9);
+}
+
+
+void usage(int argc, char **argv) {
+  fprintf(stderr, "safeexec version %s\nusage: %s [ options ] cmd [ arg1 arg2 ... ]\n", vers, argv[0]);
+  fprintf(stderr, "available options are:\n");
+  fprintf(stderr, "\t-c <max core file size> (default: %d)\n", 
+	  (int) max_core.rlim_max);
+  fprintf(stderr, "\t-f <max file size> (default: %d kbytes)\n", 
+		  (int) (max_fsize.rlim_max/1024.));
+  fprintf(stderr, "\t-F <max number of files> (default: %d)\n", 
+	  (int) max_nofile.rlim_max);
+  fprintf(stderr, "\t-d <max process memory> (default: %d kbytes)\n",
+		  (int) (max_data.rlim_max/1024.));
+  fprintf(stderr, "\t-m <max process resident memory> (default: %d kbytes)\n",
+		  (int) (max_rss.rlim_max/1024.));
+  fprintf(stderr, "\t-u <max number of child procs> (default: %d)\n",
+	  (int) max_processes.rlim_max);
+  fprintf(stderr, "\t-t <max cpu time> (default: %d secs)\n",
+	  (int) cpu_timeout.rlim_max);
+  fprintf(stderr, "\t-T <max real time> (default: %d secs)\n",
+	  (int) real_timeout);
+  fprintf(stderr, "\t-C <actual directory> (default: cwd)\n");
+  fprintf(stderr, "\t-R <root directory> (default: none)\n");
+  fprintf(stderr, "\t-n <chroot it?> (default: %d)\n", dochroot);
+  fprintf(stderr, "\t-r <number of runs?> (default: %d)\n", nruns);
+  fprintf(stderr, "\t-i <standard input file> (default: not defined)\n");
+  fprintf(stderr, "\t-o <standard output file> (default: not defined)\n");
+  fprintf(stderr, "\t-e <standard error file> (default: not defined)\n");
+  fprintf(stderr, "\t-U <user id> (default: %d)\n", user);
+  fprintf(stderr, "\t-G <group id> (default: %d)\n", group);
+  fprintf(stderr, "\t-p <show spent time?> (default: %d)\n", st);
+  fprintf(stderr, "\t-a disable checking all processes (look only to the non-detached children) (default %s)\n", allproc?"enabled":"disabled");
+  fprintf(stderr, "\t-s disable checking existence of detached children (default %s)\n", checknchild?"enabled":"disabled");
+  fprintf(stderr, "\t-K disable killing all processes with user/group id after us (default %s)\n", killallproc?"enabled":"disabled");
+  fprintf(stderr, "\t-q be quiet (default %s)\n", bequiet?"enabled":"disabled");
+/*******
+Note that currently Linux does not support strong memory usage limits, so we have
+to enforce it by checking the amount of memory periodically
+********/
+}
+
+int main(int argc, char **argv) { 
+  int status, opt, ret=0;
+  time_t ini;
+  int currun = 0;
+  struct stat sstat;
+  double dt;
+  setvbuf(stderr, NULL, _IONBF, 0);
+  entrada[0] = saida[0] = erro[0] = rootdir[0] = curdir[0] = 0;
+  user = group = -1;
+  allproc = 1;
+  checknchild=1;
+  killallproc=1;
+  bequiet=0;
+
+  if(argc>1 && !strcmp("--help", argv[1])) {
+    usage(argc,argv);
+    exit(5);
+  }
+
+  /* parse command-line options */
+  getcwd(curdir, BUFFSIZE);  /* default: use cwd as rootdir */
+  while( (opt=getopt(argc,argv,"qKar:c:d:m:f:F:t:T:u:n:i:o:e:C:R:G:U:p:s:g")) != -1 ) {
+    switch(opt) {
+		case 'q': bequiet=1;
+			break;
+		case 'a': allproc=0;
+			break;
+		case 'K': killallproc=0;
+			break;
+		case 's':
+			checknchild=0;
+			break;
+    case 'c': max_core.rlim_max = max_core.rlim_cur = atoi(optarg);
+      break;
+    case 'f': max_fsize.rlim_max = max_fsize.rlim_cur = KBYTE*atoi(optarg);
+      break;
+    case 'F': max_nofile.rlim_max = max_nofile.rlim_cur = atoi(optarg);
+      break;
+    case 'd': max_data.rlim_max = max_data.rlim_cur = KBYTE*atoi(optarg);
+      break;
+    case 'm': max_rss.rlim_max = max_rss.rlim_cur = KBYTE*atoi(optarg);
+      break;
+		case 't': cpu_timeout.rlim_max = cpu_timeout.rlim_cur = 1 + ((int) atof(optarg));
+		cpu_timeoutdouble = atof(optarg);
+      break;
+    case 'T': real_timeout = atoi(optarg);
+      break;
+    case 'u': max_processes.rlim_max = max_processes.rlim_cur = atoi(optarg);
+      break;
+    case 'U': user = atoi(optarg);
+      break;
+    case 'r': nruns = atoi(optarg);
+      break;
+    case 'G': group = atoi(optarg);
+      break;
+    case 'R': strncpy(rootdir, optarg, 255);  /* root directory */
+              rootdir[255]=0;
+      break;
+	case 'C': strncpy(curdir, optarg, 255);  /* root directory */
+              curdir[255]=0;
+      break;
+    case 'i': strncpy(entrada, optarg, 255);
+              entrada[255]=0;
+      break;
+    case 'o': strncpy(saida, optarg, 255);
+              saida[255]=0;
+      break;
+    case 'e': strncpy(erro, optarg, 255);
+              erro[255]=0;
+      break;
+    case 'n': dochroot = atoi(optarg);
+      break;
+    case 'p': st = atoi(optarg);
+      break;
+    case '?': usage(argc,argv);
+      exit(5);
+    }
+  }
+
+  if(optind >= argc) {  /* no more arguments */
+    usage(argc,argv);
+    exit(5);
+  }
+
+  if(dochroot && chroot(rootdir)) { 
+	  fprintf(stderr,"ERROR %s\n",strerror(errno));
+	  fprintf(stderr,"%s: unable to chroot to directory %s\n",
+			  argv[0], rootdir); 
+    exit(4); 
+  } 
+  /* change the root directory (ZP: and working dir, in not root)*/
+  if(curdir[0] && chdir(curdir)) { 
+	  fprintf(stderr,"ERROR %s\n",strerror(errno));
+	  fprintf(stderr,"%s: unable to change directory to %s\n",				  
+			  argv[0], curdir); 
+    exit(4); 
+  } 
+
+  stat(".", &sstat);
+  if(user == -1) {
+    user = (int) sstat.st_uid;
+	  if(!bequiet) {
+		  fprintf(stderr, "Security note: if the sub-code is not trustful, it shall be run with a different user from the one running safeexec.\
+Use -U and -G for that, but you might need to have root privilegies.\n");
+	  }
+  }
+  if(group == -1)
+    group = (int) sstat.st_gid;
+  if(user == 0 || group == 0) {
+	  fprintf(stderr, "ERROR: safeexec shall not be instructed to run the sub-code as root\n");
+	  exit(4);
+  }
+
+  time(&ini);
+  dt = 0.;
+//  int iter=0;
+ doagain:
+  if((child_pid=fork())) { 
+    struct rusage uso;
+    /* ------------------- parent process ----------------------------- */
+	if(currun == 0) {
+		setrlimit(RLIMIT_CORE, &max_core);
+	}
+    currun++;
+	if(!bequiet)
+		fprintf(stderr,"safeexec: starting the job. Parent controller has pid %d, child is %d...\n",getpid(),child_pid);
+	alarm(1);   /* set alarm and wait for child execution */
+	signal(SIGALRM, handle_alarm);
+  signal(SIGTERM, handle_term);
+	while(waitpid(child_pid, &status, 0) != child_pid) ;
+	if(timekill) exitandkill(3);
+
+	testsystem(child_pid,getpid(),allproc?user:-1,allproc?group:-1,max_data.rlim_max,max_rss.rlim_max);
+
+    getrusage(RUSAGE_CHILDREN, &uso);
+    dt = uso.ru_utime.tv_sec+(double)uso.ru_utime.tv_usec/1000000.0+
+      uso.ru_stime.tv_sec+(double)uso.ru_stime.tv_usec/1000000.0;
+//    printf("user runnning time: %.4lf\n",uso.ru_utime.tv_sec+(double)uso.ru_utime.tv_usec/1000000.0); 
+//    printf("system runnning time: %.4lf\n",uso.ru_stime.tv_sec+(double)uso.ru_stime.tv_usec/1000000.0); 
+//    printf("total runnning time: %.4lf\n",dt); 
+
+    if (dt >= cpu_timeoutdouble) {
+//      printf ("utsec=%d utusec=%d stsec=%d stusec=%d\n", uso.ru_utime.tv_sec, uso.ru_utime.tv_usec, uso.ru_stime.tv_sec, uso.ru_stime.tv_usec);
+		if(!bequiet)
+			fprintf(stderr, "safeexec: timed-out (cputime) after %.2lf seconds\n", cpu_timeoutdouble);
+		fflush(stderr);
+//      fprintf(stdout, "timed-out (cputime) after %d seconds\n", cpu_timeoutint);
+//      fflush(stdout);
+      exitandkill(3);
+    }
+
+    // check if child got an uncaught signal error & reproduce it in parent
+    if(WIFSIGNALED(status))  {
+		fprintf (stderr, "safeexec: RUN-TIME SIGNAL REPORTED BY THE PROGRAM %s: %d\n", argv[optind], WTERMSIG(status));
+      fflush(stderr);
+//      raise(WTERMSIG(status));
+      exitandkill(2);
+    }
+
+    if(WIFEXITED(status)) {
+		if(WEXITSTATUS(status)) {
+			ret = WEXITSTATUS(status)+10;
+			if(!bequiet) 
+				fprintf (stderr, "safeexec: PROGRAM EXITED WITH NONZERO CODE %s: %d\n",
+						 argv[optind], ret-10);
+		} else ret = 0;
+    } else {
+		fprintf (stderr, "safeexec: PROGRAM TERMINATED ABNORMALLY %s\n",
+				 argv[optind]);
+		exitandkill(9);
+    }
+
+    if(currun < nruns) goto doagain;
+
+    // otherwise just report the exit code:
+    if (st) fprintf (stderr, "safeexec: TOTAL TIME RUNNING %s: %u sec (%lf sec)\n", argv[optind], (unsigned int) (time(NULL)-ini), dt);
+    exitandkill(ret);
+  } else {
+    /* ------------------- child process ------------------------------ */
+#ifdef DEBUG
+	  fprintf(stderr,"child started\n");
+#endif
+	  /* change the group id to 'nobody' */
+	  if(setgid(group)<0) {
+		  fprintf(stderr,"ERROR %s\n",strerror(errno));
+		  fprintf(stderr, "%s: unable to change gid to %d\n", argv[0], group);
+		  exit(4);
+	  }
+	  /* change the user id to 'nobody' */
+	  if(setuid(user)<0) {
+		  fprintf(stderr,"ERROR %s\n",strerror(errno));
+		  fprintf(stderr, "%s: unable to change uid to %d\n", argv[0], user);
+		  exit(4);
+	  }
+  
+    if(currun==nruns-1) {
+    if (saida[0]) freopen(saida, "w", stdout);
+    if (erro[0]) freopen(erro, "w", stderr);
+    } else {
+      freopen("/dev/null", "w", stdout);
+      freopen("/dev/null", "w", stderr);
+    }
+    if (entrada[0]) freopen(entrada, "r", stdin);
+
+    /* attempt to change the hard limits */
+    /*******Note that currently Linux does not support memory usage limits********/
+
+	cpu_timeout.rlim_max+=1; cpu_timeout.rlim_cur+=1;
+
+    if( setrlimit(RLIMIT_CPU, &cpu_timeout) || 
+	setrlimit(RLIMIT_DATA, &max_data) ||
+	setrlimit(RLIMIT_STACK, &max_data) ||
+	setrlimit(RLIMIT_CORE, &max_core) ||
+	setrlimit(RLIMIT_RSS, &max_rss) ||
+	setrlimit(RLIMIT_FSIZE, &max_fsize) ||
+	setrlimit(RLIMIT_NOFILE, &max_nofile) ||
+	setrlimit(RLIMIT_NPROC, &max_processes) ) {
+      fprintf(stderr,"ERROR %s\n",strerror(errno));
+      fprintf(stderr, "%s: can't set hard limits\n", argv[0]);
+      exit(6);
+    }
+
+    /* attempt to exec the child process */
+    if(execv(argv[optind],&argv[optind]) < 0) {
+      fprintf(stderr,"ERROR %s\n",strerror(errno));
+      fprintf(stderr, "%s: unable to exec %s\n", argv[0], argv[optind]);
+      exit(6);
+    } 
+  }
+  return 0;
+}

rbx/resources/packagers/boca/safeexec_compile.sh

@@ -0,0 +1,49 @@
+### START OF SAFEEXEC COMPILATION
+CACHE_DIR="/tmp/boca-cache"
+mkdir -p $CACHE_DIR
+
+# Assumes testlib was added by checker
+SAFEEXEC_PATH="safeexec.c"
+SAFEEXEC_OUT="safeexec.exe"
+
+function LOG() {
+  echo "$*" >&2
+}
+
+# find compiler
+cc=$(which gcc)
+[ -x "$cc" ] || cc=/usr/bin/gcc
+if [ ! -x "$cc" ]; then
+  echo "$cc not found or it's not executable"
+  exit 47
+fi
+
+read -r -d '' SafeexecContent <<"EOF"
+{{safeexec_content}}
+EOF
+
+printf "%s" "${SafeexecContent}" >$SAFEEXEC_PATH
+
+safeexec_hash=($(md5sum $SAFEEXEC_PATH))
+safeexec_cache="$CACHE_DIR/safeexec-${safeexec_hash}"
+
+echo "Safeexec hash: $safeexec_hash"
+echo "Copying safeexec to $CDIR/$SAFEEXEC_OUT"
+if [ -f "$safeexec_cache" ]; then
+  echo "Recovering safeexec from cache: $safeexec_cache"
+  cp "$safeexec_cache" $SAFEEXEC_OUT -f
+else
+  echo "Compiling safeexec: $SAFEEXEC_PATH"
+  $cc -O2 $SAFEEXEC_PATH -o $SAFEEXEC_OUT
+
+  if [ $? -ne 0 ]; then
+    echo "Safeexec could not be compiled"
+    exit 47
+  fi
+
+  cp $SAFEEXEC_OUT "$safeexec_cache" -f
+fi
+
+chown root.root $SAFEEXEC_OUT
+chmod 4555 $SAFEEXEC_OUT
+### END OF SAFEEXEC COMPILATION

rbx/resources/presets/default/contest/contest.rbx.yml

@@ -1,14 +1,15 @@
 # Add problems by running `rbx contest add <problem-name> <short-name>`
 
 name: "new-contest"
-statements: 
-  - title: "New contest"
+statements:
+  - name: "statement-en"
+    title: "New contest"
     language: en
-    path: 'statement/contest.rbx.tex'
-    type: 'jinja-tex'
-    assets: ['statement/olymp.sty', 'statement/*.png']
-    joiner: {type: 'tex2pdf'}
+    path: "statement/contest.rbx.tex"
+    type: "jinja-tex"
+    assets: ["statement/olymp.sty", "statement/*.png"]
+    joiner: { type: "tex2pdf" }
     override:
       configure:
-        - type: 'rbx-tex'  # Convert rbxTeX to TeX
-          template: 'statement/template.rbx.tex'
+        - type: "rbx-tex" # Convert rbxTeX to TeX
+          template: "statement/template.rbx.tex"

rbx/resources/presets/default/problem/problem.rbx.yml

@@ -1,44 +1,56 @@
 # yaml-language-server: $schema=/home/rsalesc/.config/rbx/schemas/Package.json
 
-name: 'new-problem'
+name: "new-problem"
 timeLimit: 1000
 memoryLimit: 256
-checker: {path: 'wcmp.cpp'}  # Download others from testlib with `rbx download checker`
-validator: {path: 'validator.cpp'}
+checker: { path: "wcmp.cpp" } # Download others from testlib with `rbx download checker`
+validator: { path: "validator.cpp" }
 generators:
-  - path: 'gen.cpp'
-    name: 'gen'
+  - path: "gen.cpp"
+    name: "gen"
 testcases:
-  - name: 'samples'
-    testcaseGlob: 'tests/samples/*.in'  # Pattern for the sample inputs.
-  - name: 'random'
+  - name: "samples"
+    testcaseGlob: "tests/samples/*.in" # Pattern for the sample inputs.
+  - name: "random"
     generatorScript:
-      path: 'random.txt'  # Static generator script.
-  - name: 'program-random'
+      path: "random.txt" # Static generator script.
+  - name: "program-random"
     generatorScript:
-      path: 'random.py'  # Generator script written programatically.
+      path: "random.py" # Generator script written programatically.
 solutions:
-  - path: 'sols/main.cpp'
+  - path: "sols/main.cpp"
     outcome: ACCEPTED
-  - path: 'sols/wa.cpp'
+  - path: "sols/wa.cpp"
     outcome: WRONG_ANSWER
-  - path: 'sols/slow.cpp'
-    outcome: TLE_OR_RTE  # Can be TLE too
+  - path: "sols/slow.cpp"
+    outcome: TLE_OR_RTE # Can be TLE too
 statements:
-  - title: 'New Problem'
-    path: 'statement/statement.rbx.tex'  # Open this file to edit your statement.
+  - name: "statement-en"
+    title: "New Problem"
+    path: "statement/statement.rbx.tex" # Open this file to edit your statement.
     type: rbxTeX
-    language: 'en'
-    assets: ['statement/olymp.sty', 'statement/*.png']
+    language: "en"
+    assets: ["statement/olymp.sty", "statement/*.png"]
     configure:
-      - type: 'rbx-tex'  # Convert rbxTeX to TeX
-        template: 'statement/template.rbx.tex'
+      - type: "rbx-tex" # Convert rbxTeX to TeX
+        template: "statement/template.rbx.tex"
 stresses:
-  - name: 'stress'
+  - name: "stress"
     generator:
-      name: 'gen'
-      args: '[1..<MAX_N>] @' # `@` generates a random string
-    finder: '[sols/wa.cpp] ~ INCORRECT'
+      name: "gen"
+      args: "[1..<MAX_N>] @" # `@` generates a random string
+    finder: "[sols/wa.cpp] ~ INCORRECT"
+unitTests:
+  validator:
+    - glob: "unit/validator/valid*.in"
+      outcome: "VALID"
+    - glob: "unit/validator/invalid*.in"
+      outcome: "INVALID"
+  checker:
+    - glob: "unit/checker/ac*"
+      outcome: "ACCEPTED"
+    - glob: "unit/checker/wa*"
+      outcome: "WRONG_ANSWER"
 vars:
-  "MAX_N": 1000000000  # Can be used in the validator, in stress tests and in the statement.
+  "MAX_N": 1000000000 # Can be used in the validator, in stress tests and in the statement.
 

rbx/resources/presets/default/problem/random.txt

@@ -1,2 +1,4 @@
 gen 123456
-gen 12345678
+gen 12345678
+# Obtained by running `rbx stress -g 'gen [1..<MAX_N>] @' -f '[sols/wa.cpp] ~ INCORRECT'`
+gen 149403982 b139a2bd