school-cheating/SEBPatch
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 5 Wiki Activity

Update Safe Exam Browser Patch to 3.10.0.826

Browse Source
This commit is contained in:
Vichingo455
2025-09-16 16:32:31 +02:00
parent 4827ae1afc
commit dd82d45ed8
320 changed files with 8445 additions and 5295 deletions
Download Patch File Download Diff File Expand all files Collapse all files

75
SafeExamBrowser.Browser/Integrations/EdxIntegration.cs Normal file
View File

@@ -0,0 +1,75 @@
/*
* Copyright (c) 2025 ETH Zürich, IT Services
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
using System;
using System.Linq;
using CefSharp;
using Newtonsoft.Json;
using Newtonsoft.Json.Linq;
using SafeExamBrowser.Logging.Contracts;
namespace SafeExamBrowser.Browser.Integrations
{
internal class EdxIntegration : Integration
{
private readonly ILogger logger;
public EdxIntegration(ILogger logger)
{
this.logger = logger;
}
internal override bool TrySearchUserIdentifier(Cookie cookie, out string userIdentifier)
{
userIdentifier = default;
return false;
}
internal override bool TrySearchUserIdentifier(IRequest request, IResponse response, out string userIdentifier)
{
var cookies = response.Headers.GetValues("Set-Cookie");
var userInfo = cookies?.FirstOrDefault(c => c.Contains("edx-user-info"));
userIdentifier = default;
if (TryParseCookie(userInfo, out var id) && HasChanged(id))
{
userIdentifier = id;
logger.Info($"User identifier '{id}' detected by session cookie on response.");
}
return userIdentifier != default;
}
private bool TryParseCookie(string userInfo, out string userIdentifier)
{
userIdentifier = default;
try
{
if (userInfo != default)
{
var start = userInfo.IndexOf("=") + 1;
var end = userInfo.IndexOf("; expires");
var cookie = userInfo.Substring(start, end - start);
var sanitized = cookie.Replace("\\\"", "\"").Replace("\\054", ",").Trim('"');
var json = JsonConvert.DeserializeObject(sanitized) as JObject;
userIdentifier = json["username"].Value<string>();
}
}
catch (Exception e)
{
logger.Error("Failed to parse user identifier!", e);
}
return userIdentifier != default;
}
}
}

47
SafeExamBrowser.Browser/Integrations/GenericIntegration.cs Normal file
View File

@@ -0,0 +1,47 @@
/*
* Copyright (c) 2025 ETH Zürich, IT Services
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
using System.Linq;
using CefSharp;
using SafeExamBrowser.Logging.Contracts;
namespace SafeExamBrowser.Browser.Integrations
{
internal class GenericIntegration : Integration
{
private readonly ILogger logger;
public GenericIntegration(ILogger logger)
{
this.logger = logger;
}
internal override bool TrySearchUserIdentifier(Cookie cookie, out string userIdentifier)
{
userIdentifier = default;
return false;
}
internal override bool TrySearchUserIdentifier(IRequest request, IResponse response, out string userIdentifier)
{
var ids = response.Headers.GetValues("X-LMS-USER-ID");
var id = ids?.FirstOrDefault();
userIdentifier = default;
if (HasChanged(id))
{
userIdentifier = id;
logger.Info($"User identifier '{id}' detected by header of response.");
}
return userIdentifier != default;
}
}
}

32
SafeExamBrowser.Browser/Integrations/Integration.cs Normal file
View File

@@ -0,0 +1,32 @@
/*
* Copyright (c) 2025 ETH Zürich, IT Services
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
using CefSharp;
namespace SafeExamBrowser.Browser.Integrations
{
internal abstract class Integration
{
private static string activeUserIdentifier;
internal abstract bool TrySearchUserIdentifier(Cookie cookie, out string userIdentifier);
internal abstract bool TrySearchUserIdentifier(IRequest request, IResponse response, out string userIdentifier);
protected bool HasChanged(string userIdentifier)
{
var current = activeUserIdentifier;
if (userIdentifier != default && activeUserIdentifier != userIdentifier)
{
activeUserIdentifier = userIdentifier;
}
return activeUserIdentifier != current;
}
}
}

226
SafeExamBrowser.Browser/Integrations/MoodleIntegration.cs Normal file
View File

@@ -0,0 +1,226 @@
/*
* Copyright (c) 2025 ETH Zürich, IT Services
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
using System;
using System.Linq;
using System.Net;
using System.Net.Http;
using CefSharp;
using SafeExamBrowser.Logging.Contracts;
using Cookie = CefSharp.Cookie;
namespace SafeExamBrowser.Browser.Integrations
{
internal class MoodleIntegration : Integration
{
private const string PLUGIN_PATH = "/mod/quiz/accessrule/sebserver/classes/external/user.php";
private const string SESSION_COOKIE_NAME = "MoodleSession";
private const string THEME_PATH = "/theme/boost_ethz/sebuser.php";
private readonly ILogger logger;
public MoodleIntegration(ILogger logger)
{
this.logger = logger;
}
internal override bool TrySearchUserIdentifier(Cookie cookie, out string userIdentifier)
{
return TrySearchByCookie(cookie, out userIdentifier);
}
internal override bool TrySearchUserIdentifier(IRequest request, IResponse response, out string userIdentifier)
{
var success = TrySearchByLocation(response, out userIdentifier);
if (!success)
{
success = TrySearchByRequests(request, response, out userIdentifier);
}
return success;
}
private bool TrySearchByCookie(Cookie cookie, out string userIdentifier)
{
var id = default(string);
var type = default(RequestType);
var isSession = cookie.Name.Contains(SESSION_COOKIE_NAME);
var url = $"{(cookie.Secure ? Uri.UriSchemeHttps : Uri.UriSchemeHttp)}{Uri.SchemeDelimiter}{cookie.Domain}{cookie.Path}";
var hasId = isSession && TryExecuteRequests(url, (cookie.Name, cookie.Value), out type, out id);
userIdentifier = default;
if (hasId && HasChanged(id))
{
userIdentifier = id;
logger.Info($"User identifier '{id}' detected by request on cookie traversal ({type}).");
}
return userIdentifier != default;
}
private bool TrySearchByLocation(IResponse response, out string userIdentifier)
{
var locations = response.Headers.GetValues("Location");
var location = locations?.FirstOrDefault(l => l.Contains("/login/index.php?testsession"));
userIdentifier = default;
if (TryParseLocation(location, out var id) && HasChanged(id))
{
userIdentifier = id;
logger.Info($"User identifier '{id}' detected by location header of response.");
}
return userIdentifier != default;
}
private bool TrySearchByRequests(IRequest request, IResponse response, out string userIdentifier)
{
var id = default(string);
var type = default(RequestType);
var cookies = response.Headers.GetValues("Set-Cookie");
var session = cookies?.FirstOrDefault(c => c.Contains(SESSION_COOKIE_NAME));
var hasCookie = TryParseCookie(session, out var cookie);
var hasId = hasCookie && TryExecuteRequests(request.Url, cookie, out type, out id);
userIdentifier = default;
if (hasId && HasChanged(id))
{
userIdentifier = id;
logger.Info($"User identifier '{id}' detected by request on response ({type}).");
}
return userIdentifier != default;
}
private bool TryExecuteRequests(string originUrl, (string name, string value) session, out RequestType requestType, out string userId)
{
var order = new[] { RequestType.Plugin, RequestType.Theme };
requestType = default;
userId = default;
foreach (var type in order)
{
try
{
var url = BuildUrl(originUrl, type);
using (var response = ExecuteRequest(url, session))
{
if (TryParseResponse(response, type, out var id))
{
requestType = type;
userId = id;
break;
}
}
}
catch (Exception e)
{
logger.Error($"Failed to execute user identifier request ({type})!", e);
}
}
return userId != default;
}
private string BuildUrl(string originUrl, RequestType type)
{
var uri = new Uri(originUrl);
var endpointUrl = $"{uri.Scheme}{Uri.SchemeDelimiter}{uri.Host}{(type == RequestType.Plugin ? PLUGIN_PATH : THEME_PATH)}";
return endpointUrl;
}
private HttpResponseMessage ExecuteRequest(string url, (string name, string value) session)
{
using (var message = new HttpRequestMessage(HttpMethod.Get, url))
using (var handler = new HttpClientHandler { UseCookies = false })
using (var client = new HttpClient(handler))
{
message.Headers.Add("Cookie", $"{session.name}={session.value}");
return client.SendAsync(message).GetAwaiter().GetResult();
}
}
private bool TryParseCookie(string session, out (string name, string value) cookie)
{
cookie = default;
try
{
if (session != default)
{
var start = session.IndexOf("=") + 1;
var end = session.IndexOf(";");
cookie.name = session.Substring(0, start - 1);
cookie.value = session.Substring(start, end - start);
}
}
catch (Exception e)
{
logger.Error("Failed to parse session cookie!", e);
}
return cookie.name != default && cookie.value != default;
}
private bool TryParseLocation(string location, out string userId)
{
userId = default;
try
{
if (location != default)
{
userId = location.Substring(location.IndexOf("=") + 1);
}
}
catch (Exception e)
{
logger.Error("Failed to parse location!", e);
}
return userId != default;
}
private bool TryParseResponse(HttpResponseMessage response, RequestType type, out string userId)
{
userId = default;
if (response.IsSuccessStatusCode)
{
var content = response.Content.ReadAsStringAsync().GetAwaiter().GetResult();
if (int.TryParse(content, out var id) && id > 0)
{
userId = content;
}
}
else if (response.StatusCode != HttpStatusCode.NotFound)
{
logger.Error($"Failed to retrieve user identifier by request ({type})! Response: {(int) response.StatusCode} {response.ReasonPhrase}");
}
return userId != default;
}
private enum RequestType
{
Plugin,
Theme
}
}
}