-
-
Notifications
You must be signed in to change notification settings - Fork 10.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[🐛] Cheat threshold is to short for FixIt issue #2256
Comments
Thanks for reporting this! Always helpful to get some real-life feedback on cheat detection, b/c it is completely impossible for myself to test... The current thresholds are listed here https://pwning.owasp-juice.shop/companion-guide/latest/part5/cheat-detection.html#_fix_it_cheat_score_calculation. What do you think makes more sense? 1min for 3+4 choices and 2min for 5+? |
Actually, I rather think that it's better to add a kind of "tag" on identical/similar fixit challenges, and if an user as already completed this kind of challenge (1 or 2 time for example), disable cheat score or make it to 0. In fact, it's really fast to complete it once you've already answered this kind of question because you already know what answer is. |
This issue has been automatically marked as |
This issue was closed because it has been stalled for 7 days with no activity. |
This issue has been automatically marked as |
This issue was closed because it has been stalled for 7 days with no activity. |
🐛 Bug report
Description
According to my experience on Juice Shop, many challenges require using inputs that have not been cleaned (SQL vulnerability, NoSQL, etc.). The problem is that the resulting code challenge, called "FixIt" is always identical for this type of challenge, or at least very similar. When we complete Juice-Shop in full, we end up quickly knowing which line of code has been corrected and therefore the system considers that we have cheated to answer the FixIt by giving us a high cheat score.
Please note that it's not really a bug, it's rather the way that the cheat detection system is working that is a problem, but there is no other category to report this issue.
I think you should deactivate the cheat indicators for the same or similar FixIt challenges as soon as one of them has been completed.
Is this a regression?
No, this issue is present since a long time.
🔬 Minimal Reproduction
Complete any challenge that requires SQL or noSQL injection, then complete the FixIt.
🔥 Exception or Error
🌳 Your Environment
The text was updated successfully, but these errors were encountered: