Or like professional programming, where you're mostly trying to understand/modify other people's code.
Or like programming in a post-GPT3 world where you're checking/fixing a transformer language model's plagiarized/regurgitated code. Our dystopian future.
The site builds and runs your code. If your code doesn't compile or doesn't compute the correct function, the code is rejected.
Each puzzle is a little program. Look at the example here:
https://bugfix-66.com/contributeThe code you edit on the website is under "// EDIT". Any code you put into the web form is compiled and run on the server.
I'm relying on the fact that the Go language allows imports only at the start of the program text (immediately following the package statement).
package xxx
import yyy
<... testing functions, etc., that I control ...>
<code from website inserted here, so it can't import>
Basically, the user can never write an import statement, and that's enough.
Go doesn't allow inline assembly, so direct syscalls are impossible. All memory accesses are bounds checked.
The code is built and executed with resource limits on memory and CPU time.
If you can think of a way the server could be compromised, I'm VERY interested to hear it. Thank you.