Earn extra honor and gain new allies!
Honor is earned for each new codewarrior who joins.
Learn more
  • 17554188?v=4

    You don't have a test for characters at the end of "Can someone explain" that aren't spaces, for example "Can someone explainable" may work in some people's code

  • 17554188?v=4

    So, how could someone use this and what should I do to stop this? Is this like require, so I'd do process.binding = null

  • 17554188?v=4
  • 30017707?v=3
  • 7867810?v=4

    That's enough for me

  • 17554188?v=4

    I think I have made all the changes you wanted, can you check? I put encrypt in a function now due to anti-cheat.

  • 7867810?v=4

    Some minor things

    • This is unnecessary because we aleady banned the Function::toString
      Test.expect(encrypt.toString(), `function (k, s) {
        return f(k, s);
    • You forgot to add // FINALTEST flag

    • Put let encrypt and all below into // Preload some tools
      A. let encrypt is modifiable, put it before those anti-cheat code and it would become 'const' (dont forgot to remove the let so it would be a global variable)
      B. Put function name(){} in a closure and it would not be covered, like

    function a(){ /* first */ }
    function a(){ /* second */ }
  • 17554188?v=4

    Thank you for all your help, do you think this issue is now resolved?

  • 7867810?v=4

    @bdupau Yes, it my own code (look at the PascalCase things :trollface:), which is only applied in my latest JS kata
    And i'm not sure if it is still vulnerable

  • 7867810?v=4

    Yes i guess, just dont submit, or just try in sample test, or in the edit panel

  • 3177197?v=4

    That's quite valuable information ZED. Is it available somewhere outside this kata, or is it simply your personal anti cheat code ?

  • 17554188?v=4

    Am I allowed to try


    on my own code?

  • 7867810?v=4

    Put the last part in the end in Test Cases (but not in the Example Test Cases)

    // FINALTEST, Just any flags that can separate Test Cases from Example Test Cases

    SECRETKEY = 'SECRET-VALUE', Assign a secret value so that if the test suite have not been executed, we can know by checking this varable

    How could the test suite not being executed? Well, it is a security problem in CW's JS test framework, and it is not a secret, which you can submit this solution that can pass most of JS katas (DO NOT DO IT)


    And i warn again, DO NOT DO IT, you will be banned if you are caught

    When you applying these anti-cheat utilities, dont forget to change those secret names

  • 17554188?v=4

    Thank you, where should I put the last part. Is it in front of the final test I do with Test? Also what does the final bit checking SECRET-VALUE do?

  • 7867810?v=4

    To make a totally undefeatable kata
    these are what at least you should do
    in preload

    ;(() =>
      // Preload some tools
      BigNumber = require('bignumber.js')
      var Self = '' + arguments.callee // store the source code of the current function (not this arrow function, the wrapper function)
      module = require = child_process = vm = clearTimeout = clearInterval = null // disable some built-in objects
      Function.prototype.toString = () => '[object Function]' // prevent reading Function source code
      process.reallyExit = () => '' // prevent early exit
    	Desc = Object.getOwnPropertyDescriptors(global), // get all desc. of global (only works in > Node 8)
    	for (F in Desc)
    		Desc[F].configurable = false // prevent configuring
    		true === Desc[F].writable && (Desc[F].writable = false) // prevent re-assigning, deleting, etc.
    		Object.defineProperty(global,F,Desc[F]) // set desc.
    	[Function,Object,Array,String,Number,Boolean,Date,Math,console,Test].forEach(V => // for all common built-in constructors and objects
    		Object.freeze(V) // freeze itself
    		Object.freeze(V.__proto__) // and its __proto__
    		Object.freeze(V.prototype) // and its prototype
      ;/FINAL{1}TEST/.test(Self) && setTimeout(() => // if in final test, add a hidden test, the regexp could be any secret flag, but need to be a little different so that you can correctly tell it from sample test
        'SECRET-VALUE' === global.SECRETKEY || // test if the secrect token has applied
          Test.expect(false,'Have the test suite been executed?') // or throw an error

    in complete test

    // FINALTEST // Add the flag
  • Loading more items...