At the moment we use the SourceCodeSecurityCheckStep for two things - to prevent students from using certain classes, and to inform them that they should not instantiate their own Selenium driver. We do this using simple string comparisons.

We should consider the following:

• Renaming the step to something more suitable (it's not just security)
• Ignoring comments
• Highlighting the correct line (at the moment it highlights line 1 even if the error is further down)
• Redesigning the detection method entirely, so that we do proper static analysis instead of string comparisons (hard)