Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Web UI dataset #617

Open
wants to merge 51 commits into
base: main
Choose a base branch
from
Open

Web UI dataset #617

wants to merge 51 commits into from

Conversation

VukW
Copy link
Contributor

@VukW VukW commented Sep 16, 2024

No description provided.

VukW added 30 commits July 11, 2024 10:34
@VukW
added fastapi as web ui backend
040d446
@VukW
Added cube + benchmark basic listing
97e6bd7
@VukW
Adds navigation
0382684
@VukW
Aded mlcube detailed page
55fe60e
@VukW
Improved mlcubes detailed layout
fb1bca3
@VukW
Improved mlcube layout
64cf53e
@VukW
yaml displaying
36611e1
@VukW
yaml: spinner
56fa5c4
@VukW
yaml panel improvement
8563887
@VukW
yaml panel layout improvement
07ce4ab
@VukW
layout fixes
b260401
@VukW
Added benchmark detailed page
b7980a8
@VukW
added links to mlcube
ca356cc
@VukW
benchmark page: added owner
6efd724
@VukW
Colors refactoring
319b1bf
@VukW
Dataset detailed page
58008f3
@VukW
Forgot to add js file
375d89e
@VukW
Unified data format for all data fields automatically
c6d8a56
@VukW
(mlcube-detailed) Display image tarball and additional files always
74f7743
@VukW
Fixed scrolling and reinvented basic page layout
b312882
@VukW
Fix navbar is hiding
0e282cb
@VukW
Make templates & static files independent of user's workdir
6b28ebb
@VukW
Added error handling
881b281
@VukW
Display invalid entities correctly
e28107b
@VukW
Added invalid entities highlighting + badges
5b718eb
@VukW
Added benchmark associations
0f95027
@VukW
Improved association panel style
444786e
@VukW
Added association card
e273577
@VukW
Sorted associations by status / timestamp
eea1e77
@VukW
Sorted mlcubes and datasets: mine first
7b68911
VukW added 17 commits August 7, 2024 20:50
@VukW
Added associations to dataset page
8251c42
@VukW
Added associations to mlcube page
b669358
@VukW
Refactored details page - extracted common styles to the base template
039f496
@VukW
Refactored association sorting to common util
c225a5e
@VukW
Display my benchmarks first
ad0451f
@VukW
Hid empty links
12ffef2
@VukW
Mlcube-as-a-link unified view
cedad96
@VukW
resources.path cannot return a dir with subdirs for py3.9
3ac8a74
@VukW
Fixed resources path for templates also
6170b53
@VukW
linter fix
53b557b
@VukW
static local resources instead of remote ones
2b73c4f
@VukW
layout fix: align mlcubes vertically
75d6776
@VukW
bugfix: add some dependencies for isolated run
c47a751
@VukW
Merge branch 'main' into web-ui
d837837 
# Conflicts:
#	cli/medperf/commands/list.py
#	cli/medperf/entities/benchmark.py
#	cli/medperf/entities/cube.py
#	cli/medperf/entities/dataset.py
#	cli/medperf/entities/interface.py
@VukW
Fixes after merging main
c58efd8
@VukW
Dataset creation step 1
f2f25c0
@VukW
Dataset submission wizard
4da2628
@VukW VukW requested a review from a team as a code owner September 16, 2024 16:17
@VukW VukW requested a deployment to testing-external-code September 16, 2024 16:17 — with GitHub Actions Waiting
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Sep 16, 2024
edited
Loading

MLCommons CLA bot All contributors have signed the MLCommons CLA ✍️ ✅

github-advanced-security[bot]
github-advanced-security bot found potential problems Sep 16, 2024
View reviewed changes
cli/medperf/web_ui/api/routes.py
full_path = os.path.join(BASE_DIR, path)
os.path.join(BASE_DIR, path)

if not os.path.exists(full_path) or not os.path.isdir(full_path):

Check failure

Code scanning / CodeQL

Uncontrolled data used in path expression High

This path depends on a
user-provided value
Loading
.
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This function lists all files and folders on the server side. So, yes, it is expected to use user's given path to list its content (though still may be dangerous? I don't know)

cli/medperf/web_ui/api/routes.py
full_path = os.path.join(BASE_DIR, path)
os.path.join(BASE_DIR, path)

if not os.path.exists(full_path) or not os.path.isdir(full_path):

Check failure

Code scanning / CodeQL

Uncontrolled data used in path expression High

This path depends on a
user-provided value
Loading
.
cli/medperf/web_ui/api/routes.py

# List directories inside the path
folders = []
for item in os.listdir(full_path):

Check failure

Code scanning / CodeQL

Uncontrolled data used in path expression High

This path depends on a
user-provided value
Loading
.
cli/medperf/web_ui/api/routes.py
folders = []
for item in os.listdir(full_path):
item_path = os.path.join(full_path, item)
if os.path.isdir(item_path):

Check failure

Code scanning / CodeQL

Uncontrolled data used in path expression High

This path depends on a
user-provided value
Loading
.
cli/medperf/web_ui/yaml_fetch/routes.py
@router.get("/fetch-yaml")
async def fetch_yaml(url: str):
try:
response = requests.get(url)

Check failure

Code scanning / CodeQL

Full server-side request forgery Critical

The full URL of this request depends on a
user-provided value
Loading
.
@VukW VukW requested a deployment to testing-external-code September 17, 2024 10:30 — with GitHub Actions Waiting
@VukW VukW requested a deployment to testing-external-code September 17, 2024 10:37 — with GitHub Actions Waiting
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@VukW