New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add dashboard #68
Add dashboard #68
Conversation
pfnopt/dashboard.py
Outdated
|
||
self.doc.title = 'PFNOpt Dashboard (Beta)' | ||
header = _HEADER_FORMAT.format( | ||
url=str(self.study.storage), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As we've discussed offline, str(self.study.storage)
can be object id, which is recognized as a tag in the dashboard.
'mkstudy': MakeStudy | ||
'mkstudy': MakeStudy, | ||
'dashboard': Dashboard, | ||
'report': Report, | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It seems report command allows script injection. As long as a study is accessible from multiple users, malicious attack might occur. Can we come up with any workaround? (There seems no such problem with dashboard command.)
E.g.,
import os
import pfnopt
from pfnopt.client import BaseClient
storage = pfnopt.storages.RDBStorage(os.environ['PFNOPT_PGURL'])
study = pfnopt.Study(study_uuid='c7081a86-71bf-4d5d-af6a-862bac17c627', storage=storage)
def objective(client: BaseClient) -> float:
client.sample_categorical('x', (
'</script><script>alert(1234)</script>',
))
return 0
pfnopt.minimize(objective, study=study, n_trials=1)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Discussed offline, we decided to postpone this problem. #80
setup.py
Outdated
@@ -26,7 +26,8 @@ def get_version(): | |||
author_email='akiba@preferred.jp', | |||
packages=find_packages(), | |||
install_requires=[ | |||
'sqlalchemy>=1.1.0', 'numpy', 'scipy', 'six', 'typing', 'enum34', 'cliff', 'colorlog'], | |||
'sqlalchemy>=1.1.0', 'numpy', 'scipy', 'six', 'typing', 'enum34', 'cliff', 'colorlog', | |||
'bokeh'], |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we add bokeh to install_requires
? As (1) we've seen some unstable behaviors in bokeh and (2) dashboard feature is still in beta version, we could treat the library as an optional install.
_study = None # type: Optional[pfnopt.study.Study] | ||
|
||
|
||
_HEADER_FORMAT = ''' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We may need HTML escape logic, as long as we embed non-static contents.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM except the conflict coming from the main branch.
Thanks, resolved the conflict |
No description provided.