Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add dashboard #68

Merged
merged 21 commits into from Apr 11, 2018
Merged

Add dashboard #68

merged 21 commits into from Apr 11, 2018

Conversation

iwiwi
Copy link
Contributor

@iwiwi iwiwi commented Mar 28, 2018

No description provided.

@iwiwi iwiwi changed the base branch from master to fix-minimize-default-storage April 5, 2018 11:18
@iwiwi iwiwi changed the base branch from fix-minimize-default-storage to master April 5, 2018 11:19
@iwiwi iwiwi changed the title [WIP] Add dashboard Add dashboard Apr 5, 2018
@iwiwi iwiwi requested a review from g-votte April 5, 2018 13:47
g-votte
g-votte reviewed Apr 6, 2018
View reviewed changes
pfnopt/dashboard.py Outdated

self.doc.title = 'PFNOpt Dashboard (Beta)'
header = _HEADER_FORMAT.format(
url=str(self.study.storage),
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As we've discussed offline, str(self.study.storage) can be object id, which is recognized as a tag in the dashboard.

pfnopt/cli.py
'mkstudy': MakeStudy
'mkstudy': MakeStudy,
'dashboard': Dashboard,
'report': Report,
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It seems report command allows script injection. As long as a study is accessible from multiple users, malicious attack might occur. Can we come up with any workaround? (There seems no such problem with dashboard command.)

E.g.,

import os

import pfnopt
from pfnopt.client import BaseClient

storage = pfnopt.storages.RDBStorage(os.environ['PFNOPT_PGURL'])
study = pfnopt.Study(study_uuid='c7081a86-71bf-4d5d-af6a-862bac17c627', storage=storage)


def objective(client: BaseClient) -> float:
    client.sample_categorical('x', (
        '</script><script>alert(1234)</script>',
    ))

    return 0


pfnopt.minimize(objective, study=study, n_trials=1)

image

Copy link
Contributor Author

@iwiwi iwiwi Apr 10, 2018
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Discussed offline, we decided to postpone this problem. #80

g-votte
g-votte reviewed Apr 9, 2018
View reviewed changes
setup.py Outdated
@@ -26,7 +26,8 @@ def get_version():
author_email='akiba@preferred.jp',
packages=find_packages(),
install_requires=[
'sqlalchemy>=1.1.0', 'numpy', 'scipy', 'six', 'typing', 'enum34', 'cliff', 'colorlog'],
'sqlalchemy>=1.1.0', 'numpy', 'scipy', 'six', 'typing', 'enum34', 'cliff', 'colorlog',
'bokeh'],
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we add bokeh to install_requires? As (1) we've seen some unstable behaviors in bokeh and (2) dashboard feature is still in beta version, we could treat the library as an optional install.

pfnopt/dashboard.py
_study = None # type: Optional[pfnopt.study.Study]


_HEADER_FORMAT = '''
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We may need HTML escape logic, as long as we embed non-static contents.

@iwiwi iwiwi mentioned this pull request Apr 10, 2018
Closed
g-votte
g-votte approved these changes Apr 11, 2018
View reviewed changes
Copy link
Member

@g-votte g-votte left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM except the conflict coming from the main branch.

@iwiwi
Copy link
Contributor Author

iwiwi commented Apr 11, 2018

Thanks, resolved the conflict

@g-votte g-votte merged commit 3473a04 into master Apr 11, 2018
@g-votte g-votte deleted the bokeh-dashboard branch April 11, 2018 04:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@g-votte g-votte g-votte approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@iwiwi @g-votte