-
-
Notifications
You must be signed in to change notification settings - Fork 152
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore: change log object #553
base: main
Are you sure you want to change the base?
Conversation
rdagent/log/logger.py
Outdated
@@ -110,6 +121,169 @@ def file_format(self, record: "Record", raw: bool = False) -> str: | |||
return "{message}" | |||
return "{time:YYYY-MM-DD HH:mm:ss.SSS} | {level: <8} | {name}:{function}:{line} - {message}\n" | |||
|
|||
def format_pkl(self, base_path: str | Path): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
move them to UI
for file in files: | ||
if file: | ||
p = Path(f'./uploads/{scenario}') | ||
if not p.exists(): |
Check failure
Code scanning / CodeQL
Uncontrolled data used in path expression High
user-provided value
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix AI 7 days ago
To fix the problem, we need to validate and sanitize the scenario
input before using it to construct file paths. The best way to do this is to ensure that the scenario
input does not contain any special characters or sequences that could lead to path traversal. We can use the werkzeug.utils.secure_filename
function to sanitize the scenario
input.
- Import the
secure_filename
function fromwerkzeug.utils
. - Use
secure_filename
to sanitize thescenario
input before using it in the file path.
-
Copy modified line R7 -
Copy modified line R229
@@ -6,2 +6,3 @@ | ||
from flask_cors import CORS | ||
from werkzeug.utils import secure_filename | ||
|
||
@@ -227,3 +228,3 @@ | ||
# 获取请求体中的字段 | ||
scenario = request.form.get('scenario') | ||
scenario = secure_filename(request.form.get('scenario')) | ||
files = request.files.getlist('files') |
if file: | ||
p = Path(f'./uploads/{scenario}') | ||
if not p.exists(): | ||
p.mkdir(parents=True, exist_ok=True) |
Check failure
Code scanning / CodeQL
Uncontrolled data used in path expression High
user-provided value
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix AI 7 days ago
To fix the problem, we need to validate and sanitize the scenario
variable before using it to construct file paths. The best way to do this is to ensure that the scenario
variable does not contain any special characters or sequences that could lead to path traversal. We can use the werkzeug.utils.secure_filename
function to sanitize the scenario
variable.
- Import the
secure_filename
function fromwerkzeug.utils
. - Use
secure_filename
to sanitize thescenario
variable before using it in the file path.
-
Copy modified line R7 -
Copy modified line R229
@@ -6,2 +6,3 @@ | ||
from flask_cors import CORS | ||
from werkzeug.utils import secure_filename | ||
|
||
@@ -227,3 +228,3 @@ | ||
# 获取请求体中的字段 | ||
scenario = request.form.get('scenario') | ||
scenario = secure_filename(request.form.get('scenario')) | ||
files = request.files.getlist('files') |
if not data: | ||
return jsonify({"error": "No JSON data received"}), 400 | ||
except Exception as e: | ||
return jsonify({"error": str(e)}), 500 |
Check warning
Code scanning / CodeQL
Information exposure through an exception Medium
Stack trace information
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix AI 7 days ago
To fix the problem, we need to modify the exception handling in the /receive
route to log the detailed error message on the server and return a generic error message to the user. This involves:
- Importing the
traceback
module to capture the stack trace. - Logging the stack trace on the server.
- Returning a generic error message to the user.
-
Copy modified lines R260-R262
@@ -259,3 +259,5 @@ | ||
except Exception as e: | ||
return jsonify({"error": str(e)}), 500 | ||
import traceback | ||
traceback.print_exc() # Log the stack trace on the server | ||
return jsonify({"error": "An internal error has occurred!"}), 500 | ||
|
return send_from_directory(app.static_folder, fn) | ||
|
||
if __name__ == '__main__': | ||
app.run(debug=True, host='0.0.0.0', port=19899) |
Check failure
Code scanning / CodeQL
Flask app is run in debug mode High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix AI 7 days ago
To fix the problem, we need to ensure that the Flask application does not run in debug mode in a production environment. The best way to achieve this is to use an environment variable to control the debug mode. This way, we can set the environment variable to enable debug mode during development and disable it in production.
- Import the
os
module to access environment variables. - Modify the
app.run
call to set thedebug
parameter based on the value of an environment variable (e.g.,FLASK_DEBUG
).
-
Copy modified lines R277-R279
@@ -276,2 +276,4 @@ | ||
if __name__ == '__main__': | ||
app.run(debug=True, host='0.0.0.0', port=19899) | ||
import os | ||
debug_mode = os.getenv('FLASK_DEBUG', 'False').lower() in ['true', '1', 't'] | ||
app.run(debug=debug_mode, host='0.0.0.0', port=19899) |
Description
Motivation and Context
How Has This Been Tested?
Screenshots of Test Results (if appropriate):
Types of changes
📚 Documentation preview 📚: https://RDAgent--553.org.readthedocs.build/en/553/