Skip to content

[WIP] Web UI dataset #617

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 33 commits into from
Dec 21, 2024
Merged

[WIP] Web UI dataset #617

merged 33 commits into from
Dec 21, 2024

Conversation

VukW
Copy link
Contributor

@VukW VukW commented Sep 16, 2024
edited
Loading

depends on #606
Adds functionality for creating & managing datasets

Dataset submission

  • "add new dataset" button on datasets list
  • "choose benchmark" step
    • PoC (dropdown list)
    • p1 list benchmarks as cards with detailed info (as on "benchmarks list" page), + highlight chosen one
    • p3 allow to choose dataprep mlcube instead
  • "Fill text fields" step
    • DS name
    • description
      • p2 check length beforehand? DS submission would fail if description is > 20 characters ?
    • location
      • p2 check length beforehand?
    • p3 "Submit as prepared" flag
      • needs to be explained somewhere (like, in a tooltip)
      • Q: if checked, is dataset automatically created as operational?
    • p1 check how errors are displayed & handled
  • "Paths" step
    • Q: combine with previous step?
    • data path
    • labels path
    • p2 metadata path (what is it?) (is required if dataset is already prepared)
    • p2 redesign path picking panel
      • folders / files difference
      • one click - chosing folder, double click - go inside?
    • p2 "go back" button / navigation
  • "Verify entered data" step
  • dataset submission
  • p1 check how errors are displayed & handled

Submitted dataset displaying (dataset details page)

  • p2 display paths (data path, labels path)
  • p1 display dataset statistics

Dataset preparation

  • "Prepare" button on dataset detail page
  • Preparation run
  • p1 clean log messages from magic bytes
  • p1 distinguish messages to headers + usual lines in the medperf code
  • p1 display header messages properly
  • p1 display log messages without json
  • p2 log lines highlighting?
  • p1 spinner at text headers to underline process is running
  • p1 check how errors are displayed & handled
  • p1 button "back to the dataset" rename
  • link to the report / display report if it exists
  • p1 check how errors are displayed & handled (display exceptions in the log)

Prepared dataset displaying (dataset details page)

  • p2 if report exists, "Allowed automatic report submission" flag
  • p2 if report exists, link / path to the report
  • p1 if dataset is prepared, unlock next button "set operational" (locked if not prepared)

Set operational

  • p0 "Set operational" button on dataset detail page
  • p0 Set operational
  • p0 Disable button if already operational
  • p1 check how errors are displayed & handled

Associate

  • p1 "Associate with the benchmark" button on the dataset detail page (no choice of benchmarks)
  • p3 choice of benchmarks if dataset was created with dataprep mlcube
  • p1 associate
  • p1 check how errors are displayed & handled

Run benchmark

  • p1 "Run benchmark" button on the dataset detail page
  • p1 running benchmark page with logs
  • ??? runs history??
  • ??? displaying result???
  • p1 check how errors are displayed & handled
  • p2 "Run all" button
  • p2 add "Running" status in addition to "Pending"
  • p1 make all status (Run/Failed/Pending/Done) buttons as separate objects
  • p1 modify default (right-after-load) button to "Waiting for status.."
  • p2 adjust logs panel height if there is no logs

Submit result

  • p1 "Submit result" button on the dataset detail page
  • p1 Submit result
  • p1 check how errors are displayed & handled
  • p2 "Submit all" button

general dataset UI

  • p2 design buttons prepare-operational-... navigation to one line?
  • p1 hide buttons panel if you're not the dataset owner?
  • p3 redesign state displaying (we'd have dev/op floating blocks in the header + set-op button in the footer)

Technical refactoring

  • p1 split routes to different files: dataset/submission.py, dataset/preparation.py

@VukW VukW requested a review from a team as a code owner September 16, 2024 16:17
@VukW VukW had a problem deploying to testing-external-code September 16, 2024 16:17 — with GitHub Actions Failure
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Sep 16, 2024
edited
Loading

MLCommons CLA bot All contributors have signed the MLCommons CLA ✍️ ✅

github-advanced-security[bot]
github-advanced-security bot found potential problems Sep 16, 2024
View reviewed changes
cli/medperf/web_ui/api/routes.py
full_path = os.path.join(BASE_DIR, path)
os.path.join(BASE_DIR, path)

if not os.path.exists(full_path) or not os.path.isdir(full_path):

Check failure

Code scanning / CodeQL

Uncontrolled data used in path expression High

This path depends on a
user-provided value
Loading
.
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This function lists all files and folders on the server side. So, yes, it is expected to use user's given path to list its content (though still may be dangerous? I don't know)

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should handle all of these vulnerabilities as suggested, even if they're expected to be for local calls or not

cli/medperf/web_ui/api/routes.py
full_path = os.path.join(BASE_DIR, path)
os.path.join(BASE_DIR, path)

if not os.path.exists(full_path) or not os.path.isdir(full_path):

Check failure

Code scanning / CodeQL

Uncontrolled data used in path expression High

This path depends on a
user-provided value
Loading
.
cli/medperf/web_ui/api/routes.py

# List directories inside the path
folders = []
for item in os.listdir(full_path):

Check failure

Code scanning / CodeQL

Uncontrolled data used in path expression High

This path depends on a
user-provided value
Loading
.
cli/medperf/web_ui/api/routes.py
folders = []
for item in os.listdir(full_path):
item_path = os.path.join(full_path, item)
if os.path.isdir(item_path):

Check failure

Code scanning / CodeQL

Uncontrolled data used in path expression High

This path depends on a
user-provided value
Loading
.
@VukW VukW had a problem deploying to testing-external-code September 17, 2024 10:30 — with GitHub Actions Failure
@VukW VukW had a problem deploying to testing-external-code September 17, 2024 10:37 — with GitHub Actions Failure
@VukW VukW had a problem deploying to testing-external-code September 24, 2024 13:44 — with GitHub Actions Failure
@VukW VukW changed the title Web UI dataset [WIP] Web UI dataset Sep 24, 2024
@VukW VukW had a problem deploying to testing-external-code September 25, 2024 18:37 — with GitHub Actions Failure
github-advanced-security[bot]
github-advanced-security bot found potential problems Sep 25, 2024
View reviewed changes
@VukW VukW had a problem deploying to testing-external-code October 2, 2024 17:06 — with GitHub Actions Failure
github-advanced-security[bot]
github-advanced-security bot found potential problems Oct 2, 2024
View reviewed changes
@VukW VukW had a problem deploying to testing-external-code October 4, 2024 16:30 — with GitHub Actions Failure
@VukW VukW had a problem deploying to testing-external-code October 7, 2024 15:11 — with GitHub Actions Failure
@VukW VukW had a problem deploying to testing-external-code October 9, 2024 14:15 — with GitHub Actions Failure
@VukW VukW had a problem deploying to testing-external-code October 15, 2024 15:47 — with GitHub Actions Failure
@VukW VukW had a problem deploying to testing-external-code October 15, 2024 16:29 — with GitHub Actions Failure
@VukW VukW had a problem deploying to testing-external-code October 15, 2024 19:12 — with GitHub Actions Failure
@VukW VukW had a problem deploying to testing-external-code October 22, 2024 14:52 — with GitHub Actions Failure
@VukW VukW had a problem deploying to testing-external-code October 22, 2024 15:37 — with GitHub Actions Failure
@VukW VukW had a problem deploying to testing-external-code October 24, 2024 13:58 — with GitHub Actions Failure
github-advanced-security[bot]
github-advanced-security bot found potential problems Oct 24, 2024
View reviewed changes
cli/medperf/web_ui/login.py
# Check if user is already authenticated
if token == security_token:
# User is already authenticated, redirect to original URL
return RedirectResponse(url=redirect_url, status_code=status.HTTP_302_FOUND)

Check warning

Code scanning / CodeQL

URL redirection from remote source Medium

Untrusted URL redirection depends on a
user-provided value
Loading
.
cli/medperf/web_ui/login.py
redirect_url: str = Form("/"),
):
if token == security_token:
response = RedirectResponse(url=redirect_url, status_code=status.HTTP_302_FOUND)

Check warning

Code scanning / CodeQL

URL redirection from remote source Medium

Untrusted URL redirection depends on a
user-provided value
Loading
.
cli/medperf/web_ui/login.py
):
if token == security_token:
response = RedirectResponse(url=redirect_url, status_code=status.HTTP_302_FOUND)
response.set_cookie(key=AUTH_COOKIE_NAME, value=token)

Check warning

Code scanning / CodeQL

Failure to use secure cookies Medium

Cookie is added without the Secure and HttpOnly attributes properly set.
cli/medperf/web_ui/login.py
):
if token == security_token:
response = RedirectResponse(url=redirect_url, status_code=status.HTTP_302_FOUND)
response.set_cookie(key=AUTH_COOKIE_NAME, value=token)

Check warning

Code scanning / CodeQL

Construction of a cookie using user-supplied input Medium

Cookie is constructed from a
user-supplied input
Loading
.
@VukW VukW had a problem deploying to testing-external-code October 24, 2024 15:05 — with GitHub Actions Failure
@aristizabal95 aristizabal95 changed the base branch from main to web-ui December 16, 2024 17:10
aristizabal95
aristizabal95 approved these changes Dec 16, 2024
View reviewed changes
Copy link
Contributor

@aristizabal95 aristizabal95 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This was a ton of work! There are a few suggestions on maintaining style, and covering vulnerabilities with the suggestions generated by github would be ideal. Also, this work should prompt some discussion on the current design and future design, since this implementation could not be added without repeating code. Leaving as is could lead to several bugs if changes need to be done in the current workflow (as they would need to be implemented in both CLI and Web UI). This is some amazing work for a task that was very intimidating and difficult to define

cli/medperf/commands/dataset/submit.py
+ " Owner for traceability and debugging purposes."
)
config.ui.print_warning(warning)
preparation.approved = preparation.approved or approval_prompt(msg)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It would be better to instead convert this logic into a function, and keep the original flow with the added new function. Just so that we keep a consistent style where you can get an idea of the workflow of a command by looking at the run function.

cli/medperf/commands/result/create.py
@@ -1,4 +1,5 @@
import os
import time
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This dependency doesn't appear to be needed

cli/medperf/web_ui/api/routes.py
full_path = os.path.join(BASE_DIR, path)
os.path.join(BASE_DIR, path)

if not os.path.exists(full_path) or not os.path.isdir(full_path):
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should handle all of these vulnerabilities as suggested, even if they're expected to be for local calls or not

cli/medperf/web_ui/datasets/routes_associate.py
"""
dataset = Dataset.get(dataset_id)
benchmark = Benchmark.get(benchmark_id)
draft_id = str(uuid.uuid4())
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Didn't know of this. Nice!

@hasan7n hasan7n merged commit 020da3e into mlcommons:web-ui Dec 21, 2024
3 of 8 checks passed
@github-actions github-actions bot locked and limited conversation to collaborators Dec 21, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@aristizabal95 aristizabal95 aristizabal95 approved these changes

Assignees
No one assigned
Labels
topic: UI/UX
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@VukW @aristizabal95 @hasan7n