Closed ajcasagrande closed 1 year ago
It looks like gosec
is flagging a G204: Subprocess launched with a potential tainted input or cmd arguments (gosec)
.
This should be evaluated, however do understand that the G204
already exists in the code base and is just not being detected due to the fact it resides in a 3rd-party library.
Update:
After researching, the way it is utilized is safe. The reason G204 was being flagged was because exec.Command
was being passed a function, and not a variable. Since the function call is just a getter for a variable, I moved it out into a temp var and that removed the warning.
More info:
Merging #254 (a7aa7f0) into main (faedb97) will decrease coverage by
0.25%
. The diff coverage is0.00%
.
:exclamation: Your organization is not using the GitHub App Integration. As a result you may experience degraded service beginning May 15th. Please install the Github App Integration for your organization. Read more.
@@ Coverage Diff @@
## main #254 +/- ##
========================================
- Coverage 2.70% 2.45% -0.25%
========================================
Files 7 8 +1
Lines 777 856 +79
========================================
Hits 21 21
- Misses 756 835 +79
Impacted Files | Coverage Δ | |
---|---|---|
internal/driver/device.go | 11.42% <0.00%> (-0.34%) |
:arrow_down: |
internal/driver/driver.go | 0.00% <0.00%> (ø) |
|
internal/driver/helper.go | 0.00% <0.00%> (ø) |
|
internal/driver/transcoder.go | 0.00% <0.00%> (ø) |
I validated this PR thoroughly both in secure and non-secure modes. Tested what was recommend in test instructions of this PR and I added some of my own tests. Functionality wise it works correctly, no issues seen. Tried several time start steaming with valid and invalid inputs, stop streaming, restarting/stopping/starting usb service while streaming is going on, etc checked streaming status for every test to ensure it reflects correct streaming status. But it gives status code 200 in below scenarios: Start streaming with valid inputs without rtsp creds uploaded Start streaming with invalid inputs Based on PR testing instructions, its supposed to give status code 500 for above 2 cases. However though it gives status code 200 in above 2 cases, streaming will not start and gives appropriate error in streaming status api error section. only problem is api output status code. Find attached logs and screenshots.
@vyshali-chitikeshi @FelixTing I have just pushed updated code to handle this situation. It now waits up to 4 seconds before returning in case the error takes longer on certain machines. I have also enabled ffmpeg progress reporting of 60 second intervals. This way it is not super chatty, but still allows us to have something to parse when the stream has successfully started.
In my experimentation, I have noticed ffmpeg will always print progress for the first frame, so no matter if the reporting interval is 1 minute, we still get notified right away. This seems to be the best of both worlds, as it allows more time for slower machines/commands, but doesn't drastically delay the response of successful streams.
Successful response in 669ms
Error response in 1097ms
With the updated code, it works correctly. Its gives status code 500 with appropriate error message n below 2 scenarios as expected Start streaming with valid inputs without uploading rtsp creds Start streaming with invalid inputs attached screenshots.
Also tested other api's, and some negative scenarios like starting streaming while streaming in-progress and restarting usb service while streaming is going on etc Everything looks good.
Also from performance perspective, I don't see noticeable delay to get rest-api outputs.
FFmpeg transcoder logic has been implemented within the driver code now, so that way we have more control over it. This allows us to keep track of the process output and log it to the console as well as return it to the caller of StartStreaming. Because we have more precise control over the process, we can better sync the StreamingStatus to whether or not the ffmpeg process is running.
The handling of publishing StreamingStatus to the message bus has been optimized to send better based on when it actually changes, and not send when the user calls StopStreaming when already stopped, or StartStreaming when already started.
Logic has also been added to redact the rtsp credentials from the log file and API responses to avoid exposing secrets to the caller.
If your build fails due to your commit message not passing the build checks, please review the guidelines here: https://github.com/edgexfoundry/edgex-go/blob/main/.github/Contributing.md
PR Checklist
Please check if your PR fulfills the following requirements:
BREAKING CHANGE:
describing the break)Testing Instructions
add-device-usb-camera.yaml
make run ds-usb-camera
/api/v3/secrets
using the guide from edgex-docs (see step 4 here)mpeg456
not being validadditional things to validate:
New Dependency Instructions (If applicable)
Fixes #253 Implements a proper fix for #23