search

green-coding-solutions / green-metrics-tool

Measure energy and carbon consumption of software
https://metrics.green-coding.io
GNU Affero General Public License v3.0
159 stars 22 forks source link

API Security improvement - Parameter check #454

Open ArneTR opened 1 year ago

ArneTR commented 1 year ago

When adding a new software through the API it shall be checked that:

JulianGommlich commented 1 week ago

Hi! As a first issue, I would like to implement these checks :-)

ArneTR commented 1 week ago

Hey @JulianGommlich

thanks for the offer to work on this!

The relevant part of the code is here where the data gets submitted to the endpoint [/v1/software/add] (https://github.com/green-coding-solutions/green-metrics-tool/blob/b148de7070b89ef30bd61b06922c334f861917be/api/main.py#L1035)

Also it would be nice to have a similar check in the frontend, as this saves a round-trip for users that use the UI. This would have to be added in this file request.js

If you have any questions just follow up! ty <3

JulianGommlich commented 1 week ago

Thanks for offering your help, that I'll gladly accept :-D

I was trying to run the tests, but was not able to set up the test environment. I followed this README.
I'm working on Windows in VS Code. First I set up the Python Interpreter and the venv. Afterwards I installed the dependencies in requirements-dev.txt. Unfortunately, running install_linux.sh or install_mac.sh did not work. I even tried it using WSL, but was not successful. As a consequence, running python /tests/setup-test-env.py resulted in import errors.

Do you have any guide on how to set up the project and your tests on Windows?

ArneTR commented 1 week ago

And the most important question: Did you install Windows like documented here? https://docs.green-coding.io/docs/installation/installation-windows/

Generally I expected Windows to be working fine and for setting up the tests you went the correct route to install it (Assuming you install GMT according to the docs linked about).

Do not execute the install_mac.sh, that is the wrong file for Windows WSL.

JulianGommlich commented 1 week ago

Sure, no problem :-)
When executing python /tests/setup-test-env.py is get the following error: 

Traceback (most recent call last):
  File "C:\Users\Julia\Documents\DEV\green-metrics-tool\tests\setup-test-env.py", line 8, in <module>
    from lib import utils
ImportError: cannot import name 'utils' from 'lib' (unknown location)
(.venv)

Running the install script results in the following errors: 

install_linux.sh: line 129: lsb_release: command not found
install_linux.sh: line 132: sudo: command not found

I honestly did not find the documentation that you linked in your comment. I will try it out as soon as I have time after work :-)

ArneTR commented 1 week ago

Ah I see. These errors originate frome the venv and it's include path not correctly set up. It should work once you follow the linked install instructions.

Happy to help with next steps then 👍

JulianGommlich commented 6 days ago

Unfortunately after following the documentation, I still get the same error: 

Traceback (most recent call last):
  File "C:\Users\Julia\Documents\DEV\green-metrics-tool\tests\setup-test-env.py", line 8, in <module>
    from lib import utils
ImportError: cannot import name 'utils' from 'lib' (unknown location)
(.venv)

Everything else worked fine. Even the install script completed successfully

ArneTR commented 6 days ago

The error confuses me a little as typically in WSL you do not get displayed Windows like paths.

JulianGommlich commented 5 days ago

Yes, I'm using a Ubuntu distro in WSL and executed all commands inside WSL.

I set up a venv with python3 - m venv /venv and then activated it before starting any of your scripts in GMT.

ArneTR commented 5 days ago

The command looks not correct.

It must be run in the home directory of the GMT and it must not contain a slahs before /venv

JulianGommlich commented 5 days ago

Alrighty, I'll test it later :-)

JulianGommlich commented 5 days ago

Now it ran through :-)