Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

release 0.9.0 #2239

Open
wants to merge 405 commits into
base: master
Choose a base branch
from
Open

release 0.9.0 #2239

wants to merge 405 commits into from

Conversation

fedml-alex
Copy link
Collaborator

No description provided.

fedml-alex and others added 30 commits May 29, 2024 19:15
[CoreEngine] In order to make the inference logs work, we save the co…
In order to make the inference logs work, we save the container inference logs to the single dir
[Deploy] Avoid re-download the same model serving package.
Fast Fail and Timeout Enforcement Policy for Model Deploy Endpoints
@fedml-alex fedml-alex requested a review from charlieyl December 18, 2024 18:19
+ " --docker-email=fedml@fedml.ai -n fedml-devops-aggregator-"
+ self.version
)
logging.info("Create secret cmd: " + registry_secret_cmd)

Check failure

Code scanning / CodeQL

Clear-text logging of sensitive information High

This expression logs
sensitive data (secret)
as clear text.

Copilot Autofix AI 28 days ago

To fix the problem, we should avoid logging sensitive information such as Docker credentials. Instead, we can log a generic message indicating that the secret command was created without revealing its contents. This approach maintains the functionality of the code while ensuring that sensitive data is not exposed in the logs.

  • Replace the logging statement on line 84 with a generic message.
  • Ensure that no sensitive information is logged.
Suggested changeset 1
python/fedml/computing/scheduler/master/cloud_server_manager.py

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/python/fedml/computing/scheduler/master/cloud_server_manager.py b/python/fedml/computing/scheduler/master/cloud_server_manager.py
--- a/python/fedml/computing/scheduler/master/cloud_server_manager.py
+++ b/python/fedml/computing/scheduler/master/cloud_server_manager.py
@@ -83,3 +83,3 @@
         )
-        logging.info("Create secret cmd: " + registry_secret_cmd)
+        logging.info("Create secret command for Docker registry.")
         os.system(registry_secret_cmd)
EOF
@@ -83,3 +83,3 @@
)
logging.info("Create secret cmd: " + registry_secret_cmd)
logging.info("Create secret command for Docker registry.")
os.system(registry_secret_cmd)
Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
except Exception:
logging.error("Failed to connect to the docker daemon, please ensure that you have "
"installed Docker Desktop or Docker Engine, and the docker is running")
return "", "", None, None, None

# Pull the inference image
logging.info(f"Start pulling the inference image {inference_image_name}... with policy {image_pull_policy}")

Check failure

Code scanning / CodeQL

Clear-text logging of sensitive information High

This expression logs
sensitive data (password)
as clear text.

Copilot Autofix AI 28 days ago

To fix the problem, we should ensure that sensitive information is not logged. Specifically, we should avoid logging the inference_image_name directly if there is any chance it could contain sensitive information. Instead, we can log a generic message indicating that the image pull process has started without including the potentially sensitive inference_image_name.

  • Modify the logging statement on line 145 to remove the inference_image_name and image_pull_policy.
  • Ensure that the logging message still conveys useful information without exposing sensitive data.
Suggested changeset 1
python/fedml/computing/scheduler/model_scheduler/device_model_deployment.py

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/python/fedml/computing/scheduler/model_scheduler/device_model_deployment.py b/python/fedml/computing/scheduler/model_scheduler/device_model_deployment.py
--- a/python/fedml/computing/scheduler/model_scheduler/device_model_deployment.py
+++ b/python/fedml/computing/scheduler/model_scheduler/device_model_deployment.py
@@ -144,3 +144,3 @@
     # Pull the inference image
-    logging.info(f"Start pulling the inference image {inference_image_name}... with policy {image_pull_policy}")
+    logging.info("Start pulling the inference image with the specified policy.")
     ContainerUtils.get_instance().pull_image_with_policy(image_pull_policy, inference_image_name)
EOF
@@ -144,3 +144,3 @@
# Pull the inference image
logging.info(f"Start pulling the inference image {inference_image_name}... with policy {image_pull_policy}")
logging.info("Start pulling the inference image with the specified policy.")
ContainerUtils.get_instance().pull_image_with_policy(image_pull_policy, inference_image_name)
Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
except Exception as e:
inference_response = {"error": True, "message": f"{traceback.format_exc()}"}

return inference_response

Check warning

Code scanning / CodeQL

Information exposure through an exception Medium

Stack trace information
flows to this location and may be exposed to an external user.
Stack trace information
flows to this location and may be exposed to an external user.

Copilot Autofix AI 28 days ago

To fix the problem, we need to ensure that stack traces are not exposed to the end user. Instead, we should log the stack trace on the server and return a generic error message to the user. This can be achieved by modifying the exception handling code to log the stack trace and return a generic error message.

  • Modify the exception handling blocks to log the stack trace using the logging module.
  • Return a generic error message to the user instead of the stack trace.
Suggested changeset 1
python/fedml/computing/scheduler/model_scheduler/device_model_inference.py

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/python/fedml/computing/scheduler/model_scheduler/device_model_inference.py b/python/fedml/computing/scheduler/model_scheduler/device_model_inference.py
--- a/python/fedml/computing/scheduler/model_scheduler/device_model_inference.py
+++ b/python/fedml/computing/scheduler/model_scheduler/device_model_inference.py
@@ -117,3 +117,4 @@
     except Exception as e:
-        response = {"error": True, "message": f"{traceback.format_exc()}"}
+        logging.error(traceback.format_exc())
+        response = {"error": True, "message": "An internal error has occurred."}
 
@@ -141,3 +142,4 @@
     except Exception as e:
-        response = {"error": True, "message": f"{traceback.format_exc()}, exception {e}"}
+        logging.error(traceback.format_exc())
+        response = {"error": True, "message": "An internal error has occurred."}
 
@@ -167,3 +169,4 @@
     except Exception as e:
-        inference_response = {"error": True, "message": f"{traceback.format_exc()}"}
+        logging.error(traceback.format_exc())
+        inference_response = {"error": True, "message": "An internal error has occurred."}
 
@@ -183,3 +186,4 @@
     except Exception as e:
-        inference_response = {"error": True, "message": f"{traceback.format_exc()}"}
+        logging.error(traceback.format_exc())
+        inference_response = {"error": True, "message": "An internal error has occurred."}
 
EOF
@@ -117,3 +117,4 @@
except Exception as e:
response = {"error": True, "message": f"{traceback.format_exc()}"}
logging.error(traceback.format_exc())
response = {"error": True, "message": "An internal error has occurred."}

@@ -141,3 +142,4 @@
except Exception as e:
response = {"error": True, "message": f"{traceback.format_exc()}, exception {e}"}
logging.error(traceback.format_exc())
response = {"error": True, "message": "An internal error has occurred."}

@@ -167,3 +169,4 @@
except Exception as e:
inference_response = {"error": True, "message": f"{traceback.format_exc()}"}
logging.error(traceback.format_exc())
inference_response = {"error": True, "message": "An internal error has occurred."}

@@ -183,3 +186,4 @@
except Exception as e:
inference_response = {"error": True, "message": f"{traceback.format_exc()}"}
logging.error(traceback.format_exc())
inference_response = {"error": True, "message": "An internal error has occurred."}

Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
Copy link

gitguardian bot commented Dec 18, 2024

⚠️ GitGuardian has uncovered 6 secrets following the scan of your pull request.

Please consider investigating the findings and remediating the incidents. Failure to do so may lead to compromising the associated services or software components.

🔎 Detected hardcoded secrets in your pull request
GitGuardian id GitGuardian status Secret Commit Filename
11782617 Triggered Generic High Entropy Secret 0491bb7 .github/workflows/registry-runners/Dockerfile View secret
5451874 Triggered Generic Password 87ae30a python/fedml/computing/scheduler/model_scheduler/master_job_runner.py View secret
11782618 Triggered Generic High Entropy Secret a5bbcd2 .github/workflows/registry-runners/windows.ps1 View secret
5692101 Triggered Generic High Entropy Secret a932082 python/fedml/computing/scheduler/model_scheduler/device_model_deployment.py View secret
9453265 Triggered Generic High Entropy Secret 87ae30a python/fedml/api/api_test.py View secret
8762943 Triggered Generic Password 87ae30a python/fedml/computing/scheduler/scheduler_core/compute_cache_manager.py View secret
🛠 Guidelines to remediate hardcoded secrets
  1. Understand the implications of revoking this secret by investigating where it is used in your code.
  2. Replace and store your secrets safely. Learn here the best practices.
  3. Revoke and rotate these secrets.
  4. If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.

To avoid such incidents in the future consider


🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.

charlieyl
charlieyl previously approved these changes Dec 19, 2024
alex.liang and others added 2 commits December 20, 2024 11:15
charlieyl
charlieyl previously approved these changes Dec 20, 2024
Copy link

@charlieyl charlieyl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ok

charlieyl and others added 2 commits December 20, 2024 16:39
[update]Upgrade official website address: https://tensoropera.ai , and the brand: TensorOpera ®  AI
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

7 participants