-
-
Notifications
You must be signed in to change notification settings - Fork 790
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
release 0.9.0 #2239
base: master
Are you sure you want to change the base?
release 0.9.0 #2239
Conversation
…ntainer inference logs to the single dir.
[CoreEngine] In order to make the inference logs work, we save the co…
In order to make the inference logs work, we save the container inference logs to the single dir
Dev/v0.7.0
Alexleung/dev v070 for refactor
[Deploy] Avoid re-download the same model serving package.
Add global env file
Fast Fail and Timeout Enforcement Policy for Model Deploy Endpoints
Renaming endpoint_id key to end_point_id
+ " --docker-email=fedml@fedml.ai -n fedml-devops-aggregator-" | ||
+ self.version | ||
) | ||
logging.info("Create secret cmd: " + registry_secret_cmd) |
Check failure
Code scanning / CodeQL
Clear-text logging of sensitive information High
sensitive data (secret)
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix AI 28 days ago
To fix the problem, we should avoid logging sensitive information such as Docker credentials. Instead, we can log a generic message indicating that the secret command was created without revealing its contents. This approach maintains the functionality of the code while ensuring that sensitive data is not exposed in the logs.
- Replace the logging statement on line 84 with a generic message.
- Ensure that no sensitive information is logged.
-
Copy modified line R84
@@ -83,3 +83,3 @@ | ||
) | ||
logging.info("Create secret cmd: " + registry_secret_cmd) | ||
logging.info("Create secret command for Docker registry.") | ||
os.system(registry_secret_cmd) |
except Exception: | ||
logging.error("Failed to connect to the docker daemon, please ensure that you have " | ||
"installed Docker Desktop or Docker Engine, and the docker is running") | ||
return "", "", None, None, None | ||
|
||
# Pull the inference image | ||
logging.info(f"Start pulling the inference image {inference_image_name}... with policy {image_pull_policy}") |
Check failure
Code scanning / CodeQL
Clear-text logging of sensitive information High
sensitive data (password)
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix AI 28 days ago
To fix the problem, we should ensure that sensitive information is not logged. Specifically, we should avoid logging the inference_image_name
directly if there is any chance it could contain sensitive information. Instead, we can log a generic message indicating that the image pull process has started without including the potentially sensitive inference_image_name
.
- Modify the logging statement on line 145 to remove the
inference_image_name
andimage_pull_policy
. - Ensure that the logging message still conveys useful information without exposing sensitive data.
-
Copy modified line R145
@@ -144,3 +144,3 @@ | ||
# Pull the inference image | ||
logging.info(f"Start pulling the inference image {inference_image_name}... with policy {image_pull_policy}") | ||
logging.info("Start pulling the inference image with the specified policy.") | ||
ContainerUtils.get_instance().pull_image_with_policy(image_pull_policy, inference_image_name) |
except Exception as e: | ||
inference_response = {"error": True, "message": f"{traceback.format_exc()}"} | ||
|
||
return inference_response |
Check warning
Code scanning / CodeQL
Information exposure through an exception Medium
Stack trace information
Stack trace information
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix AI 28 days ago
To fix the problem, we need to ensure that stack traces are not exposed to the end user. Instead, we should log the stack trace on the server and return a generic error message to the user. This can be achieved by modifying the exception handling code to log the stack trace and return a generic error message.
- Modify the exception handling blocks to log the stack trace using the
logging
module. - Return a generic error message to the user instead of the stack trace.
-
Copy modified lines R118-R119 -
Copy modified lines R143-R144 -
Copy modified lines R170-R171 -
Copy modified lines R187-R188
@@ -117,3 +117,4 @@ | ||
except Exception as e: | ||
response = {"error": True, "message": f"{traceback.format_exc()}"} | ||
logging.error(traceback.format_exc()) | ||
response = {"error": True, "message": "An internal error has occurred."} | ||
|
||
@@ -141,3 +142,4 @@ | ||
except Exception as e: | ||
response = {"error": True, "message": f"{traceback.format_exc()}, exception {e}"} | ||
logging.error(traceback.format_exc()) | ||
response = {"error": True, "message": "An internal error has occurred."} | ||
|
||
@@ -167,3 +169,4 @@ | ||
except Exception as e: | ||
inference_response = {"error": True, "message": f"{traceback.format_exc()}"} | ||
logging.error(traceback.format_exc()) | ||
inference_response = {"error": True, "message": "An internal error has occurred."} | ||
|
||
@@ -183,3 +186,4 @@ | ||
except Exception as e: | ||
inference_response = {"error": True, "message": f"{traceback.format_exc()}"} | ||
logging.error(traceback.format_exc()) | ||
inference_response = {"error": True, "message": "An internal error has occurred."} | ||
|
|
GitGuardian id | GitGuardian status | Secret | Commit | Filename | |
---|---|---|---|---|---|
11782617 | Triggered | Generic High Entropy Secret | 0491bb7 | .github/workflows/registry-runners/Dockerfile | View secret |
5451874 | Triggered | Generic Password | 87ae30a | python/fedml/computing/scheduler/model_scheduler/master_job_runner.py | View secret |
11782618 | Triggered | Generic High Entropy Secret | a5bbcd2 | .github/workflows/registry-runners/windows.ps1 | View secret |
5692101 | Triggered | Generic High Entropy Secret | a932082 | python/fedml/computing/scheduler/model_scheduler/device_model_deployment.py | View secret |
9453265 | Triggered | Generic High Entropy Secret | 87ae30a | python/fedml/api/api_test.py | View secret |
8762943 | Triggered | Generic Password | 87ae30a | python/fedml/computing/scheduler/scheduler_core/compute_cache_manager.py | View secret |
🛠 Guidelines to remediate hardcoded secrets
- Understand the implications of revoking this secret by investigating where it is used in your code.
- Replace and store your secrets safely. Learn here the best practices.
- Revoke and rotate these secrets.
- If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.
To avoid such incidents in the future consider
- following these best practices for managing and storing secrets including API keys and other credentials
- install secret detection on pre-commit to catch secret before it leaves your machine and ease remediation.
🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.
check the gpu avaiablity using the random api to adapte the rental gpus.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ok
… the brand: TensorOpera ® AI
[update]Upgrade official website address: https://tensoropera.ai , and the brand: TensorOpera ® AI
undo "Welcome to FedML.ai!"
[bugfix]start_job_perf on execute_job_task
No description provided.