Skip to content
This repository has been archived by the owner on Sep 28, 2024. It is now read-only.

Addon for blocking request/response transformers #92

Draft
wants to merge 21 commits into
base: main
Choose a base branch
from
Draft

Addon for blocking request/response transformers #92

wants to merge 21 commits into from

Conversation

robbyt
Copy link
Owner

@robbyt robbyt commented Sep 14, 2024

No description provided.

@github-actions GitHub Actions
Copy link

github-actions bot commented Sep 14, 2024
edited
Loading

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails
pip/fastapi 0.114.2 UnknownUnknown
pip/ollama 0.3.3 UnknownUnknown
pip/starlette 0.38.5 🟢 6.1
Details
CheckScoreReason
Code-Review🟢 6Found 18/27 approved changesets -- score normalized to 6
Maintained🟢 1030 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities🟢 100 existing vulnerabilities detected
Security-Policy🟢 10security policy file detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
pip/uvicorn 0.30.6 🟢 6
Details
CheckScoreReason
Code-Review🟢 6Found 18/29 approved changesets -- score normalized to 6
Maintained🟢 1022 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Fuzzing⚠️ 0project is not fuzzed
Security-Policy🟢 10security policy file detected
Vulnerabilities🟢 91 existing vulnerabilities detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
pip/fastapi ^ 0.114.2 UnknownUnknown
pip/ollama ^ 0.3.3 UnknownUnknown
pip/uvicorn ^ 0.30.6 🟢 6
Details
CheckScoreReason
Code-Review🟢 6Found 18/29 approved changesets -- score normalized to 6
Maintained🟢 1022 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Fuzzing⚠️ 0project is not fuzzed
Security-Policy🟢 10security policy file detected
Vulnerabilities🟢 91 existing vulnerabilities detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
gomod/github.com/failsafe-go/failsafe-go 0.6.8 🟢 4.4
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10
Code-Review⚠️ 0Found 1/24 approved changesets -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities🟢 100 existing vulnerabilities detected
gomod/github.com/stretchr/objx 0.5.2 🟢 4.6
Details
CheckScoreReason
Code-Review🟢 8Found 14/17 approved changesets -- score normalized to 8
Maintained⚠️ 00 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities🟢 100 existing vulnerabilities detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0

Scanned Manifest Files

examples/python/poetry.lock
  • fastapi@0.114.2
  • ollama@0.3.3
  • starlette@0.38.5
  • uvicorn@0.30.6
examples/python/pyproject.toml
  • fastapi@^ 0.114.2
  • ollama@^ 0.3.3
  • uvicorn@^ 0.30.6
go.mod
  • github.com/failsafe-go/failsafe-go@0.6.8
  • github.com/stretchr/objx@0.5.2

@robbyt robbyt marked this pull request as draft September 14, 2024 01:45
@robbyt robbyt force-pushed the rterhaar/transformers branch 8 times, most recently from 9285fd4 to 70cfa1c Compare September 15, 2024 04:30
@robbyt robbyt mentioned this pull request Sep 15, 2024
Merged
@robbyt robbyt force-pushed the rterhaar/transformers branch 8 times, most recently from 7fdf6ea to 185d9de Compare September 19, 2024 00:54
@robbyt
add config for transformers config flags
2c9076c 
ws

add docs to commands

update help docs for new flags

update help docs for new flags

copy the raw user input to a field on the config struct

fix .String() representation of the transformers

fix .String() representation of the transformers

wip, going to switch to annotations

add config parser using tag annotations

minor go.mod updates, add retry module

minor go.mod updates, add retry module

go mod tidy

use the const instead of hard-coded tag for annotations loading
@robbyt
wip adding http transformer
c0ea749 
adjust logging

improve log output when using transformers
@robbyt
add a request closed helper for responding with a BadGateway error
0427ec2
@robbyt
move the transformers addon after the app loader
ea84bda 
fix panic from loading the fa, fix the interface
@robbyt
wip on transformers framework, pending implementation of http provider
773d2c1
@robbyt
split out the proxyError to a new file
509cf04 
add test for proxyError.go
@robbyt
add file transformer provider, update interface
ded7f68 
wip, http transformer needs work

wip, added new command transformer
@robbyt
swap out the req if a newReq has been set
c9b2859 
fix lint warnings
@robbyt
add an example SSN cleaner script
8cf8506
@robbyt
add the request merge code
dd1e58a
@robbyt
fix bulkhead code, disable it when concurrency < 1
54e5521
@robbyt
logging adjustments
9f3d9f2
@robbyt
add a filter to remove unchanged blocks in the test app
ff04892 
add fastapi

added rest/stdin mode for the example script

added rest/stdin mode for the example script
@robbyt
add type annotations to example script
117bd2d
@robbyt
after updating the LDC constructor, old bugs came out
a15fc37 
add some new JSON tools to the LDC
@robbyt
lots of work to get the transformer code working
85bbfd0 
remove extra test logging

rename, and add some comments

add tests for the posix runner

adding obx module for mocking

add tests for the file transformer

split out the mock runner from the file_test

reformat transformer help docs

disable the currently unused backpressure config field, add some more ideas for future options

new function name, rebase fix

wip adding context to healthcheck, for cancel

reorg some interfaces

reorg some interfaces
@robbyt
add an LLM based content rewriting example
a743b9b
@robbyt
relocate the constructor next to the struct def
66389f4
@robbyt
wg no longer needed for the transformers loader
5d4bdf3
@robbyt
rename function from rebase
b54e9f4
@robbyt
check close before adding to WG
e2cd1cb
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@robbyt