Implement finch tracker

[atuchin-m]

For #741
Specs: https://docs.google.com/document/d/1hRWkAnJtPjyvFglUQE0GegtyNtcVkjFpHPssdJJAqN0/

Ready to review.

TODO:

• change private repo URL
• change slack group ID for notifications
• deploy new griffin.brave.com after the PR is merged

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Packages	Version	New capabilities	Transitives	Size	Publisher
protobufjs	7.2.5	None	+1	2.89 MB	google-wombot
eslint-plugin-licenses	1.0.2	None	+41	1.85 MB	fallaciousreasoning
eslint-config-prettier	9.0.0	environment	+41	1.81 MB	lydell
@types/react-dom	18.2.7	None	+0	30.2 kB	types
ts-jest	29.1.1	eval, filesystem, environment	+76	43.8 MB	kul
@typescript-eslint/parser	6.7.0	None	+53	42.9 MB	jameshenry
@commander-js/extra-typings	11.0.0	None	+1	224 kB	shadowspawn
protobufjs-cli	1.1.2	eval, filesystem, environment	+64	12.7 MB	google-wombot
webpack-dev-server	4.15.1	network, shell, environment	+200	15.3 MB	evilebottnawi
react	18.2.0	environment	+2	337 kB	gnoff
webpack-cli	4.10.0	environment	+47	7.46 MB	evilebottnawi
webpack	5.88.2	None	+31	6.65 MB	thelarkinn
react-dom	18.2.0	environment	+4	4.93 MB	gnoff
ts-loader	9.4.4	filesystem	+45	47.9 MB	johnnyreilly
style-loader	3.3.3	None	+32	6.71 MB	evilebottnawi
css-loader	5.2.7	None	+37	7.1 MB	evilebottnawi
commander	11.0.0	environment	+0	176 kB	abetomo
eslint-plugin-react	7.33.2	None	+62	4.76 MB	ljharb
eslint-plugin-prettier	5.0.0	None	+84	3.16 MB	jounqin
eslint-config-standard-with-typescript	39.0.0	None	+85	47.2 MB	mightyiam
typescript	5.2.2	filesystem	+0	40.6 MB	typescript-bot

🚮 Removed packages: css-loader@5.1.3, protobufjs@6.11.3, style-loader@2.0.0, vue@2.6.12, webpack@5.76.0, webpack-cli@4.5.0

[petemill]

This is great and I only have minimal feedback. I haven't run it with data yet because I don't know the params to give to npm run tracker. Could you provide them please and I'll look more at the UI?

In the meantime, if you want to use less CSS, less bootstrap and more Brave UI style, you might benefit from using the design system which exports react UI Components as well as css variables for colors / fonts / effects. The repo is at https://github.com/brave/leo and preview of all the components is at https://leo.bravesoftware.com/. You could simply use the Button, Toggle and Input components, if helpful.

[petemill]

nit: instead of using a utils file, consider either splitting to more specific-named files or perhaps even recognising that these are all similarly related and perhaps calling this config_params.ts or maybe just params.ts?

[atuchin-m]

Done, split the file.

[petemill]

does getSeedPath and getStudyPath belong in your (currently named) core_utils file?

[atuchin-m]

They are only for tracker, not relevant for web/core code.

[petemill]

If study.name is guaranteed to be unique, then it's not best practice to use i in the key as the re-use of elements won't be as optimized. But if items never get added or removed then it's irrelevant anyway.

[atuchin-m]

Sadly, study.name is not unique. There is not good key for the list.
Also, we load the lists once, so we could use index & seedType as key.

[petemill]

This should also be memoized if we're going to memoize in our children, in order to make sure each study object is ===.

[atuchin-m]

Done. Could you take a look?
I have a doubt that useMemo() work well for filter object that recreated each time we render.
Check in devtools that it's not a hot path.

[petemill]

I also created this PR based on this branch which starts webpack's dev web server and enables hot reloading of the UI. Also moves typescript compilation for the web project to webpack. #744

[atuchin-m]

This is great and I only have minimal feedback. I haven't run it with data yet because I don't know the params to give to npm run tracker. Could you provide them please and I'll look more at the UI?

Thanks for the feedback, @petemill.
To run the frontend: npm run build in 'srcthenpython3 -m http.serverinsrc/webAlso there is some issue with API access from localhost. Useuse-local-apibranch in this repo to bypass. To run the CI job usenpm run tracker -- /tmp/somedir`. Also https://github.com/brave/finch-data-private/blob/main/.github/workflows/finch-tracker.yml

In the meantime, if you want to use less CSS, less bootstrap and more Brave UI style, you might benefit from using the design system which exports react UI Components as well as css variables for colors / fonts / effects. The repo is at https://github.com/brave/leo and preview of all the components is at https://leo.bravesoftware.com/. You could simply use the Button, Toggle and Input components, if helpful.

Thanks, I will take a look. The idea to reuse leo repo sounds good to me. Although, the main purpose of this PR is to start collecting Finch data to the private repo and send notifications. So maybe we need another iteration for that.

[github-actions]

_{reported by reviewdog 🐶}
[semgrep] Detected a variable used in an anchor tag with the 'href' attribute. A malicious actor may be able to input the 'javascript:' URI, which could cause cross-site scripting (XSS). It is recommended to disallow 'javascript:' URIs within your application.

Source: https://semgrep.dev/r/typescript.react.security.audit.react-href-var.react-href-var


Cc @thypon @bcaller

[atuchin-m]

In fact, this could be only https:// URL. How to fix the warning?

[thypon]

function sanitizeUrl(url) {
    try {
        const ALLOWED_PROTOCOLS = ['http:', 'https:'];
        const trimmedUrl = url.trim();
        return ALLOWED_PROTOCOLS.includes(new URL(trimmedUrl, document.baseURI).protocol) ? trimmedUrl : '#';
    } catch(err) {
        return '#';
    }
}

Wrapping the link in a sanitizeUrl should do the trick, here

[atuchin-m]

@thypon Anything from your side? The files were moved a bit.

[petemill]

Nice. Just a couple minor suggestions that are up to you!

[thypon]

function sanitizeUrl(url) {
    try {
        const ALLOWED_PROTOCOLS = ['http:', 'https:'];
        const trimmedUrl = url.trim();
        return ALLOWED_PROTOCOLS.includes(new URL(trimmedUrl, document.baseURI).protocol) ? trimmedUrl : '#';
    } catch(err) {
        return '#';
    }
}

Wrapping the link in a sanitizeUrl should do the trick, here