Skip to content

updated the file upload system for configurable preprocessing pipeline#107

Closed
Stanley1414 wants to merge 6 commits intoRedback-Operations:mainfrom
Stanley1414:main
Closed

updated the file upload system for configurable preprocessing pipeline#107
Stanley1414 wants to merge 6 commits intoRedback-Operations:mainfrom
Stanley1414:main

Conversation

@Stanley1414
Copy link
Contributor

@Stanley1414 Stanley1414 commented Aug 19, 2025

A full README.md was uploaded and explains the file structure

Stanley1414 added 6 commits May 5, 2025 11:55
@Stanley1414
Integrated data aggregation into ETL pipeline: weekly statistics (tot…
9ee5019 
…al runs, total distance, avg speed, avg pace) added; saved cleaned data and stats.
@Stanley1414
Updated README: Garmin Run Data – ETL Pipeline update and data proces…
e519940 
…sing steps
@Stanley1414
Add files via upload
37b8eb4 
Added requirement gathering document for Project 3, including team discussions, stakeholder inputs, and data specifications.
@Stanley1414
config_preprocessing
ab7e06e
@Stanley1414
Merge branch 'Redback-Operations:main' into main
0be0e5d
@Stanley1414
config pre pipe
da35191
@github-actions
Copy link

github-actions bot commented Aug 19, 2025

🔒 Security Scan Results

🔒 Security Scan Results
=========================

Bandit Scan Results:
-------------------
Run started:2025-08-19 20:38:08.115605

Test results:
>> Issue: [B104:hardcoded_bind_all_interfaces] Possible binding to all interfaces.
   Severity: Medium   Confidence: Medium
   CWE: CWE-605 (https://cwe.mitre.org/data/definitions/605.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b104_hardcoded_bind_all_interfaces.html
   Location: ./Core DW Infrastructure/dremio-api/api.py:100:17
99	    port = int(os.getenv('FLASK_RUN_PORT', 5000))
100	    app.run(host='0.0.0.0', port=port)

--------------------------------------------------
>> Issue: [B104:hardcoded_bind_all_interfaces] Possible binding to all interfaces.
   Severity: Medium   Confidence: Medium
   CWE: CWE-605 (https://cwe.mitre.org/data/definitions/605.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b104_hardcoded_bind_all_interfaces.html
   Location: ./Core DW Infrastructure/flask/flaskapi_dw.py:86:17
85	if __name__ == '__main__':
86	    app.run(host='0.0.0.0', port=5000)  # Running on port 5000 IMPORTANT

--------------------------------------------------
>> Issue: [B104:hardcoded_bind_all_interfaces] Possible binding to all interfaces.
   Severity: Medium   Confidence: Medium
   CWE: CWE-605 (https://cwe.mitre.org/data/definitions/605.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b104_hardcoded_bind_all_interfaces.html
   Location: ./File Upload Service/flask/flaskapi_dw.py:86:17
85	if __name__ == '__main__':
86	    app.run(host='0.0.0.0', port=5000)  # Running on port 5000 IMPORTANT

--------------------------------------------------
>> Issue: [B104:hardcoded_bind_all_interfaces] Possible binding to all interfaces.
   Severity: Medium   Confidence: Medium
   CWE: CWE-605 (https://cwe.mitre.org/data/definitions/605.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b104_hardcoded_bind_all_interfaces.html
   Location: ./MongoDB_Connection/Project1/main.py:12:35
11	    debug_mode = os.environ.get('FLASK_DEBUG', 'False').lower() == 'true'
12	    app.run(debug=debug_mode, host='0.0.0.0')

--------------------------------------------------
>> Issue: [B104:hardcoded_bind_all_interfaces] Possible binding to all interfaces.
   Severity: Medium   Confidence: Medium
   CWE: CWE-605 (https://cwe.mitre.org/data/definitions/605.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b104_hardcoded_bind_all_interfaces.html
   Location: ./Structured Dremio Solution/Flask-api/api.py:100:17
99	    port = int(os.getenv('FLASK_RUN_PORT', 5000))
100	    app.run(host='0.0.0.0', port=port)

--------------------------------------------------
>> Issue: [B608:hardcoded_sql_expressions] Possible SQL injection vector through string-based query construction.
   Severity: Medium   Confidence: Low
   CWE: CWE-89 (https://cwe.mitre.org/data/definitions/89.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b608_hardcoded_sql_expressions.html
   Location: ./Structured Dremio Solution/Script/pipeline.py:168:12
167	    placeholders = ', '.join(['?' for _ in data[0]])
168	    query = f"INSERT INTO {table_name} VALUES ({placeholders})"
169	    cursor = conn.cursor()

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b108_hardcoded_tmp_directory.html
   Location: ./pre-processing/pre-processing.py:177:29
176	
177	            temp_file_path = f'/tmp/{obj.object_name}'
178	

--------------------------------------------------

Code scanned:
	Total lines of code: 2802
	Total lines skipped (#nosec): 0
	Total potential issues skipped due to specifically being disabled (e.g., #nosec BXXX): 0

Run metrics:
	Total issues (by severity):
		Undefined: 0
		Low: 12
		Medium: 7
		High: 0
	Total issues (by confidence):
		Undefined: 0
		Low: 1
		Medium: 6
		High: 12
Files skipped (0):

Dependency Check Results:
-----------------------

No critical security issues detected.

The code has passed all critical security checks.

jd-deakin
jd-deakin reviewed Aug 24, 2025
View reviewed changes
jd-deakin
jd-deakin reviewed Aug 24, 2025
View reviewed changes
File Upload Service/app/tabular.py
# Save Tabular Output
# ------------------------------
def save_processed_tabular(df, output_folder, logger=None):
os.makedirs(os.path.dirname(output_folder), exist_ok=True)
Copy link
Collaborator

@jd-deakin jd-deakin Aug 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

as prior comment re: yaml.
if an untrusted party can influence output_folder, they could overwrite files anywhere on the filesystem.

jd-deakin
jd-deakin approved these changes Aug 24, 2025
View reviewed changes
Copy link
Collaborator

@jd-deakin jd-deakin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Mid-to-high level of AI involvement in code generation to be noted for potential hidden security flaws.

This code in it's current state is okay to be run in local, trusted environments, where the attack surface is controlled. But would not be ready to use in a public-facing app.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jd-deakin jd-deakin jd-deakin approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Stanley1414 @jd-deakin