Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Flask implementation #39

Merged
merged 21 commits into from
Oct 31, 2024
Merged

Flask implementation #39

merged 21 commits into from
Oct 31, 2024

Conversation

ChristianFredrikJohnsen
Copy link
Collaborator

Add web-page and change the pre-processing.

Ludvig Øvrevik and others added 21 commits October 29, 2024 22:08
feat: implemented a frontend using flask
74b0173
feat: open rendering on the website
2b1c536
fix: fix bug in how everything is shown on the screen
ec28192
@BrageHK @ChristianFredrikJohnsen
feat: added cores parameter
45fdf43
@ChristianFredrikJohnsen
fix: update file paths in gui_with_pygame to reflect the new setup.
2d68aac
@BrageHK @ChristianFredrikJohnsen
fixed main
897439e
@Hako2807 @ChristianFredrikJohnsen
fix: fix random things
b1474fe
@BrageHK @ChristianFredrikJohnsen
feat: added cores parameter
eb8f8b2
@ChristianFredrikJohnsen
fix: update file paths in gui_with_pygame to reflect the new setup.
67e02c0
@ChristianFredrikJohnsen
style: add back uncommented code. Code is required to ensure that you…
b925a3f 
… don't delete all populaitons.
@ChristianFredrikJohnsen
fix: ship mario_frames and genome_frames to correct folder (folder wi…
2ea626b 
…th same name as neat object). + refactor main.py -> play_genome().
@ChristianFredrikJohnsen
fix: do not remove specie twice in check_individual_improvements.
14fdd62
@ChristianFredrikJohnsen
fix: add neat_name parameter to visualize_genome_test.py
f28eb24
@ChristianFredrikJohnsen
fix: updated file path for genome_frames.
b7d4cd5
@ChristianFredrikJohnsen
fix: save neat-object after each iteration. IDUN does not save neat o…
aa679fd 
…n process timeout.
@ChristianFredrikJohnsen
fix: include neat_name in debug_env in app.py
ecc9acb
@ChristianFredrikJohnsen
fix: remove unused and faulty code in run_game_debug.
f07d9be
feat: less preprocessing, 800 inout instead of 200
cfb47e3
Co-authored-by: kapi0okapi <[email protected]>
c12a242 
Co-authored-by: Håkon Støren <[email protected]>
Co-authored-by: Christian Fredrik Johnsen <[email protected]>
refactor: Update pixel count reduction in MarioJoypadSpace class
a330f24
@ChristianFredrikJohnsen
Merge branch 'main' into flask-implementation
9ca6c90
github-advanced-security[bot]
github-advanced-security bot found potential problems Oct 31, 2024
View reviewed changes
app.py
avg_fitnesses = []
min_fitnesses = []

if not os.path.exists(fitness_file_path):

Check failure

Code scanning / CodeQL

Uncontrolled data used in path expression High

This path depends on a
user-provided value
Loading
.

Copilot Autofix AI 2 months ago

To fix the problem, we need to validate the neat_name parameter to ensure it does not contain any malicious input that could lead to directory traversal or access to unauthorized files. We can achieve this by normalizing the path and ensuring it stays within a predefined safe directory. Additionally, we can use a whitelist of allowed directory names to further restrict the input.

  1. Normalize the path using os.path.normpath to remove any ".." segments.
  2. Ensure the normalized path starts with the base directory.
  3. Optionally, use a whitelist to restrict the allowed directory names.
Suggested changeset 1
app.py

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/app.py b/app.py
--- a/app.py
+++ b/app.py
@@ -158,3 +158,10 @@
     """Parse fitness values from the fitness file"""
-    fitness_file_path = f'data/{neat_name}/fitness/fitness_values.txt'
+    base_path = 'data'
+    fitness_file_path = os.path.normpath(os.path.join(base_path, neat_name, 'fitness', 'fitness_values.txt'))
+    
+    # Ensure the path is within the base directory
+    if not fitness_file_path.startswith(os.path.abspath(base_path)):
+        logging.error(f"Invalid path: {fitness_file_path}")
+        return [], [], [], []
+    
     generations = []
EOF
@@ -158,3 +158,10 @@
"""Parse fitness values from the fitness file"""
fitness_file_path = f'data/{neat_name}/fitness/fitness_values.txt'
base_path = 'data'
fitness_file_path = os.path.normpath(os.path.join(base_path, neat_name, 'fitness', 'fitness_values.txt'))

# Ensure the path is within the base directory
if not fitness_file_path.startswith(os.path.abspath(base_path)):
logging.error(f"Invalid path: {fitness_file_path}")
return [], [], [], []

generations = []
Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
app.py
return [], [], [], []

try:
with open(fitness_file_path, 'r') as f:

Check failure

Code scanning / CodeQL

Uncontrolled data used in path expression High

This path depends on a
user-provided value
Loading
.

Copilot Autofix AI 2 months ago

To fix the problem, we need to validate the neat_name parameter to ensure it does not contain any malicious input that could lead to directory traversal or unauthorized file access. We will:

  1. Normalize the path using os.path.normpath to remove any ".." segments.
  2. Ensure that the normalized path starts with the intended base directory.
  3. Optionally, use a whitelist of allowed directory names if the set of valid neat_name values is known and limited.
Suggested changeset 1
app.py

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/app.py b/app.py
--- a/app.py
+++ b/app.py
@@ -158,3 +158,4 @@
     """Parse fitness values from the fitness file"""
-    fitness_file_path = f'data/{neat_name}/fitness/fitness_values.txt'
+    base_path = 'data'
+    fitness_file_path = os.path.normpath(os.path.join(base_path, neat_name, 'fitness', 'fitness_values.txt'))
     generations = []
@@ -164,2 +165,6 @@
     
+    if not fitness_file_path.startswith(os.path.join(base_path, neat_name)):
+        logging.error(f"Invalid fitness file path: {fitness_file_path}")
+        return [], [], [], []
+    
     if not os.path.exists(fitness_file_path):
EOF
@@ -158,3 +158,4 @@
"""Parse fitness values from the fitness file"""
fitness_file_path = f'data/{neat_name}/fitness/fitness_values.txt'
base_path = 'data'
fitness_file_path = os.path.normpath(os.path.join(base_path, neat_name, 'fitness', 'fitness_values.txt'))
generations = []
@@ -164,2 +165,6 @@

if not fitness_file_path.startswith(os.path.join(base_path, neat_name)):
logging.error(f"Invalid fitness file path: {fitness_file_path}")
return [], [], [], []

if not os.path.exists(fitness_file_path):
Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
@ChristianFredrikJohnsen ChristianFredrikJohnsen merged commit 883bb80 into main Oct 31, 2024
2 of 3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ChristianFredrikJohnsen @BrageHK @Hako2807