Merge pull request #718 from intel/push-2024-04-12

rdementi · web-flow · commit 6ab94d9fb96e · 2024-04-12T12:05:07.000+02:00
Push 2024 04 12
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -50,7 +50,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@47b3d888fe66b639e431abf22ebca059152f1eea # v3.24.5
+        uses: github/codeql-action/init@4355270be187e1b672a7a1c7c7bae5afdc1ab94a # v3.24.10
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -60,7 +60,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@47b3d888fe66b639e431abf22ebca059152f1eea # v3.24.5
+        uses: github/codeql-action/autobuild@4355270be187e1b672a7a1c7c7bae5afdc1ab94a # v3.24.10
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -73,6 +73,6 @@ jobs:
       #   ./location_of_script_within_repo/buildscript.sh
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@47b3d888fe66b639e431abf22ebca059152f1eea # v3.24.5
+        uses: github/codeql-action/analyze@4355270be187e1b672a7a1c7c7bae5afdc1ab94a # v3.24.10
         with:
           category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
@@ -73,6 +73,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@47b3d888fe66b639e431abf22ebca059152f1eea # v3.24.5
+        uses: github/codeql-action/upload-sarif@4355270be187e1b672a7a1c7c7bae5afdc1ab94a # v3.24.10
         with:
           sarif_file: results.sarif
diff --git a/scripts/grafana/clean.sh b/scripts/grafana/clean.sh
@@ -0,0 +1,4 @@
+
+
+rm -rf provisioning/datasources
+rm -rf *_volume
diff --git a/scripts/grafana/start-prometheus.sh b/scripts/grafana/start-prometheus.sh
@@ -1,49 +1,73 @@
 #!/bin/sh
 
-if [ "$#" -ne 1 ];
-then
+set -e
+
+usage() {
   echo
   echo "Usage: $0 target_address:port"
   echo
   echo "target_address is the hostname or IP address of the system that runs pcm-sensor-server"
+  echo
+  echo "Alternative usage: $0 filename"
+  echo
+  echo "Specify filename containing target_address:port in each line"
   exit 1
-fi
+}
 
-CTR_RUN=${CTR_RUN:-docker}
+# Validate the URL format and reject localhost or 127.0.0.1
+validate_url() {
+  local url=$1
+  local regex='^([a-zA-Z0-9.-]+):[0-9]+$'
+  local localhost_regex='^(localhost|127\.0\.0\.1):[0-9]+$'
 
-mkdir -p grafana_volume/dashboards
-mkdir -p prometheus_volume
+  if ! [[ $url =~ $regex ]]; then
+    echo "Error: The target_address ($url) provided is not in the correct format."
+    usage
+  fi
 
-chmod -R 777 *_volume
+  if [[ $url =~ $localhost_regex ]]; then
+    echo "Error: The target_address cannot be localhost or 127.0.0.1."
+    usage
+  fi
+}
 
-mkdir -p provisioning/datasources
-cp automatic_prometheus.yml provisioning/datasources/automatic.yml
+if [ "$#" -ne 1 ]; then
+  usage
+fi
 
+CTR_RUN=${CTR_RUN:-docker}
+
+mkdir -p grafana_volume/dashboards || { echo "Error creating grafana_volume/dashboards directory"; exit 1; }
+mkdir -p prometheus_volume || { echo "Error creating prometheus_volume directory"; exit 1; }
+
+chmod -R 777 *_volume || { echo "Error setting permissions on volume directories"; exit 1; }
 
+mkdir -p provisioning/datasources || { echo "Error creating provisioning/datasources directory"; exit 1; }
+cp automatic_prometheus.yml provisioning/datasources/automatic.yml || { echo "Error copying automatic_prometheus.yml"; exit 1; }
 
 # check if argument is file, create the prometheus.yml accordingly
 if [ -f "$1" ]; then
   echo "creating prometheus.yml for hosts in targets file";
-  head -n -1 "prometheus.yml.template" > prometheus.yml
+  head -n -1 "prometheus.yml.template" > prometheus.yml || { echo "Error creating prometheus.yml"; exit 1; }
   while read -r line; do
+    validate_url "$line"
     echo "    - targets: ['$line']" >> "prometheus.yml"
   done < "$1"
   echo Downloading PCM dashboard
-  curl -o grafana_volume/dashboards/pcm-dashboard.json $(head -1 $1)/dashboard/prometheus
-
+  curl -o grafana_volume/dashboards/pcm-dashboard.json $(head -1 "$1")/dashboard/prometheus || { echo "Error downloading PCM dashboard"; exit 1; }
 else
+  validate_url "$1"
   echo "creating prometheus.yml for $1 ";
-  sed "s#PCMSENSORSERVER#$1#g" prometheus.yml.template > prometheus.yml
+  sed "s#PCMSENSORSERVER#$1#g" prometheus.yml.template > prometheus.yml || { echo "Error creating prometheus.yml"; exit 1; }
   echo Downloading PCM dashboard
-  curl -o grafana_volume/dashboards/pcm-dashboard.json $1/dashboard/prometheus
+  curl -o grafana_volume/dashboards/pcm-dashboard.json "$1"/dashboard/prometheus || { echo "Error downloading PCM dashboard"; exit 1; }
 fi
 
 echo "Starting prometheus network"
-${CTR_RUN} network create prometheus-network
+${CTR_RUN} network create prometheus-network || { echo "Error creating prometheus network"; exit 1; }
 echo Starting prometheus
-${CTR_RUN} run --name prometheus --network=prometheus-network -d -p 9090:9090 -v $PWD/prometheus.yml:/etc/prometheus/prometheus.yml:Z -v $PWD/prometheus_volume:/prometheus:Z quay.io/prometheus/prometheus:latest
+${CTR_RUN} run --name prometheus --network=prometheus-network -d -p 9090:9090 -v "$PWD"/prometheus.yml:/etc/prometheus/prometheus.yml:Z -v "$PWD"/prometheus_volume:/prometheus:Z quay.io/prometheus/prometheus:latest || { echo "Error starting prometheus"; exit 1; }
 echo Starting grafana
-${CTR_RUN} run -d --network=prometheus-network --name=grafana -p 3000:3000 -v $PWD/grafana_volume:/var/lib/grafana:Z -v $PWD/provisioning:/etc/grafana/provisioning:Z docker.io/grafana/grafana:latest
-
-echo Start browser at http://localhost:3000/ and login with admin user, password admin
+${CTR_RUN} run -d --network=prometheus-network --name=grafana -p 3000:3000 -v "$PWD"/grafana_volume:/var/lib/grafana:Z -v "$PWD"/provisioning:/etc/grafana/provisioning:Z docker.io/grafana/grafana:latest || { echo "Error starting grafana"; exit 1; }
 
+echo "Start browser at http://"`hostname`":3000/ or http://localhost:3000/ and login with admin user, password admin"
diff --git a/scripts/grafana/start.sh b/scripts/grafana/start.sh
@@ -1,57 +1,77 @@
 #!/bin/sh
 
-if [ "$#" -ne 1 ];
-then
+set -e
+
+usage() {
   echo
   echo "Usage: $0 http(s)://target_address:port"
   echo
   echo "target_address is the hostname or IP address of the system that runs pcm-sensor-server"
   exit 1
-fi
+}
+
+# Validate the URL format and reject localhost or 127.0.0.1
+validate_url() {
+  local url=$1
+  local regex='^https?://([a-zA-Z0-9.-]+):[0-9]+$'
+  local localhost_regex='^(https?://)?(localhost|127\.0\.0\.1):[0-9]+$'
+
+  if ! [[ $url =~ $regex ]]; then
+    echo "Error: The URL provided is not in the correct format."
+    usage
+  fi
 
+  if [[ $url =~ $localhost_regex ]]; then
+    echo "Error: The target_address cannot be localhost or 127.0.0.1."
+    usage
+  fi
+}
 
-mkdir -p grafana_volume/dashboards
-mkdir -p influxdb_volume
+if [ "$#" -ne 1 ]; then
+  usage
+fi
+
+validate_url "$1"
 
-chmod -R 777 *_volume
+mkdir -p grafana_volume/dashboards || { echo "Error creating grafana_volume/dashboards directory"; exit 1; }
+mkdir -p influxdb_volume || { echo "Error creating influxdb_volume directory"; exit 1; }
 
-mkdir -p provisioning/datasources
-cp automatic_influxdb.yml provisioning/datasources/automatic.yml
+chmod -R 777 *_volume || { echo "Error setting permissions on volume directories"; exit 1; }
 
+mkdir -p provisioning/datasources || { echo "Error creating provisioning/datasources directory"; exit 1; }
+cp automatic_influxdb.yml provisioning/datasources/automatic.yml || { echo "Error copying automatic_influxdb.yml"; exit 1; }
 
 CTR_RUN=${CTR_RUN:-docker}
 
 # check if argument is file, create the telegraf.conf accordingly
 if [ -f "$1" ]; then
   echo "creating telegraf.conf for hosts in targets file";
-  head -n -7 "telegraf.conf.template" > telegraf.conf
+  head -n -7 "telegraf.conf.template" > telegraf.conf || { echo "Error creating telegraf.conf"; exit 1; }
   while IFS='' read -r line || [[ -n "$line" ]]; do
     # Split the line at the : character to get the IP and port
     ip=$(echo "$line" | cut -d ':' -f 1)
     port=$(echo "$line" | cut -d ':' -f 2)
     # Append the transformed line to the output file, separated by a comma
     echo -n "\"http://$ip:$port/persecond/\"," >> telegraf.conf
-  done < $1
-  sed -i '$ s/,$//' telegraf.conf
-  tail -n -6 "telegraf.conf.template" >> telegraf.conf
+  done < "$1"
+  sed -i '$ s/,$//' telegraf.conf || { echo "Error editing telegraf.conf"; exit 1; }
+  tail -n -6 "telegraf.conf.template" >> telegraf.conf || { echo "Error appending to telegraf.conf"; exit 1; }
   echo Downloading PCM dashboard
-  curl -o grafana_volume/dashboards/pcm-dashboard.json $(head -1 $1)/dashboard
-
+  curl -o grafana_volume/dashboards/pcm-dashboard.json $(head -1 "$1")/dashboard || { echo "Error downloading PCM dashboard"; exit 1; }
 else
   echo "creating telegraf.conf for $1 ";
-  sed "s#PCMSENSORSERVER#$1#g" telegraf.conf.template > telegraf.conf
+  sed "s#PCMSENSORSERVER#$1#g" telegraf.conf.template > telegraf.conf || { echo "Error creating telegraf.conf"; exit 1; }
   echo Downloading PCM dashboard
-  curl -o grafana_volume/dashboards/pcm-dashboard.json $1/dashboard
+  curl -o grafana_volume/dashboards/pcm-dashboard.json "$1"/dashboard || { echo "Error downloading PCM dashboard"; exit 1; }
 fi
 
 echo "Creating influxdb network"
-${CTR_RUN} network create influxdb-network
+${CTR_RUN} network create influxdb-network || { echo "Error creating influxdb network"; exit 1; }
 echo Starting influxdb
-${CTR_RUN} run -d --name influxdb -p 8083:8083 -p 8086:8086 --network=influxdb-network -v $PWD/influxdb_volume:/var/lib/influxdb influxdb:1.8.0-alpine
+${CTR_RUN} run -d --name influxdb -p 8083:8083 -p 8086:8086 --network=influxdb-network -v "$PWD"/influxdb_volume:/var/lib/influxdb influxdb:1.8.0-alpine || { echo "Error starting influxdb"; exit 1; }
 echo Starting telegraf
-${CTR_RUN} run -d --name telegraf --network=influxdb-network -v $PWD/telegraf.conf:/etc/telegraf/telegraf.conf:ro telegraf
+${CTR_RUN} run -d --name telegraf --network=influxdb-network -v "$PWD"/telegraf.conf:/etc/telegraf/telegraf.conf:ro telegraf || { echo "Error starting telegraf"; exit 1; }
 echo Starting grafana
-${CTR_RUN} run -d --network=influxdb-network --name grafana -p 3000:3000 -v $PWD/provisioning:/etc/grafana/provisioning -v $PWD/grafana_volume:/var/lib/grafana grafana/grafana
-
-echo Start browser at http://localhost:3000/ and login with admin user, password admin
+${CTR_RUN} run -d --network=influxdb-network --name grafana -p 3000:3000 -v "$PWD"/provisioning:/etc/grafana/provisioning -v "$PWD"/grafana_volume:/var/lib/grafana grafana/grafana || { echo "Error starting grafana"; exit 1; }
 
+echo "Start browser at http://"`hostname`":3000/ or http://localhost:3000/ and login with admin user, password admin"

-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
++
++
 +rm -rf provisioning/datasources
 +rm -rf *_volume