ClusterCockpit/cc-backend
1
0
Fork 0
mirror of https://github.com/ClusterCockpit/cc-backend synced 2026-06-08 12:47:29 +02:00
Code Issues Packages Releases Activity
2,804 Commits 6 Branches 18 Tags
af7528c8b2f3be84a550e441093576f8be49f77b
Commit Graph

114 Commits

Author SHA1 Message Date
Jan Eitzinger
16942f55a0 Fix medium-severity issues from follow-up security audit 
Addresses the remaining medium findings from the second-pass audit:

- DoS hardening: bound GraphQL query cost with FixedComplexityLimit, and
  reject non-positive items-per-page / page values so uint64 conversion
  cannot underflow into an unbounded LIMIT/OFFSET. The -1 "load all"
  sentinel stays valid for dashboards; REST now returns 400 for bad input.

- Security headers: add X-Content-Type-Options, X-Frame-Options,
  Referrer-Policy and a conservative CSP (frame-ancestors/object-src/
  base-uri) that hardens against clickjacking and base-tag injection
  without restricting the self-hosted SPA's inline scripts.

- Stored XSS: render job.metaData.message as escaped text instead of
  {@html ...} in Job.root and JobFootprint, preserving line breaks via
  white-space: pre-wrap.

- SQL injection hardening: parameterize the tag-scope IN list and the
  manager project subquery in CountTags instead of interpolating
  user.Username / user.Projects (externally sourced via OIDC/LDAP).

- CSRF defense-in-depth: reject cross-site state-changing requests via
  Sec-Fetch-Site, failing open for non-browser clients, on top of the
  existing SameSite=Lax session cookie.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Entire-Checkpoint: de7d47a85c7c
 2026-06-04 20:08:41 +02:00
Christoph Kluge
bc214f6cea add nullsafes to frontend 2026-03-13 14:20:45 +01:00
Christoph Kluge
49a1748641 add not configured info cards, show short job filter options if one active filter 2026-02-10 13:49:23 +01:00
Christoph Kluge
d1e7ea09bc review handling of disabled metrics in frontend 2026-02-09 15:33:59 +01:00
Christoph Kluge
c43d4a0f16 complete review of context initialization and access, streamlining 2026-02-06 17:51:57 +01:00
Christoph Kluge
dd56e75b50 improve detail on warning cards 2026-01-29 16:02:13 +01:00
Christoph Kluge
f26cabbdf1 Streamline missing data warnings, review logging 2026-01-29 15:17:33 +01:00
Christoph Kluge
e074bb315c review job info row layout 2026-01-26 11:53:19 +01:00
Christoph Kluge
1d41ff8190 add jobSummary conditional display 2026-01-16 17:26:24 +01:00
Christoph Kluge
faacf3f343 svelte state_referenced_locally warning fixes 
- change to derived where possible
- suppress warning elsewhere
- discussion here: sveltejs/svelte/issues/17289
 2026-01-15 18:17:45 +01:00
Christoph Kluge
31cfa8cd7c fix typo for tagEditDisplay 2025-10-08 12:58:02 +02:00
Christoph Kluge
32429f1481 adapt frontend for new uiConfig keys, add nodeOverview mutation 2025-10-02 18:10:33 +02:00
Aditya Ujeniya
3b9d05cc6d Fix exclusive to shared in svlete and graphql 2025-09-09 14:57:05 +02:00
Christoph Kluge
60ec7e54f5 Update component header, format, streamline SV5 components 2025-07-02 18:43:25 +02:00
Christoph Kluge
c4c422da57 Migrate jobList and jobListRow 2025-06-27 15:52:54 +02:00
Christoph Kluge
47843b2087 Optimize jobview gql query load 2025-06-27 11:15:17 +02:00
Christoph Kluge
c3a6126799 Migrate and rework job view metricplot wrapper 2025-06-26 18:41:27 +02:00
Christoph Kluge
db5f6c7540 Migrate plotgrid, adapt parent components with new snippets 2025-06-25 18:19:24 +02:00
Christoph Kluge
79a6c9e90d Migrate Job View 2025-06-25 17:41:11 +02:00
Christoph Kluge
927e25c72c Migrate metricSelection 2025-06-03 13:32:14 +02:00
Christoph Kluge
29ae2423f8 fix metricconfig pointer copy, add disabled metric card in jobView 
- skips disabled metrics in backend, see cc-backend tries to retrieve "removed" metrics #377
 2025-04-16 18:36:12 +02:00
Jan Eitzinger
d6b132e3a6 Merge branch 'master' into dev 2025-03-20 12:51:23 +01:00
Christoph Kluge
e9a214c5b2 fix: add nullSafe condition to monitoringStatus display on metric queryError 2025-03-19 14:57:27 +01:00
Christoph Kluge
8da2fc30c3 split statsTable data from jobMetrics query, frontend refactor 2025-03-14 16:36:31 +01:00
Christoph Kluge
f5f36427a4 split statsTable data from jobMetrics query, initial commit 
- mainly backend changes
- statstable changes only for prototyping
 2025-03-13 17:33:55 +01:00
Christoph Kluge
d0af933b35 feat: add subCluster level frontend keys for metric selections 
- applies to jobView and nodeList
 2025-03-06 15:39:15 +01:00
Christoph Kluge
fcc9e17664 change: remove metrics from job view select if unavailable on subCLuster 2025-03-03 17:24:54 +01:00
Christoph Kluge
b31aea7bc5 revert back to using globalMetrics in jobView metric default select 2025-02-28 14:40:27 +01:00
Christoph Kluge
5ce03c2db3 add metric selection count info to job view 2025-02-28 13:08:32 +01:00
Christoph Kluge
61bc095d01 fix: decouple polarPlot data query, add new dedicated gql endpoint 
- includes go package upgrades
- includes gqlgen error workaround
 2025-02-27 14:51:31 +01:00
Christoph Kluge
998ef8d834 fix: use job_view_selectedMetrics config instead of iterating globalMetrics 
- Caveat: Minimal Defaultset needs to be generally available on all clusters
 2025-02-19 16:40:25 +01:00
Christoph Kluge
58e678d72c fix: load jobView roofline on finest resolution separately by default, see #339 2025-02-17 18:24:28 +01:00
Christoph Kluge
1ee367d7be Merge branch 'hotfix' into add_detailed_nodelist 2025-01-07 14:07:41 +01:00
Christoph Kluge
a7395ed45b remove config for polarPlotMetrics 2024-12-04 13:57:05 +01:00
Christoph Kluge
3dfeabcec6 simplify plotGrid, add cancel to metricSelect, improve metricPlot render logic 2024-10-16 12:41:15 +02:00
Christoph Kluge
322e161064 cleanup leftover 2024-10-08 17:36:28 +02:00
Christoph Kluge
f616c7e1c6 remove width tags from slot defs 2024-10-08 15:26:09 +02:00
Christoph Kluge
7243dbe763 replace plotTable with new bootstrap plotGrid component 
- helps with narrow window sizes
- plotTable kept for now
 2024-10-02 17:48:46 +02:00
Christoph Kluge
b3222f3523 fix: archived statisticsSeries with mean data now shown again 2024-09-30 18:31:49 +02:00
Christoph Kluge
a9868fd275 display energySumary only if energy data is present 2024-09-30 16:43:38 +02:00
Christoph Kluge
48225662b1 feat: display energy usage in job view 
- optional emission constant config line added
 2024-09-27 13:45:44 +02:00
Christoph Kluge
8e3327ef6a Merge branch 'sample_resolution_select' into dev 2024-09-24 17:43:15 +02:00
Christoph Kluge
827f6daabc Merge branch '275_tag_scope_jobview_rework' into dev 2024-09-24 17:25:20 +02:00
Christoph Kluge
2567442321 Merge branch 'master' into dev 2024-09-24 17:22:14 +02:00
Christoph Kluge
e5275311c2 fix: fix crashing job view if roofline metrics missing 2024-09-24 14:37:39 +02:00
Christoph Kluge
d7a8bbf40b Rework tag and tag edit placement, add other feedback 
- admin message shown primarily if exists
- comment demo summary tab
 2024-09-18 17:23:29 +02:00
Christoph Kluge
9579887fc4 Merge branch '275_add_tag_scope' into 275_tag_scope_jobview_rework 2024-09-16 15:04:01 +02:00
Christoph Kluge
e29be2f140 fix missing scope field request for jobview 2024-09-16 15:03:38 +02:00
Christoph Kluge
f0de422c6e rework tagManagement modal render 2024-09-11 11:28:11 +02:00
Christoph Kluge
64cc19b252 remove icon from metric select, change color 2024-09-10 16:53:34 +02:00