aliz-ai / gcpimp Goto Github PK

Vulnerabilities

DepShield reports that this application's usage of tunnel-agent:0.4.3 results in the following vulnerability(s):

• (CVSS 8.2) CWE-20: Improper Input Validation

Occurrences

tunnel-agent:0.4.3 is a transitive dependency introduced by the following direct dependency(s):

• node-sass:4.9.0
        └─ request:2.79.0
              └─ tunnel-agent:0.4.3

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of lodash.assign:4.2.0 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)

Occurrences

lodash.assign:4.2.0 is a transitive dependency introduced by the following direct dependency(s):

• node-sass:4.9.0
        └─ lodash.assign:4.2.0

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Users can change the localization of the cloud console (https://console.cloud.google.com/user-preferences/languages)

"Some of the dependencies defined in these manifest files have known security vulnerabilities and should be updated:
package-lock.json 2 vulnerabilities found"

see https://github.com/Doctusoft/gcpimp/network/dependencies

relates to #3

The user should be able to define in what currency he wants to see the cost metrics.

The currencyCode is a ISO 4217 code that can be specified as a parameter in
https://cloud.google.com/billing/reference/rest/v1/services.skus/list

Vulnerabilities

DepShield reports that this application's usage of lodash.clone:4.5.0 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)

Occurrences

lodash.clone:4.5.0 is a transitive dependency introduced by the following direct dependency(s):

• parcel:1.9.4
        └─ babylon-walk:1.0.2
              └─ lodash.clone:4.5.0

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of lodash.clonedeep:4.5.0 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)

Occurrences

lodash.clonedeep:4.5.0 is a transitive dependency introduced by the following direct dependency(s):

• node-sass:4.9.0
        └─ lodash.clonedeep:4.5.0

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

The user could define the preferred currency per project in addition to the global setting.

relates to: #14 #3

The popup could show information from:
https://status.cloud.google.com/

On the bigquery dataset page (https://bigquery.cloud.google.com/dataset/{projectId}:{datasetId}) we should insert a new row into the table under "Details": the total size of all tables in the dataset.

Cost metrics that are above 1000 can be displayed in various ways, like
1 234,567
1.234,567
1,234.567
And it is not currently handled well.

Dataflow has an experimental feature where instead of the workers an external service shuffles the data between the nodes.
This service has a cost associated with it (in the SKU response search for "ShuffleService").

Looks like this:

Plugin should have a config page where we can add projectIds. If we view a project in this list, re-color the cloud console from blue to red.

The project could not be analyzed because of maven build errors. Please review the error messages here. Another build will be scheduled within 24 hours. If the build is successful this issue will be closed, otherwise the error message will be updated.

_{This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.}

Each feature should be a separate feature toggled by the end user.
Exaample modules:

• dataflow pipeline cost metric
• storage file preview
• header color changer

The idea is to allow users to disable features they don't use thus reducing the impact of the plugin on their system.

GitHub scanned the dependencies, found these problems:
https://github.com/Doctusoft/gcpimp/network/dependencies

Check and fix if valid.

Whenever we calculate the cost of something, we should also indicate that this is an approximation and the final cost might differ from what we show. We are not responsible for anything blah blah

In Cloud Storage, each file should have an option to "preview" it (download the first 5-10 kBytes and show it). It has to work for text files only (not PDF/image/etc)

Dataflow job detail page (https://console.cloud.google.com/dataflow?project=projectId -> go to any job), on the right hand panel, under "Resource metrics", add two new rows:

• Current cost: how much this job is costing us with the current machine number
• Total cost: how much it has already cost us since the beginning

Note that the page looks different for batch/streaming jobs (and possibli for SDK1/2 jobs as well)