Updated with backend integration #109

ishita230702 · 2025-09-30T14:35:52Z

No description provided.

…rvices

github-actions · 2025-09-30T14:36:50Z

🔒 Security Scan Results

🔒 Security Scan Results
=========================

Bandit Scan Results:
-------------------
Run started:2025-09-30 14:36:49.619826

Test results:
>> Issue: [B614:pytorch_load] Use of unsafe PyTorch load
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b614_pytorch_load.html
   Location: ./Player_Tracking/YOLOV3_Model/YOLOV3/utils/utils.py:468:8
467	    # Strip optimizer from *.pt files for lighter files (reduced by 2/3 size)
468	    a = torch.load(filename, map_location='cpu')
469	    a['optimizer'] = []

--------------------------------------------------
>> Issue: [B113:request_without_timeout] Call to requests without timeout
   Severity: Medium   Confidence: Low
   CWE: CWE-400 (https://cwe.mitre.org/data/definitions/400.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b113_request_without_timeout.html
   Location: ./Player_Tracking/afl_player_tracking_and_crowd_monitoring/backend/routes/crowd.py:80:27
79	                    files = {"file": (frame_path.name, f, "image/jpeg")}
80	                    resp = requests.post(CROWD_API_URL, files=files)
81	

--------------------------------------------------
>> Issue: [B113:request_without_timeout] Call to httpx with timeout set to None
   Severity: Medium   Confidence: Low
   CWE: CWE-400 (https://cwe.mitre.org/data/definitions/400.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b113_request_without_timeout.html
   Location: ./Player_Tracking/afl_player_tracking_and_crowd_monitoring/backend/routes/inference.py:57:19
56	    try:
57	        async with httpx.AsyncClient(timeout=None) as client:
58	            resp = await client.get(orig_url)

--------------------------------------------------
>> Issue: [B113:request_without_timeout] Call to httpx with timeout set to None
   Severity: Medium   Confidence: Low
   CWE: CWE-400 (https://cwe.mitre.org/data/definitions/400.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b113_request_without_timeout.html
   Location: ./Player_Tracking/afl_player_tracking_and_crowd_monitoring/backend/routes/inference.py:93:19
92	        # 🔹 Call player tracking microservice
93	        async with httpx.AsyncClient(timeout=None) as client:
94	            with abs_path.open("rb") as f:

--------------------------------------------------
>> Issue: [B113:request_without_timeout] Call to requests without timeout
   Severity: Medium   Confidence: Low
   CWE: CWE-400 (https://cwe.mitre.org/data/definitions/400.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b113_request_without_timeout.html
   Location: ./Player_Tracking/afl_player_tracking_and_crowd_monitoring/backend/test_tracking.py:26:23
25	            files = {'file': (SAMPLE_CSV, f, 'text/csv')}
26	            response = requests.post(f"{BASE_URL}/api/v1/tracking/upload-csv", files=files)
27	        

--------------------------------------------------
>> Issue: [B113:request_without_timeout] Call to requests without timeout
   Severity: Medium   Confidence: Low
   CWE: CWE-400 (https://cwe.mitre.org/data/definitions/400.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b113_request_without_timeout.html
   Location: ./Player_Tracking/afl_player_tracking_and_crowd_monitoring/backend/test_tracking.py:48:23
47	            files = {'file': (SAMPLE_CSV, f, 'text/csv')}
48	            response = requests.post(f"{BASE_URL}/api/v1/tracking/player-stats", files=files)
49	        

--------------------------------------------------
>> Issue: [B113:request_without_timeout] Call to requests without timeout
   Severity: Medium   Confidence: Low
   CWE: CWE-400 (https://cwe.mitre.org/data/definitions/400.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b113_request_without_timeout.html
   Location: ./Player_Tracking/afl_player_tracking_and_crowd_monitoring/backend/test_tracking.py:79:23
78	            files = {'file': (SAMPLE_CSV, f, 'text/csv')}
79	            response = requests.post(f"{BASE_URL}/api/v1/tracking/available-players", files=files)
80	        

--------------------------------------------------
>> Issue: [B113:request_without_timeout] Call to requests without timeout
   Severity: Medium   Confidence: Low
   CWE: CWE-400 (https://cwe.mitre.org/data/definitions/400.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b113_request_without_timeout.html
   Location: ./Player_Tracking/afl_player_tracking_and_crowd_monitoring/backend/test_tracking.py:113:23
112	            }
113	            response = requests.post(f"{BASE_URL}/api/v1/tracking/generate-heatmap", files=files)
114	        

--------------------------------------------------
>> Issue: [B113:request_without_timeout] Call to requests without timeout
   Severity: Medium   Confidence: Low
   CWE: CWE-400 (https://cwe.mitre.org/data/definitions/400.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b113_request_without_timeout.html
   Location: ./Player_Tracking/afl_player_tracking_and_crowd_monitoring/backend/test_tracking.py:121:31
120	            # Test retrieving the heatmap
121	            heatmap_response = requests.get(f"{BASE_URL}/api/v1/tracking/heatmap/{data['filename']}")
122	            if heatmap_response.status_code == 200:

--------------------------------------------------
>> Issue: [B113:request_without_timeout] Call to requests without timeout
   Severity: Medium   Confidence: Low
   CWE: CWE-400 (https://cwe.mitre.org/data/definitions/400.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b113_request_without_timeout.html
   Location: ./Player_Tracking/afl_player_tracking_and_crowd_monitoring/backend/test_tracking.py:147:23
146	            files = {'file': (SAMPLE_CSV, f, 'text/csv')}
147	            response = requests.post(f"{BASE_URL}/api/v1/tracking/player-movement/{player_ids[0]}", files=files)
148	        

--------------------------------------------------
>> Issue: [B113:request_without_timeout] Call to requests without timeout
   Severity: Medium   Confidence: Low
   CWE: CWE-400 (https://cwe.mitre.org/data/definitions/400.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b113_request_without_timeout.html
   Location: ./Player_Tracking/afl_player_tracking_and_crowd_monitoring/backend/test_tracking.py:168:19
167	    try:
168	        response = requests.delete(f"{BASE_URL}/api/v1/tracking/cleanup-heatmaps")
169	        

--------------------------------------------------
>> Issue: [B113:request_without_timeout] Call to requests without timeout
   Severity: Medium   Confidence: Low
   CWE: CWE-400 (https://cwe.mitre.org/data/definitions/400.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b113_request_without_timeout.html
   Location: ./Player_Tracking/afl_player_tracking_and_crowd_monitoring/backend/test_tracking.py:190:19
189	    try:
190	        response = requests.get(f"{BASE_URL}/")
191	        if response.status_code != 200:

--------------------------------------------------
>> Issue: [B614:pytorch_load] Use of unsafe PyTorch load
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b614_pytorch_load.html
   Location: ./Player_Tracking/tennis_tracking/court_line_detector/court_line_detector.py:10:35
9	        self.model.fc = torch.nn.Linear(self.model.fc.in_features,14*2)
10	        self.model.load_state_dict(torch.load(model_path,map_location='cpu'))
11	

--------------------------------------------------
>> Issue: [B301:blacklist] Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_calls.html#b301-pickle
   Location: ./Player_Tracking/tennis_tracking/trackers/ball_tracker.py:61:34
60	            with open(stub_path,'rb') as f:
61	                ball_detections = pickle.load(f)
62	            return ball_detections

--------------------------------------------------
>> Issue: [B301:blacklist] Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_calls.html#b301-pickle
   Location: ./Player_Tracking/tennis_tracking/trackers/player_tracker.py:53:36
52	            with open(stub_path,'rb') as f:
53	                player_detections = pickle.load(f)
54	            return player_detections

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b108_hardcoded_tmp_directory.html
   Location: ./data_streaming_backend/airflow/dags/heatmaps_kafka.py:44:49
43	    coco_names = os.getenv('COCO_NAMES')
44	    tmp_output_dir = os.getenv('TMP_OUTPUT_DIR', '/tmp')
45	

--------------------------------------------------
>> Issue: [B310:blacklist] Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
   Severity: Medium   Confidence: High
   CWE: CWE-22 (https://cwe.mitre.org/data/definitions/22.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_calls.html#b310-urllib-urlopen
   Location: ./data_streaming_backend/airflow/dags/heatmaps_kafka.py:48:12
47	        if not os.path.exists(yolo_config):
48	            urllib.request.urlretrieve("https://raw.githubusercontent.com/AlexeyAB/darknet/master/cfg/yolov4.cfg", yolo_config)
49	        if not os.path.exists(yolo_weights):

--------------------------------------------------
>> Issue: [B310:blacklist] Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
   Severity: Medium   Confidence: High
   CWE: CWE-22 (https://cwe.mitre.org/data/definitions/22.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_calls.html#b310-urllib-urlopen
   Location: ./data_streaming_backend/airflow/dags/heatmaps_kafka.py:50:12
49	        if not os.path.exists(yolo_weights):
50	            urllib.request.urlretrieve("https://github.com/AlexeyAB/darknet/releases/download/yolov4/yolov4.weights", yolo_weights)
51	        if not os.path.exists(coco_names):

--------------------------------------------------
>> Issue: [B310:blacklist] Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
   Severity: Medium   Confidence: High
   CWE: CWE-22 (https://cwe.mitre.org/data/definitions/22.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_calls.html#b310-urllib-urlopen
   Location: ./data_streaming_backend/airflow/dags/heatmaps_kafka.py:52:12
51	        if not os.path.exists(coco_names):
52	            urllib.request.urlretrieve("https://raw.githubusercontent.com/pjreddie/darknet/master/data/coco.names", coco_names)
53	    except Exception as e:

--------------------------------------------------
>> Issue: [B113:request_without_timeout] Call to requests without timeout
   Severity: Medium   Confidence: Low
   CWE: CWE-400 (https://cwe.mitre.org/data/definitions/400.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b113_request_without_timeout.html
   Location: ./data_streaming_backend/api.py:216:19
215	        validate_url(health_url)
216	        response = requests.get(health_url)
217	        if response.status_code == 200:

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b108_hardcoded_tmp_directory.html
   Location: ./data_streaming_backend/detect_faces_and_features.py:16:16
15	    'RESULTS_TOPIC': 'face_results',
16	    'YOLO_CFG': '/tmp/yolov4-face.cfg',
17	    'YOLO_WEIGHTS': '/tmp/yolov4-face.weights',
18	    'MASK_MODEL': '/tmp/mask_detector.model',
19	    'AGE_PROTO': '/tmp/age_deploy.prototxt',
20	    'AGE_MODEL': '/tmp/age_net.caffemodel',
21	    'EMOTION_MODEL': '/tmp/emotion-ferplus-8.onnx'
22	}
23	
24	def detect_faces_and_features():
25	    import os
26	    import cv2
27	    import io

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b108_hardcoded_tmp_directory.html
   Location: ./data_streaming_backend/detect_faces_and_features.py:17:20
16	    'YOLO_CFG': '/tmp/yolov4-face.cfg',
17	    'YOLO_WEIGHTS': '/tmp/yolov4-face.weights',
18	    'MASK_MODEL': '/tmp/mask_detector.model',
19	    'AGE_PROTO': '/tmp/age_deploy.prototxt',
20	    'AGE_MODEL': '/tmp/age_net.caffemodel',
21	    'EMOTION_MODEL': '/tmp/emotion-ferplus-8.onnx'
22	}
23	
24	def detect_faces_and_features():
25	    import os
26	    import cv2
27	    import io
28	    import json

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b108_hardcoded_tmp_directory.html
   Location: ./data_streaming_backend/detect_faces_and_features.py:18:18
17	    'YOLO_WEIGHTS': '/tmp/yolov4-face.weights',
18	    'MASK_MODEL': '/tmp/mask_detector.model',
19	    'AGE_PROTO': '/tmp/age_deploy.prototxt',
20	    'AGE_MODEL': '/tmp/age_net.caffemodel',
21	    'EMOTION_MODEL': '/tmp/emotion-ferplus-8.onnx'
22	}
23	
24	def detect_faces_and_features():
25	    import os
26	    import cv2
27	    import io
28	    import json
29	    import numpy as np

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b108_hardcoded_tmp_directory.html
   Location: ./data_streaming_backend/detect_faces_and_features.py:19:17
18	    'MASK_MODEL': '/tmp/mask_detector.model',
19	    'AGE_PROTO': '/tmp/age_deploy.prototxt',
20	    'AGE_MODEL': '/tmp/age_net.caffemodel',
21	    'EMOTION_MODEL': '/tmp/emotion-ferplus-8.onnx'
22	}
23	
24	def detect_faces_and_features():
25	    import os
26	    import cv2
27	    import io
28	    import json
29	    import numpy as np
30	    import urllib.request

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b108_hardcoded_tmp_directory.html
   Location: ./data_streaming_backend/detect_faces_and_features.py:20:17
19	    'AGE_PROTO': '/tmp/age_deploy.prototxt',
20	    'AGE_MODEL': '/tmp/age_net.caffemodel',
21	    'EMOTION_MODEL': '/tmp/emotion-ferplus-8.onnx'
22	}
23	
24	def detect_faces_and_features():
25	    import os
26	    import cv2
27	    import io
28	    import json
29	    import numpy as np
30	    import urllib.request
31	    from PIL import Image

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b108_hardcoded_tmp_directory.html
   Location: ./data_streaming_backend/detect_faces_and_features.py:21:21
20	    'AGE_MODEL': '/tmp/age_net.caffemodel',
21	    'EMOTION_MODEL': '/tmp/emotion-ferplus-8.onnx'
22	}
23	
24	def detect_faces_and_features():
25	    import os
26	    import cv2
27	    import io
28	    import json
29	    import numpy as np
30	    import urllib.request
31	    from PIL import Image
32	    from kafka import KafkaConsumer, KafkaProducer

--------------------------------------------------
>> Issue: [B310:blacklist] Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
   Severity: Medium   Confidence: High
   CWE: CWE-22 (https://cwe.mitre.org/data/definitions/22.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_calls.html#b310-urllib-urlopen
   Location: ./data_streaming_backend/detect_faces_and_features.py:36:12
35	        if not os.path.exists(path):
36	            urllib.request.urlretrieve(url, path)
37	

--------------------------------------------------

Code scanned:
	Total lines of code: 10178
	Total lines skipped (#nosec): 4
	Total potential issues skipped due to specifically being disabled (e.g., #nosec BXXX): 0

Run metrics:
	Total issues (by severity):
		Undefined: 0
		Low: 43
		Medium: 27
		High: 0
	Total issues (by confidence):
		Undefined: 0
		Low: 12
		Medium: 8
		High: 50
Files skipped (0):

✅ No critical security issues detected.

The code has passed all critical security checks.

ishita230702 and others added 25 commits September 6, 2025 09:16

Replace Player Tracking frontend with AFL Dashboard implementation

35a7e21

Replace Player Tracking frontend with cleaned version

1d73763

Update oauth.ts

0d421c4

Code Clean Refactored

f33d1a5

Player stats refactored

6013b82

Add backend + tracking_code + frontend, ignore node_modules

b5fb7ec

Add requirements.txt and README.md for player tracking and backend se…

31cf3ac

…rvices

player tracking updated

7251ac5

updated storage.py

0cd0f15

Create Standards and Code Guide .md

957a2c0

Create Frontend Setup.md

49b267b

Update VideoAnalysisTab.tsx with polished UI

51a8e70

Update PlayerPerformanceTab.tsx with polished UI

36c9ba1

Update CrowdMonitorTab.tsx with polished Ui

fd35b44

Update DashboardHeader.tsx

1ff101c

Update AFLDashboard.tsx ny hiding teams tab for future use

8c5c1dd

Removing demo access and apple login

a2f04bf

Reports tab fetches the completed analysis in downloadale format

47f4ea5

Update ReportsTab.tsx

485a495

Update ReportsTab.tsx

6adf4bd

updated

4f0921d

Update ReportsTab.tsx

f6f36b0

Update Reports.tsx

bf5726b

Create pdf.ts

991a3b2

Update pdf.ts

45bce1a

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Updated with backend integration #109

Updated with backend integration #109

Uh oh!

ishita230702 commented Sep 30, 2025

Uh oh!

github-actions bot commented Sep 30, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Updated with backend integration #109

Are you sure you want to change the base?

Updated with backend integration #109

Uh oh!

Conversation

ishita230702 commented Sep 30, 2025

Uh oh!

github-actions bot commented Sep 30, 2025

🔒 Security Scan Results

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants