Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add scripts from cli #680

Merged
merged 4 commits into from
Apr 22, 2019
Merged

add scripts from cli #680

Changes from 1 commit
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
128813c
add scripts from cli
csweaver Mar 29, 2019
efa6e5e
add warning when including scripts
csweaver Apr 2, 2019
bb366ac
flake8 fixes
csweaver Apr 3, 2019
4b1c635
confirm scripts injection
csweaver Apr 8, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
39 changes: 25 additions & 14 deletions server/cli/launch.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -73,20 +73,20 @@
show_default=True,
)
def launch(
data,
layout,
diffexp,
title,
verbose,
debug,
obs_names,
var_names,
open_browser,
port,
host,
max_category_items,
diffexp_lfc_cutoff,
scripts,
data,
layout,
diffexp,
title,
verbose,
debug,
obs_names,
var_names,
open_browser,
port,
host,
max_category_items,
diffexp_lfc_cutoff,
scripts,
):
"""Launch the cellxgene data viewer.
This web app lets you explore single-cell expression data.
Expand All @@ -113,6 +113,17 @@ def launch(
else:
warnings.formatwarning = custom_format_warning

if scripts:
click.echo("""
/ / /\ \ \__ _ _ __ _ __ (_)_ __ __ _
\ \/ \/ / _` | '__| '_ \| | '_ \ / _` |
\ /\ / (_| | | | | | | | | | | (_| |
\/ \/ \__,_|_| |_| |_|_|_| |_|\__, |
|___/
The --scripts flag is intended for developers to include google analytics etc. You could be opening yourself to a
security risk by including the --scripts flag. Make sure you trust the scripts that you are including.
""")
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would further make people type in a confirmation that they understand this message before spawning the browser.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We have users who want to deploy in a docker-deployed environment, ie, scripted startup where they have control over the deployment script. I like Tony's suggestion, but we need to ensure that the confirmation can be scripting (eg, pipe yes to it, or whatever). Alternative to "|yes": provide a --I-attest-that-really-mean-to-inject-scripts CLI param that still prints the warning, but dispenses with the interactive prompt. @ttung - thoughts?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I should be able to add this such that | yes works.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Either way is fine. The browser being fired up is sufficient, I believe, for bad stuff to run, so I do think the confirmation is important, at least for the first time.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added confirm.

yes | cellxgene launch --scripts foo --scripts bar example-dataset/pbmc3k.h5ad bypasses the confirm as expected.


if not verbose:
sys.tracebacklimit = 0

Expand Down