chore(src): fetch changes from main

Author: narekhovhannisyan

.github/codeql/codeql-config.yml

@@ -0,0 +1,7 @@
+paths:
+  - "src"
+paths-ignore:
+  - "src/__tests__/**/*.js"
+  - "src/__tests__/**/*.ts"
+  - "src/__tests__/**/*.jsx"
+  - "src/__tests__/**/*.tsx"

CONTRIBUTING.md

@@ -0,0 +1,100 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+To report a security issue, please email if-disclosures@greensoftware.foundation with a description of the issue, steps required to reproduce the issue, affected versions and, if known, mitigations for the issue.
+
+Our contributors are comprised of volunteers so we cannot guarantee a specific response time, but someone from our team will reply and address the issue as soon as possible.
+
+# Security Review
+
+We perform regular reviews inline with the information provided below.  All releases go through these reviews but multiple people in the project team prior to release as part of our quality and security review.
+
+## Basics
+### Basic Project Website Content
+- Describe what the project does - ✅  in README and homepage at https://if.greensoftware.foundation
+- Provide info how to obtain/provide feedback and contribute - ✅ https://if.greensoftware.foundation/community
+- Explain contribution process - ✅ https://github.com/Green-Software-Foundation/if/blob/main/CONTRIBUTING.md
+
+### FLOSS license
+- Must be released as FLOSS - ✅ MIT License https://github.com/Green-Software-Foundation/if/blob/main/LICENSE
+- Must post the license - ✅ https://github.com/Green-Software-Foundation/if/blob/main/LICENSE
+- Also approved by OSI - ✅  https://opensource.org/license/MIT/
+
+### Documentation
+- Provides basic documentation - ✅ https://if.greensoftware.foundation
+
+### Other
+- Project site, downloads etc must support HTTPS with TLS - ✅ using GitHub to host which supports this https://github.com/Green-Software-Foundation/if
+- Have mechanism for discussion - ✅ github issues https://github.com/Green-Software-Foundation/if/issues, discussion board https://github.com/Green-Software-Foundation/if/discussions and mailing list at if-community@greensoftware.foundaton
+- Project must be maintained - ✅ actively maintaned by GSF and its members
+
+## Change control
+###  Public VCS repo
+- Readable public VCS repo - ✅ yes, Github https://github.com/Green-Software-Foundation/if
+- Track changes - ✅ yes, Git https://github.com/Green-Software-Foundation/if/commits/main
+- Interim versions between releases available for review - ✅ yes, interim versions actively developed and availble on the `main` branch https://github.com/Green-Software-Foundation/if
+
+### Unique versioning numbering
+- Unique indentifier for each release - ✅ https://github.com/Green-Software-Foundation/if/releases
+
+### Release notes
+- Human readable release notes for each release (not git log) - ✅ https://github.com/Green-Software-Foundation/if/releases
+- Address each publicly known vulnerability - ✅ N/A, no vulnerability reported yet
+
+## Reporting
+### Bug reporting process
+- Process to submit bugs - ✅ https://github.com/Green-Software-Foundation/if/blob/main/CONTRIBUTING.md#reporting-bugs
+- Must acknowledge bugs (reply) submitted between 2-12 months - ✅ each bug has at least an acknowledgement or was opened by a maintainer (so acknowledged by a maintainer): https://github.com/Green-Software-Foundation/if/issues?q=is%3Aopen+is%3Aissue+label%3Abug
+- Publicly available archive for reports and responses - ✅ github issues: https://github.com/Green-Software-Foundation/if/issues?q=is%3Aopen+is%3Aissue+label%3Abug
+
+## Vulnerability report process
+- Have a vulnerability report process - ✅ Included in CONTRIBUTING.md
+- Private vulnerability if supported must include info how to send - ✅ N/A (allowed) - no private vulnerability reporting set up but proposed
+- Initial response time for vulnerability submitted in last 6 months must be <= 14 days - ✅ N/A (allowed) - no vulnerabilities have yet been reported. Response times for bugs and other issues have been <14 days, post-graduation development will be by volunteers and open source developer community, so we can't guarantee a time to resolution.
+
+## Quality
+### Working build system
+- Must provide a working build system - ✅ IF is a locally running NodeJS app. We do provide a devcontainer for eays environment setup. Installation is simply achieved using `npm i @grnsft/if`.
+
+### Automated test suite
+- Have at least one automated test suite and documentation how to run it - ✅  We have a comprehensive set of unit tests and a library of becnhmark manifest files that act as integration tests. These can be run locally, and they are executed as part of our CI/CD on any PRs into `main`.
+
+## New functionaility testing
+- Formal/informal policy for adding tests for new features - ✅ Test suite in CI/CD checks for breaking changes in PRs. Any new feature must include unit tests and an example manifest that demonstrates usage.
+- Evidence of policy being adhered to - ✅ 
+
+### Warning flags
+- Compiler warning flags or linter tools for code quality/errors - ✅ CodeQL analysis in automated CI : https://github.com/Green-Software-Foundation/carbon-aware-sdk/blob/dev/.github/workflows/1-pr.yaml#L82
+- Address warnings from these tools - ✅ blocking PRs on fail
+
+## Security
+### Secure development knowledge
+- At least one primary developer who knows how to design secure software - ✅ Manushak and Narek are both primary developers and have broad experience.
+- At least one of the project's primary developers MUST know of common kinds of errors that lead to vulnerabilities in this kind of software, as well as at least one method to counter or mitigate each of them - ✅ 
+
+### Use basic good cryptographic practices
+- https://www.bestpractices.dev/en/criteria/0#0.crypto_published - ✅ n/a
+- https://www.bestpractices.dev/en/criteria/0#0.crypto_floss - ✅ n/a 
+- https://www.bestpractices.dev/en/criteria/0#0.crypto_keylength - ✅ n/a
+- https://www.bestpractices.dev/en/criteria/0#0.crypto_working - ✅ n/a
+- https://www.bestpractices.dev/en/criteria/0#0.crypto_password_storage - ✅ n/a
+- https://www.bestpractices.dev/en/criteria/0#0.crypto_random - ✅ n/a
+
+### Secured delivery against man-in-the-middle (MITM) attacks
+- Delivery mechanisms that counters MITM - ✅ n/a
+- Cyrptographic hash NOT retrived over HTTP - ✅  n/a
+
+### Publicly known vulnerabilities fixed
+- No unpatched vulnerabilities of medium or higher severity that have been publicly known for more than 60 day - ✅ no such vulnerabilities
+
+### Other security issues
+- Public repo doesnt leak private credential - ✅ does not do that.
+
+## Analysis
+### Static code analysis
+- At least one FLOSS static code analysis tool - ✅ CodeQL is integrated into our CI/CD.
+- All medium and higher severity exploitable vulnerabilities discovered with static code analysis MUST be fixed in a timely way after they are confirmed - ✅ We have not yet had any exploitable vulnerabilities reported, but the GSF team will respond promptly to any disclosed issues.
+
+### Dynamic code analysis
+- All medium and higher severity exploitable vulnerabilities discovered with dynamic code analysis MUST be fixed in a timely way after they are confirmed. - ✅ We have not yet had any exploitable vulnerabilities reported, but the GSF team will respond promptly to any disclosed issues.

SECURITY.md

@@ -0,0 +1,9 @@
+# Adopters
+
+Impact Framework is being used by several major organizations to introspect their software systems, as well as having a thriving open source community.
+
+One adopter we will highlight in this file is Amadeus. They have used IF at a large scale, processing multi-million line manifests covering thousands of production servers. they have built their own tooling stack on top of IF. They kindly provided the following quote:
+
+"At Amadeus, the Impact Framework (IF) has become an essential brick in our software carbon measurement engine. Its scalability provides us with a transparent and robust way to model the energy consumption and carbon emissions of our whole cloud infrastructure. Its open-source nature fosters collaboration and innovation, making it a critical part of our efforts to drive environmental responsibility."
+
+*Robin Castellon, Amadeus*

adopters.md

@@ -18,6 +18,10 @@ export const readFile = async (filePath: string) => {
     throw new Error('file not found');
   }
 
+  if (filePath.includes('fail-yaml')) {
+    throw new Error('file not found');
+  }
+
   if (filePath.includes('fail-csv-reader.csv')) {
     return `
 cpu-cores-available,≈ç≈¬˚∆∑∂´®øˆ´cpu-cores-utilized,     ---- cpu-manufacturer,cpu-model-name,cpu-tdp,gpu-count,gpu-model-name,Hardware Information on AWS Documentation & Comments,instance-class,instance-storage,memory-available,platform-memory,release-date,storage-drives
@@ -76,6 +80,15 @@ export const writeFile = async (pathToFile: string, content: string) => {
     const fileContentObject = JSON.parse(fileContent);
     const parsedContent = JSON.parse(content);
 
+    for (const property in fileContentObject) {
+      expect(parsedContent).toHaveProperty(property);
+    }
+  } else if (pathToFile.includes('package.json-npm2')) {
+    const updatedPath = pathToFile.replace('-npm2', '');
+    const fileContent = await fsAsync.readFile(updatedPath, 'utf8');
+    const fileContentObject = JSON.parse(fileContent);
+    const parsedContent = JSON.parse(content);
+
     for (const property in fileContentObject) {
       expect(parsedContent).toHaveProperty(property);
     }
@@ -112,7 +125,7 @@ export const appendFile = (file: string, appendContent: string) =>
   `${file}${appendContent}`;
 
 export const stat = async (filePath: string) => {
-  if (filePath === 'true') {
+  if (filePath === 'true' || filePath === 'mock-path') {
     return true;
   } else {
     throw new Error('File not found.');
@@ -128,7 +141,7 @@ export const access = async (directoryPath: string) => {
 };
 
 export const unlink = async (filePath: string) => {
-  if (filePath === 'true') {
+  if (filePath === 'true' || filePath === 'mock-path') {
     return;
   } else {
     throw new Error('File not found.');
@@ -148,14 +161,19 @@ export const readdir = (directoryPath: string) => {
     return ['subdir/file2.yml', 'file1.yaml'];
   }
 
+  if (directoryPath.includes('mock-nested-directory')) {
+    return ['mock-sub-directory'];
+  }
+
   return [];
 };
 
 export const lstat = (filePath: string) => {
   if (
     filePath.includes('mock-directory') ||
     filePath.includes('mock-sub-directory/subdir') ||
-    filePath === 'true'
+    filePath === 'true' ||
+    filePath.includes('npm-node-test')
   ) {
     return {
       isDirectory: () => true,
@@ -169,3 +187,11 @@ export const lstat = (filePath: string) => {
   }
   return;
 };
+
+export const rm = (path: string) => {
+  if (path.includes('npm-node-test')) {
+    return;
+  } else {
+    throw new Error('File not found.');
+  }
+};

package-lock.json

@@ -1 +1,2 @@
 export {Mockavizta} from './mockavizta';
+export {SciEmbodied} from './sci-embodied';

src/__mocks__/fs/index.ts

@@ -0,0 +1,28 @@
+import {PluginFactory} from '@grnsft/if-core/interfaces';
+import {PluginParams} from '@grnsft/if-core/types';
+
+export const SciEmbodied = PluginFactory({
+  metadata: {
+    inputs: {
+      vCPUs: {
+        description: 'number of CPUs allocated to an application',
+        unit: 'CPUs',
+        'aggregation-method': {
+          time: 'copy',
+          component: 'copy',
+        },
+      },
+    },
+    outputs: {
+      'embodied-carbon': {
+        description: 'embodied carbon for a resource, scaled by usage',
+        unit: 'gCO2eq',
+        'aggregation-method': {
+          time: 'sum',
+          component: 'sum',
+        },
+      },
+    },
+  },
+  implementation: async (inputs: PluginParams[]) => inputs,
+});

src/__mocks__/plugin/lib/index.ts

@@ -93,4 +93,30 @@ describe('util/debug-logger: ', () => {
 
     expect(debugSpy).not.toHaveBeenCalled();
   });
+
+  it('logs empty messages when the message is `\n`.', () => {
+    console.debug('\n');
+
+    expect(logSpy).toHaveBeenCalledTimes(1);
+    expect(logSpy).toHaveBeenCalledWith();
+  });
+
+  it('logs messages when the message contains `**Computing`.', () => {
+    const logMessage = '**Computing some pipline message';
+    console.debug(logMessage);
+
+    expect(debugSpy).toHaveBeenCalledTimes(1);
+    expect(debugSpy).toHaveBeenCalledWith(expect.stringContaining(logMessage));
+  });
+
+  it('logs messages when the message is a number.', () => {
+    const logMessage = 10;
+    console.debug(logMessage);
+
+    expect(debugSpy).toHaveBeenCalledTimes(1);
+    expect(debugSpy).toHaveBeenCalledWith(expect.stringContaining('DEBUG:'));
+    expect(debugSpy).toHaveBeenCalledWith(
+      expect.stringContaining(logMessage.toString())
+    );
+  });
 });

src/__mocks__/plugin/lib/sci-embodied/index.ts

@@ -93,7 +93,7 @@ describe('util/fs: ', () => {
       expect(fsReaddirSpy).toHaveBeenCalledWith('/mock-empty-directory');
     });
 
-    it('returns YAML files in the directory', async () => {
+    it('returns YAML files in the directory.', async () => {
       const fsReaddirSpy = jest.spyOn(fs, 'readdir');
       jest
         .spyOn(fs, 'lstat')
@@ -108,19 +108,29 @@ describe('util/fs: ', () => {
       expect(fsReaddirSpy).toHaveBeenCalledWith('/mock-directory');
     });
 
-    it('recursively finds YAML files in nested directories.', async () => {
+    it('recursively finds YAML files if the directory exists.', async () => {
       const fsReaddirSpy = jest.spyOn(fs, 'readdir');
-      jest
-        .spyOn(fs, 'lstat')
-        .mockResolvedValue({isDirectory: () => false} as any);
-      const result = await getYamlFiles('/mock-sub-directory');
+
+      jest.spyOn(fs, 'lstat').mockImplementation((path: any) => {
+        return Promise.resolve({
+          isDirectory: () => {
+            if (path.endsWith('.yaml') || path.endsWith('.yml')) {
+              return false;
+            }
+            return true;
+          },
+        } as any);
+      });
+
+      const path = '/mock-nested-directory';
+      const result = await getYamlFiles(path);
 
       expect.assertions(2);
       expect(result).toEqual([
-        '/mock-sub-directory/subdir/file2.yml',
-        '/mock-sub-directory/file1.yaml',
+        '/mock-nested-directory/mock-sub-directory/subdir/file2.yml',
+        '/mock-nested-directory/mock-sub-directory/file1.yaml',
       ]);
-      expect(fsReaddirSpy).toHaveBeenCalledWith('/mock-directory');
+      expect(fsReaddirSpy).toHaveBeenCalledWith(path);
     });
   });