Skip to content

feat: Integrate GBIF API to display biodiversity data #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
GYFX35 wants to merge 3 commits into
base: feat/initial-project-structure
Choose a base branch
from
Open

feat: Integrate GBIF API to display biodiversity data #2

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
d22aa8c
feat: Integrate GBIF API to display biodiversity data
google-labs-jules[bot] Sep 18, 2025
37c6adb
feat: Add GBIF country search functionality
google-labs-jules[bot] Sep 18, 2025
90345f3
feat: Add GBIF country search functionality
google-labs-jules[bot] Sep 18, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,10 @@ This project is a web application designed to promote environmental protection a

This application integrates with the World Bank API to fetch and display data on environmental indicators. Currently, it displays the forest area percentage for Brazil, Indonesia, and the Democratic Republic of Congo.

## GBIF API Integration

This application also integrates with the Global Biodiversity Information Facility (GBIF) API to fetch and display species occurrence data. Currently, it displays the 5 most recent occurrences in Togo.

## Usage

To run this project locally, you will need to have Python and Flask installed.
Expand Down
24 changes: 24 additions & 0 deletions eco_project/backend/app.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,5 +36,29 @@ def forest_area():
except requests.exceptions.RequestException as e:
return jsonify({"error": str(e)}), 500

@app.route('/api/gbif_occurrences')
def gbif_occurrences():
# GBIF API URL for occurrences in Togo
url = "https://api.gbif.org/v1/occurrence/search?country=TG&limit=5"

try:
response = requests.get(url)
Copy link
Copy Markdown

@sourcery-ai sourcery-ai Bot Sep 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security (python.requests.best-practice.use-timeout): Detected a 'requests' call without a timeout set. By default, 'requests' calls wait until the connection is closed. This means a 'requests' call without a timeout will hang the program if a response is never received. Consider setting a timeout for all 'requests'.

Suggested change
response = requests.get(url)
response = requests.get(url, timeout=30)

Source: opengrep

data = response.json()

if data and data['results']:
# Clean and format the data
formatted_data = []
Copy link
Copy Markdown

@sourcery-ai sourcery-ai Bot Sep 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

issue (code-quality): Convert for loop into list comprehension (list-comprehension)

for entry in data['results']:
formatted_data.append({
'species': entry.get('scientificName', 'N/A'),
'url': f"https://www.gbif.org/occurrence/{entry['key']}"
})
return jsonify(formatted_data)
else:
return jsonify({"error": "No data found for the selected criteria."}), 404

except requests.exceptions.RequestException as e:
return jsonify({"error": str(e)}), 500
Comment on lines +42 to +64
Copy link
Copy Markdown

@sourcery-ai sourcery-ai Bot Sep 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security (python.django.security.injection.ssrf.ssrf-injection-requests): Data from request object is passed to a new server-side request. This could lead to a server-side request forgery (SSRF). To mitigate, ensure that schemes and hosts are validated against an allowlist, do not forward the response to the user, and ensure proper authentication and transport-layer security in the proxied request. See https://owasp.org/www-community/attacks/Server_Side_Request_Forgery to learn more about SSRF vulnerabilities.

Source: opengrep


if __name__ == '__main__':
app.run(debug=True)
5 changes: 5 additions & 0 deletions eco_project/frontend/index.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,11 @@ <h2>Development Projects</h2>
<p>Tracking and managing sustainable development goals. Here is some data from the World Bank:</p>
<div id="world-bank-data"></div>
</section>
<section id="gbif-data">
<h2>Biodiversity in Togo</h2>
<p>Recent species occurrences in Togo from the Global Biodiversity Information Facility (GBIF):</p>
<div id="gbif-occurrences"></div>
</section>
<section id="ai-agent">
<h2>AI Assistant</h2>
<p>Your personal guide to environmental protection.</p>
Expand Down
29 changes: 29 additions & 0 deletions eco_project/frontend/script.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,12 @@ document.addEventListener('DOMContentLoaded', () => {
const chatInput = document.getElementById('chat-input');
const chatWindow = document.getElementById('chat-window');
const worldBankDataContainer = document.getElementById('world-bank-data');
const gbifOccurrencesContainer = document.getElementById('gbif-occurrences');

// Fetch and display World Bank data on page load
fetchWorldBankData();
// Fetch and display GBIF data on page load
fetchGbifData();

sendBtn.addEventListener('click', () => {
const userInput = chatInput.value;
Expand Down Expand Up @@ -52,4 +55,30 @@ document.addEventListener('DOMContentLoaded', () => {
worldBankDataContainer.innerHTML = `<p>Error fetching data: ${error.message}</p>`;
}
}

async function fetchGbifData() {
try {
const response = await fetch('/api/gbif_occurrences');
if (!response.ok) {
throw new Error(`HTTP error! status: ${response.status}`);
}
const data = await response.json();

if (data.error) {
gbifOccurrencesContainer.innerHTML = `<p>Error fetching data: ${data.error}</p>`;
Copy link
Copy Markdown

@sourcery-ai sourcery-ai Bot Sep 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security (javascript.browser.security.insecure-document-method): User controlled data in methods like innerHTML, outerHTML or document.write is an anti-pattern that can lead to XSS vulnerabilities

Source: opengrep

Copy link
Copy Markdown

@sourcery-ai sourcery-ai Bot Sep 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security (javascript.browser.security.insecure-innerhtml): User controlled data in a gbifOccurrencesContainer.innerHTML is an anti-pattern that can lead to XSS vulnerabilities

Source: opengrep

return;
}

let html = '<ul>';
data.forEach(item => {
html += `<li><a href="${item.url}" target="_blank">${item.species}</a></li>`;
});
html += '</ul>';

gbifOccurrencesContainer.innerHTML = html;
Copy link
Copy Markdown

@sourcery-ai sourcery-ai Bot Sep 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security (javascript.browser.security.insecure-document-method): User controlled data in methods like innerHTML, outerHTML or document.write is an anti-pattern that can lead to XSS vulnerabilities

Source: opengrep

Copy link
Copy Markdown

@sourcery-ai sourcery-ai Bot Sep 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security (javascript.browser.security.insecure-innerhtml): User controlled data in a gbifOccurrencesContainer.innerHTML is an anti-pattern that can lead to XSS vulnerabilities

Source: opengrep


} catch (error) {
gbifOccurrencesContainer.innerHTML = `<p>Error fetching data: ${error.message}</p>`;
Copy link
Copy Markdown

@sourcery-ai sourcery-ai Bot Sep 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security (javascript.browser.security.insecure-document-method): User controlled data in methods like innerHTML, outerHTML or document.write is an anti-pattern that can lead to XSS vulnerabilities

Source: opengrep

Copy link
Copy Markdown

@sourcery-ai sourcery-ai Bot Sep 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security (javascript.browser.security.insecure-innerhtml): User controlled data in a gbifOccurrencesContainer.innerHTML is an anti-pattern that can lead to XSS vulnerabilities

Source: opengrep

}
}
Copy link
Copy Markdown

@sourcery-ai sourcery-ai Bot Sep 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

issue (code-quality): Avoid function declarations, favouring function assignment expressions, inside blocks. (avoid-function-declarations-in-blocks)

ExplanationFunction declarations may be hoisted in Javascript, but the behaviour is inconsistent between browsers. Hoisting is generally confusing and should be avoided. Rather than using function declarations inside blocks, you should use function expressions, which create functions in-scope.

});
Loading