Spaces:

multimodalart
/

gradio-ssrf-xethub-issue

Running

App Files Files Community

multimodalart HF Staff commited on 3 days ago

Commit

51a4505

verified ·

1 Parent(s): 898e68e

Update app.py

Browse files

Files changed (1) hide show

app.py +16 -39

app.py CHANGED Viewed

@@ -1,52 +1,29 @@
 import gradio as gr
-import json
-# Sample data with HuggingFace image URLs that redirect to cas-bridge-direct.xethub.hf.co
-sample_loras = [
     {
         "image": "https://huggingface.co/Norod78/Flux_1_Dev_LoRA_Paper-Cutout-Style/resolve/main/08a19840b6214b76b0607b2f9d5a7e28_63159b9d98124c008efb1d36446a615c.png",
-        "title": "Paper Cutout",
-        "repo": "Norod78/Flux_1_Dev_LoRA_Paper-Cutout-Style",
-        "trigger_word": ", Paper Cutout Style"
     }
 ]
-def add_custom_lora_broken(custom_lora, selected_indices, current_loras, gallery):
-    """This version breaks because it passes current_loras (containing HF URLs) as function input"""
-    print("Starting to load a custom LoRA...")  # This won't print due to preprocessing error
-    if custom_lora:
-        pass
-    return current_loras, gr.update(), gr.update(), gr.update(), selected_indices
-# Initialize state with URLs that will cause SSRF validation issues
-loras_state = gr.State(sample_loras)
 with gr.Blocks() as demo:
-    gr.Markdown("# SSRF Validation Bug Reproduction")
-    selected_indices = gr.State([])
-    custom_lora_input = gr.Textbox(label="Custom LoRA", placeholder="Enter custom LoRA")
-    gallery = gr.Gallery(
-        [(item["image"], item["title"]) for item in sample_loras],
-        label="LoRA Gallery",
-        columns=2
-    )
-    broken_button = gr.Button("Add Custom LoRA (Broken - passes state with URLs)")
-    error_display = gr.Textbox(label="Error/Success", interactive=False)
-    broken_button.click(
-        add_custom_lora_broken,
-        inputs=[custom_lora_input, selected_indices, loras_state, gallery],  # ← loras_state causes SSRF error
-        outputs=[loras_state, gallery, error_display, custom_lora_input, selected_indices]
     )
-if __name__ == "__main__":
-    # Set global variable for working version
-    loras = sample_loras
-    demo.launch()

 import gradio as gr
+# State with HuggingFace URL that redirects to cas-bridge-direct.xethub.hf.co
+data_with_hf_url = [
     {
         "image": "https://huggingface.co/Norod78/Flux_1_Dev_LoRA_Paper-Cutout-Style/resolve/main/08a19840b6214b76b0607b2f9d5a7e28_63159b9d98124c008efb1d36446a615c.png",
+        "title": "Test"
     }
 ]
+def test_function(state_data):
+    print("This function will never be called due to SSRF validation error")
+    return gr.update()
 with gr.Blocks() as demo:
+    # Initialize state with problematic HuggingFace URL
+    state_with_urls = gr.State(data_with_hf_url)
+    button = gr.Button("Click me to trigger SSRF error")
+    output = gr.Textbox()
+    # This will fail with: ValueError: Hostname cas-bridge-direct.xethub.hf.co failed validation
+    button.click(
+        test_function,
+        inputs=[state_with_urls],  # Passing state with HF URLs causes SSRF validation error
+        outputs=[output]
     )
+demo.launch()