gradio-ssrf-xethub-issue

Sleeping

App Files Files Community

multimodalart HF Staff commited on May 18

Commit

898e68e

verified ·

1 Parent(s): 032f95e

Update app.py

Browse files

Files changed (1) hide show

app.py +31 -50

app.py CHANGED Viewed

@@ -1,71 +1,52 @@
 import gradio as gr
-# Problematic URL that triggers the SSRF validation error
-# This is a legitimate Hugging Face URL that should be allowed
-problematic_url = "https://huggingface.co/Norod78/Flux_1_Dev_LoRA_Paper-Cutout-Style/resolve/main/08a19840b6214b76b0607b2f9d5a7e28_63159b9d98124c008efb1d36446a615c.png"
-# Sample data with image URLs (similar to loras_state)
-sample_data = [
     {
-        "title": "Sample LoRA",
-        "image": problematic_url,  # This URL causes the issue
-        "repo": "some/repo"
     }
 ]
-def add_item_function(text_input, state_data):
-    """
-    This function should be called when button is clicked,
-    but the error occurs before it even executes when gallery is in outputs.
-    """
-    print("Function was called!")  # This should appear in logs but doesn't
-    # Add a new item to state
-    new_item = {
-        "title": f"New Item: {text_input}",
-        "image": problematic_url,  # This URL in the return value triggers SSRF
-        "repo": "new/repo"
-    }
-    state_data.append(new_item)
-    # Format data for gallery: list of (image, title) tuples
-    gallery_data = [(item["image"], item["title"]) for item in state_data]
-    # Use gr.update() to match the original code pattern exactly
-    return f"Added: {text_input}", state_data, gr.update(value=gallery_data)
-# Create the interface
 with gr.Blocks() as demo:
-    gr.Markdown("# Gradio SSRF Bug Reproduction")
-    gr.Markdown("Click the button below. You should see an error about hostname validation.")
-    gr.Markdown("The error occurs when the function tries to return data that will update a gallery with HuggingFace URLs.")
-    # State containing URLs that trigger the issue
-    state_var = gr.State(sample_data)
-    # Simple text input
-    text_input = gr.Textbox(label="Enter some text", value="test")
-    # Gallery that will be updated with the problematic URLs
     gallery = gr.Gallery(
-        label="Gallery",
-        value=[(item["image"], item["title"]) for item in sample_data],
-        columns=3
     )
-    # Output textbox
-    output = gr.Textbox(label="Output")
-    # Button that triggers the error
-    button = gr.Button("Add item - this will fail")
-    # This fails with: ValueError: Hostname cas-bridge-direct.xethub.hf.co failed validation
-    # The error occurs when Gradio tries to process the gallery update with the HF URLs
-    button.click(
-        fn=add_item_function,
-        inputs=[text_input, state_var],
-        outputs=[output, state_var, gallery]  # Including gallery in outputs triggers the error
     )
 if __name__ == "__main__":
     demo.launch()

 import gradio as gr
+import json
+# Sample data with HuggingFace image URLs that redirect to cas-bridge-direct.xethub.hf.co
+sample_loras = [
     {
+        "image": "https://huggingface.co/Norod78/Flux_1_Dev_LoRA_Paper-Cutout-Style/resolve/main/08a19840b6214b76b0607b2f9d5a7e28_63159b9d98124c008efb1d36446a615c.png",
+        "title": "Paper Cutout",
+        "repo": "Norod78/Flux_1_Dev_LoRA_Paper-Cutout-Style",
+        "trigger_word": ", Paper Cutout Style"
     }
 ]
+def add_custom_lora_broken(custom_lora, selected_indices, current_loras, gallery):
+    """This version breaks because it passes current_loras (containing HF URLs) as function input"""
+    print("Starting to load a custom LoRA...")  # This won't print due to preprocessing error
+    if custom_lora:
+        pass
+    return current_loras, gr.update(), gr.update(), gr.update(), selected_indices
+# Initialize state with URLs that will cause SSRF validation issues
+loras_state = gr.State(sample_loras)
 with gr.Blocks() as demo:
+    gr.Markdown("# SSRF Validation Bug Reproduction")
+    selected_indices = gr.State([])
+    custom_lora_input = gr.Textbox(label="Custom LoRA", placeholder="Enter custom LoRA")
     gallery = gr.Gallery(
+        [(item["image"], item["title"]) for item in sample_loras],
+        label="LoRA Gallery",
+        columns=2
     )
+    broken_button = gr.Button("Add Custom LoRA (Broken - passes state with URLs)")
+    error_display = gr.Textbox(label="Error/Success", interactive=False)
+    broken_button.click(
+        add_custom_lora_broken,
+        inputs=[custom_lora_input, selected_indices, loras_state, gallery],  # ← loras_state causes SSRF error
+        outputs=[loras_state, gallery, error_display, custom_lora_input, selected_indices]
     )
 if __name__ == "__main__":
+    # Set global variable for working version
+    loras = sample_loras
     demo.launch()