mirror/gradio
2
0
Fork 0
mirror of https://github.com/gradio-app/gradio.git synced 2025-01-18 10:44:33 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into abidlabs/url

Browse Source
This commit is contained in:
Abubakar Abid 2021-12-14 18:40:41 -06:00
commit 9151bff97d
6 changed files with 25 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
SECURITY.md Normal file
View File

@ -0,0 +1,15 @@
# Security Policy
## Supported Versions
Use this section to tell people about which versions of your project are
currently being supported with security updates.
| Version | Supported |
| ------- | ------------------ |
| 2.x | :white_check_mark: |
## Reporting a Vulnerability
If you discover a security vulnerability, we would be very grateful if you could email us at team@gradio.app. This is the preferred approach instead of opening a public issue. We take all vulnerability reports seriously, and will work to patch the vulnerability immediately. Whenever possible, we will credit the person or people who report the security vulnerabilities after it has been patched.

2
gradio.egg-info/PKG-INFO
View File

@ -1,6 +1,6 @@
Metadata-Version: 1.0 Metadata-Version: 1.0
Name: gradio Name: gradio
Version: 2.4.7b9 Version: 2.5.1
Summary: Python library for easily interacting with trained machine learning models Summary: Python library for easily interacting with trained machine learning models
Home-page: https://github.com/gradio-app/gradio-UI Home-page: https://github.com/gradio-app/gradio-UI
Author: Abubakar Abid Author: Abubakar Abid

5
gradio/networking.py
View File

@ -377,15 +377,14 @@ def interpret():
@app.route("/file/<path:path>", methods=["GET"]) @app.route("/file/<path:path>", methods=["GET"])
@login_check @login_check
def file(path): def file(path):
path = secure_filename(path)
if app.interface.encrypt and isinstance(app.interface.examples, str) and path.startswith(app.interface.examples): if app.interface.encrypt and isinstance(app.interface.examples, str) and path.startswith(app.interface.examples):
with open(os.path.join(app.cwd, path), "rb") as encrypted_file: with open(safe_join(app.cwd, path), "rb") as encrypted_file:
encrypted_data = encrypted_file.read() encrypted_data = encrypted_file.read()
file_data = encryptor.decrypt( file_data = encryptor.decrypt(
app.interface.encryption_key, encrypted_data) app.interface.encryption_key, encrypted_data)
return send_file(io.BytesIO(file_data), attachment_filename=os.path.basename(path)) return send_file(io.BytesIO(file_data), attachment_filename=os.path.basename(path))
else: else:
return send_file(os.path.join(app.cwd, path)) return send_file(safe_join(app.cwd, path))
@app.route("/api/queue/push/", methods=["POST"]) @app.route("/api/queue/push/", methods=["POST"])

2
gradio/version.txt
View File

@ -1 +1 @@
2.4.7b9 2.5.0

2
setup.py
View File

@ -5,7 +5,7 @@ except ImportError:
setup( setup(
name='gradio', name='gradio',
version='2.4.7b9', version='2.5.1',
include_package_data=True, include_package_data=True,
description='Python library for easily interacting with trained machine learning models', description='Python library for easily interacting with trained machine learning models',
author='Abubakar Abid', author='Abubakar Abid',

5
test/test_networking.py
View File

@ -71,6 +71,11 @@ class TestFlaskRoutes(unittest.TestCase):
response = self.client.get('/api/') response = self.client.get('/api/')
self.assertEqual(response.status_code, 200) self.assertEqual(response.status_code, 200)
def test_static_files_served_safely(self):
# Make sure things outside the static folder are not accessible
response = self.client.get(r'/static/..%2f..%2fapi_docs.html')
self.assertEqual(response.status_code, 500)
def test_get_config_route(self): def test_get_config_route(self):
response = self.client.get('/config/') response = self.client.get('/config/')
self.assertEqual(response.status_code, 200) self.assertEqual(response.status_code, 200)