Skip to content

wip: ai model gallery#2316

Open
suhailkakar wants to merge 44 commits intomasterfrom
ai-model-gallery
Open

wip: ai model gallery#2316
suhailkakar wants to merge 44 commits intomasterfrom
ai-model-gallery

Conversation

@suhailkakar
Copy link
Contributor

@suhailkakar suhailkakar commented Sep 23, 2024

What does this pull request do? Explain your changes. (required)

Specific updates (required)

How did you test each of these updates (required)

Does this pull request close any open issues?

Screenshots (optional)

Checklist

  • I have read the CONTRIBUTING document.
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have added tests to cover my changes.

@suhailkakar suhailkakar requested review from a team as code owners September 23, 2024 15:03
@vercel
Copy link

vercel bot commented Sep 23, 2024
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
livepeer-studio ✅ Ready (Inspect) Visit Preview 💬 Add feedback Oct 9, 2024 1:16pm

github-advanced-security[bot]
github-advanced-security bot found potential problems Oct 9, 2024
View reviewed changes
packages/www/pages/projects/[projectId]/model-gallery/playground/[id]/form.tsx
useEffect(() => {
if (selectedSegmentImage && canvasRef.current) {
const image = new Image();
image.src = selectedSegmentImage;

Check warning

Code scanning / CodeQL

DOM text reinterpreted as HTML

[DOM text](1) is reinterpreted as HTML without escaping meta-characters.

Copilot Autofix

AI over 1 year ago

To fix this issue, we need to ensure that the file being used as the source for the image is safe and does not contain any malicious content. One way to achieve this is by validating the file type and size before using it. Additionally, we can use a library like DOMPurify to sanitize any potentially unsafe content.

  1. Validate the file type and size before setting it as the selectedSegmentImage.
  2. Use DOMPurify to sanitize the URL if necessary.
Suggested changeset 1
packages/www/pages/projects/[projectId]/model-gallery/playground/[id]/form.tsx

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/packages/www/pages/projects/[projectId]/model-gallery/playground/[id]/form.tsx b/packages/www/pages/projects/[projectId]/model-gallery/playground/[id]/form.tsx
--- a/packages/www/pages/projects/[projectId]/model-gallery/playground/[id]/form.tsx
+++ b/packages/www/pages/projects/[projectId]/model-gallery/playground/[id]/form.tsx
@@ -355,5 +355,6 @@
           const file = e.target.files?.[0];
-          if (file && file.type.startsWith("image/")) {
+          if (file && file.type.startsWith("image/") && file.size < 5 * 1024 * 1024) { // Check if file is an image and less than 5MB
             setSelectedSegmentImage(URL.createObjectURL(file));
           } else {
+            toast.error("Invalid file type or size. Please upload an image less than 5MB.");
             setSelectedSegmentImage(null);
EOF
@@ -355,5 +355,6 @@
const file = e.target.files?.[0];
if (file && file.type.startsWith("image/")) {
if (file && file.type.startsWith("image/") && file.size < 5 * 1024 * 1024) { // Check if file is an image and less than 5MB
setSelectedSegmentImage(URL.createObjectURL(file));
} else {
toast.error("Invalid file type or size. Please upload an image less than 5MB.");
setSelectedSegmentImage(null);
Copilot is powered by AI and may make mistakes. Always verify output.
packages/www/pages/projects/[projectId]/model-gallery/playground/[id]/form.tsx
const ctx = canvasRef.current.getContext("2d");
if (ctx && imageDimensions) {
const image = new Image();
image.src = selectedSegmentImage;

Check warning

Code scanning / CodeQL

DOM text reinterpreted as HTML

[DOM text](1) is reinterpreted as HTML without escaping meta-characters.

Copilot Autofix

AI over 1 year ago

To fix this issue, we need to ensure that the selectedSegmentImage is properly sanitized before being used as the src attribute of an Image object. One way to achieve this is by validating the file type and ensuring it is a legitimate image file. Additionally, we can use a safer method to handle the image URL.

  • Validate the file type to ensure it is an image.
  • Use URL.createObjectURL to create a safe URL for the image file.
  • Ensure that the selectedSegmentImage is only set if the file type is valid.
Suggested changeset 1
packages/www/pages/projects/[projectId]/model-gallery/playground/[id]/form.tsx

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/packages/www/pages/projects/[projectId]/model-gallery/playground/[id]/form.tsx b/packages/www/pages/projects/[projectId]/model-gallery/playground/[id]/form.tsx
--- a/packages/www/pages/projects/[projectId]/model-gallery/playground/[id]/form.tsx
+++ b/packages/www/pages/projects/[projectId]/model-gallery/playground/[id]/form.tsx
@@ -356,3 +356,4 @@
           if (file && file.type.startsWith("image/")) {
-            setSelectedSegmentImage(URL.createObjectURL(file));
+            const safeUrl = URL.createObjectURL(file);
+            setSelectedSegmentImage(safeUrl);
           } else {
EOF
@@ -356,3 +356,4 @@
if (file && file.type.startsWith("image/")) {
setSelectedSegmentImage(URL.createObjectURL(file));
const safeUrl = URL.createObjectURL(file);
setSelectedSegmentImage(safeUrl);
} else {
Copilot is powered by AI and may make mistakes. Always verify output.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@suhailkakar @0xcadams