search

gradio-app / gradio

Build and share delightful machine learning apps, all in Python. 🌟 Star to support our work!
http://www.gradio.app
Apache License 2.0
33.26k stars 2.51k forks source link

Gradio not correctly allowing `allowed_paths` subdirectories #9766

Open crypdick opened 10 hours ago

crypdick commented 10 hours ago

Describe the bug

The documentation for allowed_paths states:

List of complete filepaths or parent directories that gradio is allowed to serve. Must be absolute paths. Warning: if you provide directories, any files in these directories or their subdirectories are accessible to all users of your app.

However, when I add the absolute path to a parent directory to allowed_paths, my app is still raising gradio.exceptions.InvalidPathError. In particular, I am trying to display a gr.Gallery of images where the images are nested in a subdirectories of my allowed path.

Have you searched existing issues? 🔎

Reproduction

demo.launch(allowed_paths=["/home/richard/path/to/img/pardir/"])

Screenshot

No response

Logs

Traceback (most recent call last):
  File "/home/richard/miniconda3/envs/binary-clf/lib/python3.12/site-packages/gradio/queueing.py", line 622, in process_events
    response = await route_utils.call_process_api(
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/richard/miniconda3/envs/binary-clf/lib/python3.12/site-packages/gradio/route_utils.py", line 323, in call_process_api
    output = await app.get_blocks().process_api(
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/richard/miniconda3/envs/binary-clf/lib/python3.12/site-packages/gradio/blocks.py", line 2024, in process_api
    data = await self.postprocess_data(block_fn, result["prediction"], state)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/richard/miniconda3/envs/binary-clf/lib/python3.12/site-packages/gradio/blocks.py", line 1832, in postprocess_data
    outputs_cached = await processing_utils.async_move_files_to_cache(
                     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/richard/miniconda3/envs/binary-clf/lib/python3.12/site-packages/gradio/processing_utils.py", line 703, in async_move_files_to_cache
    return await client_utils.async_traverse(
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/richard/miniconda3/envs/binary-clf/lib/python3.12/site-packages/gradio_client/utils.py", line 1028, in async_traverse
    new_obj.append(await async_traverse(item, func, is_root))
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/richard/miniconda3/envs/binary-clf/lib/python3.12/site-packages/gradio_client/utils.py", line 1023, in async_traverse
    new_obj[key] = await async_traverse(value, func, is_root)
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/richard/miniconda3/envs/binary-clf/lib/python3.12/site-packages/gradio_client/utils.py", line 1019, in async_traverse
    return await func(json_obj)
           ^^^^^^^^^^^^^^^^^^^^
  File "/home/richard/miniconda3/envs/binary-clf/lib/python3.12/site-packages/gradio/processing_utils.py", line 674, in _move_to_cache
    _check_allowed(payload.path, check_in_upload_folder)
  File "/home/richard/miniconda3/envs/binary-clf/lib/python3.12/site-packages/gradio/processing_utils.py", line 627, in _check_allowed
    raise InvalidPathError(msg)

System Info

Gradio Environment Information:
------------------------------
Operating System: Linux
gradio version: 5.1.0
gradio_client version: 1.4.0

------------------------------------------------
gradio dependencies in your environment:

aiofiles: 23.2.1
anyio: 4.4.0
fastapi: 0.112.1
ffmpy: 0.4.0
gradio-client==1.4.0 is not installed.
httpx: 0.27.0
huggingface-hub: 0.25.2
jinja2: 3.1.4
markupsafe: 2.1.5
numpy: 2.0.1
orjson: 3.10.7
packaging: 24.1
pandas: 2.2.2
pillow: 10.4.0
pydantic: 2.8.2
pydub: 0.25.1
python-multipart: 0.0.9
pyyaml: 6.0.1
ruff: 0.6.2
semantic-version: 2.10.0
tomlkit==0.12.0 is not installed.
typer: 0.12.4
typing-extensions: 4.12.2
urllib3: 2.2.2
uvicorn: 0.30.3
authlib; extra == 'oauth' is not installed.
itsdangerous; extra == 'oauth' is not installed.

gradio_client dependencies in your environment:

fsspec: 2024.6.1
httpx: 0.27.0
huggingface-hub: 0.25.2
packaging: 24.1
typing-extensions: 4.12.2
websockets: 12.0

Severity

I can work around it

freddyaboulton commented 10 hours ago

Please share your app so we can reproduce @crypdick !

crypdick commented 10 hours ago

@freddyaboulton here is a stub, you'll have to update it for your system.

import gradio as gr

my_gallery = gr.Gallery()
btn = gr.Button()

def generate_gallery():
  return ["/home/richard/path/to/img/pardir/sub1/dir1/1.png", "/home/richard/path/to/img/pardir/sub2/dir2/2.png"]

btn.click(generate_gallery, inputs=[], outputs=[my_gallery]

demo.launch(allowed_paths=["/home/richard/path/to/img/pardir/"])
freddyaboulton commented 10 hours ago

Very strange - I can't repro @crypdick . Just tried on 5.1.0.

https://github.com/user-attachments/assets/28c77026-ce28-41df-9c27-264deee15a12

crypdick commented 10 hours ago

@freddyaboulton in your screencast, the images are in the root of the par dir. In my case, the images are nested under about 10 subdirs below the pardir.

freddyaboulton commented 9 hours ago

I just moved the images to be several directories down in ~/Pictures and I don't get the error you're getting.

https://github.com/user-attachments/assets/33905c9f-fb8e-424f-bafa-29c0cc845b62