Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

wip: ai model gallery #2316

Open
wants to merge 44 commits into
base: master
Choose a base branch
from
Open

wip: ai model gallery #2316

wants to merge 44 commits into from

Conversation

suhailkakar
Copy link
Member

What does this pull request do? Explain your changes. (required)

Specific updates (required)

How did you test each of these updates (required)

Does this pull request close any open issues?

Screenshots (optional)

Checklist

  • I have read the CONTRIBUTING document.
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have added tests to cover my changes.

@suhailkakar suhailkakar requested review from a team as code owners September 23, 2024 15:03
@vercel Vercel
Copy link

vercel bot commented Sep 23, 2024
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
livepeer-studio ✅ Ready (Inspect) Visit Preview 💬 Add feedback Oct 9, 2024 1:16pm

github-advanced-security[bot]
github-advanced-security bot found potential problems Oct 9, 2024
View reviewed changes
packages/www/pages/projects/[projectId]/model-gallery/playground/[id]/form.tsx
useEffect(() => {
if (selectedSegmentImage && canvasRef.current) {
const image = new Image();
image.src = selectedSegmentImage;

Check warning

Code scanning / CodeQL

DOM text reinterpreted as HTML Medium

DOM text
Loading
is reinterpreted as HTML without escaping meta-characters.

Copilot Autofix AI about 1 month ago

To fix this issue, we need to ensure that the file being used as the source for the image is safe and does not contain any malicious content. One way to achieve this is by validating the file type and size before using it. Additionally, we can use a library like DOMPurify to sanitize any potentially unsafe content.

  1. Validate the file type and size before setting it as the selectedSegmentImage.
  2. Use DOMPurify to sanitize the URL if necessary.
Suggested changeset 1
packages/www/pages/projects/[projectId]/model-gallery/playground/[id]/form.tsx

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/packages/www/pages/projects/[projectId]/model-gallery/playground/[id]/form.tsx b/packages/www/pages/projects/[projectId]/model-gallery/playground/[id]/form.tsx
--- a/packages/www/pages/projects/[projectId]/model-gallery/playground/[id]/form.tsx
+++ b/packages/www/pages/projects/[projectId]/model-gallery/playground/[id]/form.tsx
@@ -355,5 +355,6 @@
           const file = e.target.files?.[0];
-          if (file && file.type.startsWith("image/")) {
+          if (file && file.type.startsWith("image/") && file.size < 5 * 1024 * 1024) { // Check if file is an image and less than 5MB
             setSelectedSegmentImage(URL.createObjectURL(file));
           } else {
+            toast.error("Invalid file type or size. Please upload an image less than 5MB.");
             setSelectedSegmentImage(null);
EOF
@@ -355,5 +355,6 @@
const file = e.target.files?.[0];
if (file && file.type.startsWith("image/")) {
if (file && file.type.startsWith("image/") && file.size < 5 * 1024 * 1024) { // Check if file is an image and less than 5MB
setSelectedSegmentImage(URL.createObjectURL(file));
} else {
toast.error("Invalid file type or size. Please upload an image less than 5MB.");
setSelectedSegmentImage(null);
Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
packages/www/pages/projects/[projectId]/model-gallery/playground/[id]/form.tsx
const ctx = canvasRef.current.getContext("2d");
if (ctx && imageDimensions) {
const image = new Image();
image.src = selectedSegmentImage;

Check warning

Code scanning / CodeQL

DOM text reinterpreted as HTML Medium

DOM text
Loading
is reinterpreted as HTML without escaping meta-characters.

Copilot Autofix AI about 1 month ago

To fix this issue, we need to ensure that the selectedSegmentImage is properly sanitized before being used as the src attribute of an Image object. One way to achieve this is by validating the file type and ensuring it is a legitimate image file. Additionally, we can use a safer method to handle the image URL.

  • Validate the file type to ensure it is an image.
  • Use URL.createObjectURL to create a safe URL for the image file.
  • Ensure that the selectedSegmentImage is only set if the file type is valid.
Suggested changeset 1
packages/www/pages/projects/[projectId]/model-gallery/playground/[id]/form.tsx

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/packages/www/pages/projects/[projectId]/model-gallery/playground/[id]/form.tsx b/packages/www/pages/projects/[projectId]/model-gallery/playground/[id]/form.tsx
--- a/packages/www/pages/projects/[projectId]/model-gallery/playground/[id]/form.tsx
+++ b/packages/www/pages/projects/[projectId]/model-gallery/playground/[id]/form.tsx
@@ -356,3 +356,4 @@
           if (file && file.type.startsWith("image/")) {
-            setSelectedSegmentImage(URL.createObjectURL(file));
+            const safeUrl = URL.createObjectURL(file);
+            setSelectedSegmentImage(safeUrl);
           } else {
EOF
@@ -356,3 +356,4 @@
if (file && file.type.startsWith("image/")) {
setSelectedSegmentImage(URL.createObjectURL(file));
const safeUrl = URL.createObjectURL(file);
setSelectedSegmentImage(safeUrl);
} else {
Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@suhailkakar @0xcadams