Merge pull request #957 from roboflow/fix/avoid-passing-user-value-to…

…-isfile Fix/avoid passing user value to isfile
roboflow · Jan 17, 2025 · 4f72df9 · 4f72df9
2 parents 312a230 + 39e8d06
commit 4f72df9
Show file tree

Hide file tree

Showing 5 changed files with 17 additions and 2 deletions.
diff --git a/docker/dockerfiles/Dockerfile.onnx.lambda b/docker/dockerfiles/Dockerfile.onnx.lambda
@@ -75,6 +75,7 @@ ENV CORE_MODEL_TROCR_ENABLED=false
 ENV USE_FILE_CACHE_FOR_WORKFLOWS_DEFINITIONS=False
 ENV ALLOW_WORKFLOW_BLOCKS_ACCESSING_LOCAL_STORAGE=False
 ENV ALLOW_WORKFLOW_BLOCKS_ACCESSING_ENVIRONMENTAL_VARIABLES=False
+ENV ALLOW_LOADING_IMAGES_FROM_LOCAL_FILESYSTEM=False
 
 WORKDIR ${LAMBDA_TASK_ROOT}
 RUN rm -rf /build

diff --git a/docker/dockerfiles/Dockerfile.onnx.lambda.slim b/docker/dockerfiles/Dockerfile.onnx.lambda.slim
@@ -70,6 +70,7 @@ ENV ENABLE_WORKFLOWS_PROFILING=True
 ENV USE_FILE_CACHE_FOR_WORKFLOWS_DEFINITIONS=False
 ENV ALLOW_WORKFLOW_BLOCKS_ACCESSING_LOCAL_STORAGE=False
 ENV ALLOW_WORKFLOW_BLOCKS_ACCESSING_ENVIRONMENTAL_VARIABLES=False
+ENV ALLOW_LOADING_IMAGES_FROM_LOCAL_FILESYSTEM=False
 
 WORKDIR ${LAMBDA_TASK_ROOT}
 

diff --git a/docs/server_configuration/accepted_input_formats.md b/docs/server_configuration/accepted_input_formats.md
@@ -87,6 +87,6 @@ other targets will be rejected.
 * `BLACKLISTED_DESTINATIONS_FOR_URL_INPUT` - Optionally, you can specify a comma-separated list of forbidden 
 destinations for URL requests. For example:  `BLACKLISTED_DESTINATIONS_FOR_URL_INPUT=192.168.0.15,some.site.com`.
 URLs pointing to these targets will be rejected.
-
+* `ALLOW_LOADING_IMAGES_FROM_LOCAL_FILESYSTEM` - Set to `False` to disable local filesystem access to images - default: `True`.
 
 Check [inference cli docs](../inference_helpers/inference_cli.md) to see how to run server with specific flags.
diff --git a/inference/core/env.py b/inference/core/env.py
@@ -463,6 +463,9 @@
 ALLOW_WORKFLOW_BLOCKS_ACCESSING_ENVIRONMENTAL_VARIABLES = str2bool(
     os.getenv("ALLOW_WORKFLOW_BLOCKS_ACCESSING_ENVIRONMENTAL_VARIABLES", "True")
 )
+ALLOW_LOADING_IMAGES_FROM_LOCAL_FILESYSTEM = str2bool(
+    os.getenv("ALLOW_LOADING_IMAGES_FROM_LOCAL_FILESYSTEM", "True")
+)
 WORKFLOW_BLOCKS_WRITE_DIRECTORY = os.getenv("WORKFLOW_BLOCKS_WRITE_DIRECTORY")
 
 DEDICATED_DEPLOYMENT_ID = os.getenv("DEDICATED_DEPLOYMENT_ID")

diff --git a/inference/core/utils/image_utils.py b/inference/core/utils/image_utils.py
@@ -20,6 +20,7 @@
 from inference.core import logger
 from inference.core.entities.requests.inference import InferenceRequestImage
 from inference.core.env import (
+    ALLOW_LOADING_IMAGES_FROM_LOCAL_FILESYSTEM,
     ALLOW_NON_HTTPS_URL_INPUT,
     ALLOW_NUMPY_INPUT,
     ALLOW_URL_INPUT,
@@ -165,6 +166,11 @@ def load_image_with_known_type(
     Returns:
         Tuple[np.ndarray, bool]: A tuple of the loaded image as a numpy array and a boolean indicating if the image is in BGR format.
     """
+    if image_type is ImageType.FILE and not ALLOW_LOADING_IMAGES_FROM_LOCAL_FILESYSTEM:
+        raise InputImageLoadError(
+            message="Loading images from local filesystem is disabled.",
+            public_message="Loading images from local filesystem is disabled.",
+        )
     loader = IMAGE_LOADERS[image_type]
     is_bgr = True if image_type is not ImageType.PILLOW else False
     image = loader(value, cv_imread_flags)
@@ -194,7 +200,11 @@ def load_image_with_inferred_type(
         return np.asarray(value.convert("RGB")), False
     elif isinstance(value, str) and (value.startswith("http")):
         return load_image_from_url(value=value, cv_imread_flags=cv_imread_flags), True
-    elif isinstance(value, str) and os.path.isfile(value):
+    elif (
+        isinstance(value, str)
+        and ALLOW_LOADING_IMAGES_FROM_LOCAL_FILESYSTEM
+        and os.path.isfile(value)
+    ):
         return cv2.imread(value, cv_imread_flags), True
     else:
         return attempt_loading_image_from_string(