Hugging Face's logo

Spaces:
kunifujiwara
/
streamlit-geospatial
Running

App Files Community
giswqs commited on
Commit
c4f81d9
β€’
1 Parent(s): 3f9b00a

Fix GitHub Vulnerability (#136)

Browse files
Files changed (5) hide show
  1. pages/10_🌍_Earth_Engine_Datasets.py +11 -2
  2. pages/1_πŸ“·_Timelapse.py +12 -5
  3. pages/7_πŸ“¦_Web_Map_Service.py +20 -2
  4. pages/8_🏜️_Raster_Data_Visualization.py +13 -2
  5. pages/9_πŸ”²_Vector_Data_Visualization.py +12 -1
pages/10_🌍_Earth_Engine_Datasets.py CHANGED
@@ -1,4 +1,5 @@
1
  import ee
 
2
  import streamlit as st
3
  import geemap.foliumap as geemap
4
 
@@ -110,6 +111,14 @@ def search_data():
110
  uid = ee_assets[index]["uid"]
111
  st.markdown(f"""**Earth Engine Snippet:** `{ee_id}`""")
112
  ee_asset = f"{translate[asset_types[index]]}{ee_id}')"
 
 
 
 
 
 
 
 
113
  vis_params = st.text_input(
114
  "Enter visualization parameters as a dictionary", {}
115
  )
@@ -121,11 +130,11 @@ def search_data():
121
  if vis_params.strip() == "":
122
  # st.error("Please enter visualization parameters")
123
  vis_params = "{}"
124
- vis = eval(vis_params)
125
  if not isinstance(vis, dict):
126
  st.error("Visualization parameters must be a dictionary")
127
  try:
128
- Map.addLayer(eval(ee_asset), vis, layer_name)
129
  except Exception as e:
130
  st.error(f"Error adding layer: {e}")
131
  except Exception as e:
 
1
  import ee
2
+ import json
3
  import streamlit as st
4
  import geemap.foliumap as geemap
5
 
 
111
  uid = ee_assets[index]["uid"]
112
  st.markdown(f"""**Earth Engine Snippet:** `{ee_id}`""")
113
  ee_asset = f"{translate[asset_types[index]]}{ee_id}')"
114
+
115
+ if ee_asset.startswith("ee.ImageCollection"):
116
+ ee_asset = ee.ImageCollection(ee_id)
117
+ elif ee_asset.startswith("ee.Image"):
118
+ ee_asset = ee.Image(ee_id)
119
+ elif ee_asset.startswith("ee.FeatureCollection"):
120
+ ee_asset = ee.FeatureCollection(ee_id)
121
+
122
  vis_params = st.text_input(
123
  "Enter visualization parameters as a dictionary", {}
124
  )
 
130
  if vis_params.strip() == "":
131
  # st.error("Please enter visualization parameters")
132
  vis_params = "{}"
133
+ vis = json.loads(vis_params.replace("'", '"'))
134
  if not isinstance(vis, dict):
135
  st.error("Visualization parameters must be a dictionary")
136
  try:
137
+ Map.addLayer(ee_asset, vis, layer_name)
138
  except Exception as e:
139
  st.error(f"Error adding layer: {e}")
140
  except Exception as e:
pages/1_πŸ“·_Timelapse.py CHANGED
@@ -1,4 +1,5 @@
1
  import ee
 
2
  import os
3
  import warnings
4
  import datetime
@@ -377,7 +378,9 @@ def app():
377
  st.write(
378
  cm.plot_colormap(cmap=palette_options, return_fig=True)
379
  )
380
- st.session_state["palette"] = eval(palette)
 
 
381
 
382
  if bands:
383
  vis_params = st.text_area(
@@ -392,7 +395,9 @@ def app():
392
  "{}",
393
  )
394
  try:
395
- st.session_state["vis_params"] = eval(vis_params)
 
 
396
  st.session_state["vis_params"]["palette"] = st.session_state[
397
  "palette"
398
  ]
@@ -432,7 +437,7 @@ def app():
432
  palette_values,
433
  )
434
  st.write(cm.plot_colormap(cmap=palette_options, return_fig=True))
435
- st.session_state["palette"] = eval(palette)
436
  elif collection == "MODIS Ocean Color SMI":
437
  with st.expander("Show dataset details", False):
438
  st.markdown(
@@ -490,7 +495,7 @@ def app():
490
  palette_values,
491
  )
492
  st.write(cm.plot_colormap(cmap=palette_options, return_fig=True))
493
- st.session_state["palette"] = eval(palette)
494
 
495
  sample_roi = st.selectbox(
496
  "Select a sample ROI or upload a GeoJSON file:",
@@ -1342,7 +1347,9 @@ def app():
1342
  if vis_params.startswith("{") and vis_params.endswith(
1343
  "}"
1344
  ):
1345
- vis_params = eval(vis_params)
 
 
1346
  else:
1347
  vis_params = None
1348
  out_gif = geemap.modis_ocean_color_timelapse(
 
1
  import ee
2
+ import json
3
  import os
4
  import warnings
5
  import datetime
 
378
  st.write(
379
  cm.plot_colormap(cmap=palette_options, return_fig=True)
380
  )
381
+ st.session_state["palette"] = json.loads(
382
+ palette.replace("'", '"')
383
+ )
384
 
385
  if bands:
386
  vis_params = st.text_area(
 
395
  "{}",
396
  )
397
  try:
398
+ st.session_state["vis_params"] = json.loads(
399
+ vis_params.replace("'", '"')
400
+ )
401
  st.session_state["vis_params"]["palette"] = st.session_state[
402
  "palette"
403
  ]
 
437
  palette_values,
438
  )
439
  st.write(cm.plot_colormap(cmap=palette_options, return_fig=True))
440
+ st.session_state["palette"] = json.loads(palette.replace("'", '"'))
441
  elif collection == "MODIS Ocean Color SMI":
442
  with st.expander("Show dataset details", False):
443
  st.markdown(
 
495
  palette_values,
496
  )
497
  st.write(cm.plot_colormap(cmap=palette_options, return_fig=True))
498
+ st.session_state["palette"] = json.loads(palette.replace("'", '"'))
499
 
500
  sample_roi = st.selectbox(
501
  "Select a sample ROI or upload a GeoJSON file:",
 
1347
  if vis_params.startswith("{") and vis_params.endswith(
1348
  "}"
1349
  ):
1350
+ vis_params = json.loads(
1351
+ vis_params.replace("'", '"')
1352
+ )
1353
  else:
1354
  vis_params = None
1355
  out_gif = geemap.modis_ocean_color_timelapse(
pages/7_πŸ“¦_Web_Map_Service.py CHANGED
@@ -1,4 +1,5 @@
1
  import ast
 
2
  import streamlit as st
3
  import leafmap.foliumap as leafmap
4
 
@@ -19,6 +20,12 @@ st.sidebar.info(
19
  """
20
  )
21
 
 
 
 
 
 
 
22
 
23
  @st.cache_data
24
  def get_layers(url):
@@ -26,6 +33,10 @@ def get_layers(url):
26
  return options
27
 
28
 
 
 
 
 
29
  def app():
30
  st.title("Web Map Service (WMS)")
31
  st.markdown(
@@ -50,7 +61,14 @@ def app():
50
  empty = st.empty()
51
 
52
  if url:
53
- options = get_layers(url)
 
 
 
 
 
 
 
54
 
55
  default = None
56
  if url == esa_landcover:
@@ -79,7 +97,7 @@ def app():
79
  url, layers=layer, name=layer, attribution=" ", transparent=True
80
  )
81
  if add_legend and legend_text:
82
- legend_dict = ast.literal_eval(legend_text)
83
  m.add_legend(legend_dict=legend_dict)
84
 
85
  m.to_streamlit(height=height)
 
1
  import ast
2
+ import json
3
  import streamlit as st
4
  import leafmap.foliumap as leafmap
5
 
 
20
  """
21
  )
22
 
23
+ # Define a whitelist of trusted URLs
24
+ trusted_urls = [
25
+ "https://services.terrascope.be/wms/v2",
26
+ # Add more trusted URLs here
27
+ ]
28
+
29
 
30
  @st.cache_data
31
  def get_layers(url):
 
33
  return options
34
 
35
 
36
+ def is_trusted_url(url):
37
+ return url in trusted_urls
38
+
39
+
40
  def app():
41
  st.title("Web Map Service (WMS)")
42
  st.markdown(
 
61
  empty = st.empty()
62
 
63
  if url:
64
+
65
+ if is_trusted_url(url):
66
+ options = get_layers(url)
67
+ # Process options as needed
68
+ else:
69
+ st.error(
70
+ "The entered URL is not trusted. Please enter a valid WMS URL."
71
+ )
72
 
73
  default = None
74
  if url == esa_landcover:
 
97
  url, layers=layer, name=layer, attribution=" ", transparent=True
98
  )
99
  if add_legend and legend_text:
100
+ legend_dict = json.loads(legend_text.replace("'", '"'))
101
  m.add_legend(legend_dict=legend_dict)
102
 
103
  m.to_streamlit(height=height)
pages/8_🏜️_Raster_Data_Visualization.py CHANGED
@@ -1,3 +1,4 @@
 
1
  import os
2
  import leafmap.foliumap as leafmap
3
  import leafmap.colormaps as cm
@@ -45,6 +46,14 @@ An interactive web app for visualizing local raster datasets and Cloud Optimized
45
  """
46
  )
47
 
 
 
 
 
 
 
 
 
48
  row1_col1, row1_col2 = st.columns([2, 1])
49
 
50
  with row1_col1:
@@ -59,7 +68,7 @@ with row1_col2:
59
  cog,
60
  )
61
 
62
- if url:
63
  try:
64
  options = leafmap.cog_bands(url)
65
  except Exception as e:
@@ -74,6 +83,8 @@ with row1_col2:
74
  pass
75
  else:
76
  st.error("Please select one or three bands")
 
 
77
 
78
  add_params = st.checkbox("Add visualization parameters")
79
  if add_params:
@@ -83,7 +94,7 @@ with row1_col2:
83
 
84
  if len(vis_params) > 0:
85
  try:
86
- vis_params = eval(vis_params)
87
  except Exception as e:
88
  st.error(
89
  f"Invalid visualization parameters. It should be a dictionary. Error: {e}"
 
1
+ import json
2
  import os
3
  import leafmap.foliumap as leafmap
4
  import leafmap.colormaps as cm
 
46
  """
47
  )
48
 
49
+
50
+ def is_trusted_url(url):
51
+ if url.startswith("https://opendata.digitalglobe.com/events/california-fire-2020/"):
52
+ return True
53
+ else:
54
+ return False
55
+
56
+
57
  row1_col1, row1_col2 = st.columns([2, 1])
58
 
59
  with row1_col1:
 
68
  cog,
69
  )
70
 
71
+ if is_trusted_url(url):
72
  try:
73
  options = leafmap.cog_bands(url)
74
  except Exception as e:
 
83
  pass
84
  else:
85
  st.error("Please select one or three bands")
86
+ else:
87
+ st.error("Please enter a trusted URL")
88
 
89
  add_params = st.checkbox("Add visualization parameters")
90
  if add_params:
 
94
 
95
  if len(vis_params) > 0:
96
  try:
97
+ vis_params = json.loads(vis_params.replace("'", '"'))
98
  except Exception as e:
99
  st.error(
100
  f"Invalid visualization parameters. It should be a dictionary. Error: {e}"
pages/9_πŸ”²_Vector_Data_Visualization.py CHANGED
@@ -21,6 +21,17 @@ st.sidebar.info(
21
  )
22
 
23
 
 
 
 
 
 
 
 
 
 
 
 
24
  def save_uploaded_file(file_content, file_name):
25
  """
26
  Save the uploaded file to a temporary directory
@@ -71,7 +82,7 @@ def app():
71
 
72
  container = st.container()
73
 
74
- if data or url:
75
  if data:
76
  file_path = save_uploaded_file(data, data.name)
77
  layer_name = os.path.splitext(data.name)[0]
 
21
  )
22
 
23
 
24
+ # Define a whitelist of trusted URLs
25
+ trusted_urls = [
26
+ "https://github.com/giswqs/streamlit-geospatial/raw/master/data/us_states.geojson",
27
+ # Add more trusted URLs here
28
+ ]
29
+
30
+
31
+ def is_trusted_url(url):
32
+ return url in trusted_urls
33
+
34
+
35
  def save_uploaded_file(file_content, file_name):
36
  """
37
  Save the uploaded file to a temporary directory
 
82
 
83
  container = st.container()
84
 
85
+ if data or is_trusted_url(url):
86
  if data:
87
  file_path = save_uploaded_file(data, data.name)
88
  layer_name = os.path.splitext(data.name)[0]