PyPI - streamlit-nightly - Versions diffs - 1.53.2.dev20260202__py3-none-any.whl → 1.53.2.dev20260203__py3-none-any.whl - Mend

streamlit-nightly 1.53.2.dev20260202py3-none-any.whl → 1.53.2.dev20260203py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (113) hide show

streamlit/commands/logo.py CHANGED Viewed

@@ -108,13 +108,13 @@ def logo(
     Parameters
     ----------
-    image: Anything supported by st.image (except list), emoji, or icon
+    image: Anything supported by st.image (except list) or str
         The image to display in the upper-left corner of your app and its
         sidebar. If ``icon_image`` is also provided, then Streamlit will only
         display ``image`` in the sidebar.
-        In addition to any of the types supported by |st.image|_ (except list),
-        the following strings are valid:
+        ``image`` can be any of the types supported by |st.image|_ except
+        a list. Additionally, the following strings are valid:
         - A single-character emoji. For example, you can set ``image="🏠"``
           or ``image="🚀"``. Emoji short codes are not supported.
@@ -146,19 +146,15 @@ def logo(
         The external URL to open when a user clicks on the logo. The URL must
         start with "\http://" or "\https://". If ``link`` is ``None`` (default),
         the logo will not include a hyperlink.
-    icon_image: Anything supported by st.image (except list), emoji, icon, or None
+    icon_image: Anything supported by st.image (except list), str, or None
         An optional, typically smaller image to replace ``image`` in the
-        upper-left corner when the sidebar is closed. If ``icon_image`` is
+        upper-left corner when the sidebar is closed. This can be any of the
+        types allowed for the ``image`` parameter. If ``icon_image`` is
         ``None`` (default), Streamlit will always display ``image`` in the
         upper-left corner, regardless of whether the sidebar is open or closed.
         Otherwise, Streamlit will render ``icon_image`` in the upper-left
         corner of the app when the sidebar is closed.
-        In addition to any of the types supported by ``st.image`` (except list),
-        this also accepts single-character emojis (e.g., ``"🏠"``) and Material
-        icons (e.g., ``":material/home:"``). See the ``image`` parameter for
-        more details on these formats.
         Streamlit scales the image to a max height set by ``size`` and a max
         width to fit within the sidebar. If the sidebar is closed, the max
         width is retained from when it was last open.

streamlit/components/v2/component_path_utils.py CHANGED Viewed

@@ -22,12 +22,12 @@ outside of a declared package root.
 from __future__ import annotations
-import os
 from pathlib import Path
 from typing import Final
 from streamlit.errors import StreamlitComponentRegistryError
 from streamlit.logger import get_logger
+from streamlit.path_security import is_unsafe_path_pattern
 _LOGGER: Final = get_logger(__name__)
@@ -132,7 +132,12 @@ class ComponentPathUtils:
     @staticmethod
     def _assert_relative_no_traversal(path: str, *, label: str) -> None:
-        """Raise if ``path`` is absolute or contains ``..`` segments.
+        """Raise if ``path`` is absolute, contains traversal, or has unsafe patterns.
+        This method uses the shared ``is_unsafe_path_pattern`` function to ensure
+        consistent security checks across the codebase. The shared function also
+        checks for additional patterns like null bytes, forward-slash UNC paths,
+        and drive-relative paths (e.g., ``C:foo``).
         Parameters
         ----------
@@ -141,34 +146,17 @@ class ComponentPathUtils:
         label : str
             Human-readable label used in error messages (e.g., "component paths").
         """
-        # Absolute path checks (POSIX, Windows drive-letter, UNC)
-        is_windows_drive_abs = (
-            len(path) >= 3
-            and path[0].isalpha()
-            and path[1] == ":"
-            and path[2] in {"/", "\\"}
-        )
-        is_unc_abs = path.startswith("\\\\")
-        # Consider rooted backslash paths "\\dir" as absolute on Windows-like inputs
-        is_rooted_backslash = path.startswith("\\") and not is_unc_abs
-        if (
-            os.path.isabs(path)
-            or is_windows_drive_abs
-            or is_unc_abs
-            or is_rooted_backslash
-        ):
-            raise StreamlitComponentRegistryError(
-                f"Absolute paths are not allowed in {label}: {path}"
-            )
-        # Segment-based traversal detection to avoid false positives (e.g. "file..js")
-        normalized = path.replace("\\", "/")
-        segments = [seg for seg in normalized.split("/") if seg != ""]
-        if any(seg == ".." for seg in segments):
+        if is_unsafe_path_pattern(path):
+            # Determine appropriate error message based on pattern.
+            # Use segment-based check to avoid false positives like "file..js"
+            normalized = path.replace("\\", "/")
+            segments = [seg for seg in normalized.split("/") if seg]
+            if ".." in segments:
+                raise StreamlitComponentRegistryError(
+                    f"Path traversal attempts are not allowed in {label}: {path}"
+                )
             raise StreamlitComponentRegistryError(
-                f"Path traversal attempts are not allowed in {label}: {path}"
+                f"Unsafe paths are not allowed in {label}: {path}"
             )
     @staticmethod

streamlit/config.py CHANGED Viewed

@@ -621,8 +621,10 @@ _create_option(
     "client.showErrorLinks",
     description="""
         Controls whether to show external help links (Google, ChatGPT) in
-        error displays. Can be "auto" (shows on localhost only), true (always
-        show), or false (never show).
+        error displays. The following values are valid:
+        - "auto" (default): Links are shown only on localhost.
+        - True: Links are shown on all domains.
+        - False: Links are never shown.
     """,
     default_val="auto",
     type_=str,

streamlit/path_security.py ADDED Viewed

@@ -0,0 +1,98 @@
+# Copyright (c) Streamlit Inc. (2018-2022) Snowflake Inc. (2022-2026)
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+"""Shared path security utilities for preventing path traversal and SSRF attacks.
+This module provides a centralized implementation for path validation that is
+used by multiple parts of the codebase. Having a single implementation ensures
+consistent security checks and avoids divergent behavior between components.
+Security Context
+----------------
+These checks are designed to run BEFORE any filesystem operations (like
+``os.path.realpath()``) to prevent Windows from triggering SMB connections
+to attacker-controlled servers when resolving UNC paths. This prevents
+SSRF attacks and NTLM hash disclosure.
+"""
+from __future__ import annotations
+import os
+import string
+def is_unsafe_path_pattern(path: str) -> bool:
+    r"""Return True if path contains UNC, absolute, drive, or traversal patterns.
+    This function checks for dangerous path patterns that could lead to:
+    - SSRF attacks via Windows UNC path resolution
+    - NTLM hash disclosure via SMB connections
+    - Path traversal outside intended directories
+    - Path truncation via null bytes
+    IMPORTANT: This check must run BEFORE any ``os.path.realpath()`` calls
+    to prevent Windows from triggering SMB connections to attacker-controlled
+    servers.
+    Parameters
+    ----------
+    path : str
+        The path string to validate.
+    Returns
+    -------
+    bool
+        True if the path contains unsafe patterns, False if it appears safe
+        for further processing.
+    Examples
+    --------
+    >>> is_unsafe_path_pattern("subdir/file.js")
+    False
+    >>> is_unsafe_path_pattern("\\\\server\\share")
+    True
+    >>> is_unsafe_path_pattern("../../../etc/passwd")
+    True
+    >>> is_unsafe_path_pattern("C:\\Windows\\system32")
+    True
+    """
+    # Null bytes can be used for path truncation attacks
+    if "\x00" in path:
+        return True
+    # UNC paths (Windows network shares, including \\?\ and \\.\ prefixes)
+    if path.startswith(("\\\\", "//")):
+        return True
+    # Windows drive paths (e.g. C:\, D:foo) - on Windows, os.path.realpath() on a
+    # drive path can trigger SMB connections if the drive is mapped to a network share.
+    # This enables SSRF attacks and NTLM hash disclosure. We reject all drive-qualified
+    # paths including drive-relative paths like "C:foo" which resolve against the current
+    # directory of that drive. Checked on all platforms for defense-in-depth and
+    # testability (CI runs on Linux).
+    if len(path) >= 2 and path[0] in string.ascii_letters and path[1] == ":":
+        return True
+    # Rooted backslash or forward slash (absolute paths)
+    if path.startswith(("\\", "/")):
+        return True
+    # Also check os.path.isabs for platform-specific absolute path detection
+    if os.path.isabs(path):
+        return True
+    # Path traversal - check segments after normalizing separators
+    normalized = path.replace("\\", "/")
+    segments = [seg for seg in normalized.split("/") if seg]
+    return ".." in segments

streamlit/runtime/app_session.py CHANGED Viewed

@@ -1009,13 +1009,21 @@ def _get_toolbar_mode() -> Config.ToolbarMode.ValueType:
 def _get_show_error_links() -> Config.ShowErrorLinks.ValueType:
     config_key = "client.showErrorLinks"
+    config_value = config.get_option(config_key)
+    # Handle boolean values (from st.set_option or programmatic setting)
+    if config_value is True:
+        return Config.ShowErrorLinks.SHOW_ERROR_LINKS_TRUE
+    if config_value is False:
+        return Config.ShowErrorLinks.SHOW_ERROR_LINKS_FALSE
+    # Handle string values (from config.toml or command-line)
     allowed_values = ["auto", "true", "false"]
     value_to_enum = {
         "auto": Config.ShowErrorLinks.SHOW_ERROR_LINKS_AUTO,
         "true": Config.ShowErrorLinks.SHOW_ERROR_LINKS_TRUE,
         "false": Config.ShowErrorLinks.SHOW_ERROR_LINKS_FALSE,
     }
-    config_value = config.get_option(config_key)
     if config_value not in allowed_values:
         raise ValueError(
             f"Config {config_key!r} expects to have one of "

streamlit/static/index.html CHANGED Viewed

@@ -37,7 +37,7 @@
     <script>
       window.prerenderReady = false
     </script>
-    <script type="module" crossorigin src="./static/js/index.y5HxPwg9.js"></script>
+    <script type="module" crossorigin src="./static/js/index.BHyzKS4e.js"></script>
     <link rel="stylesheet" crossorigin href="./static/css/index.C8MrxwGF.css">
   </head>
   <body>

streamlit-nightly 1.53.2.dev20260202__py3-none-any.whl → 1.53.2.dev20260203__py3-none-any.whl

streamlit-nightly 1.53.2.dev20260202py3-none-any.whl → 1.53.2.dev20260203py3-none-any.whl