Google Blockly name used to store obfuscated/stolen/license violating code #8712
Comments
blepping
changed the title
|
As the creator of the aforementioned PR, yes, I can confirm that lllyasviel is using blockly's name to disguise obfuscated & stolen code. There is a possibility the code may also hide malicious code, due to some out of place imports. |
|
Thanks for reporting this; we're taking a look. |
|
@rachel-fenichel I hadn't really been following the linked pull since it's been a while but it appears there have been some recent developments. A different person with commit access removed the part was loading the obfuscated/stolen code in webui-forge. The repo hosting that code still remains unchanged and it's certainly possible that the main repo owner of webui-forge will revert those changes and add it back. (Also not sure if there might be anything else referencing it out there, even if webui-forge doesn't.) |
Link: https://github.com/lllyasviel/google_blockly_prototypes/tree/main/forge
This contains obfuscated code stolen from another repo in violation of its license. See: lllyasviel/stable-diffusion-webui-forge#2151
At the source where it's used, it's emitting log messages like "initializing google blockly", while in fact it is just rehydrating this stolen, obfuscated code.
In essence, it's using Google's name and reputation as a shield to make people less likely to investigate.
Right now, it seems like this is just used as a method to avoid crediting/adhering to the other project's license but in the future it could be used to deliver malicious/harmful code to the end user - while purporting to be related to Google Blockly.
The text was updated successfully, but these errors were encountered: