Dark Mode

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

Sign up
Appearance settings

Pytorch Load / Save Plugin#1114

Merged
ericwb merged 16 commits intoPyCQA:mainfrom
lukehinds:pytorch-checks
Sep 23, 2024
Merged

Pytorch Load / Save Plugin#1114
ericwb merged 16 commits intoPyCQA:mainfrom
lukehinds:pytorch-checks

Conversation

Copy link
Member

lukehinds commented Mar 3, 2024 *
edited
Loading

This plugin checks for the use of torch.load and torch.save.
Using torch.load with untrusted data can lead to arbitrary code execution,
and improper use of torch.save might expose sensitive data or lead to data
corruption.

This plugin checks for the use of `torch.load` and `torch.save`.
Using `torch.load` with untrusted data can lead to arbitrary code
execution, and improper use of `torch.save` might expose sensitive
data or lead to data corruption.

Signed-off-by: Luke Hinds
lukehinds requested review from ericwb and sigmavirus24 as code owners March 3, 2024 15:50
Copy link
Member Author

lukehinds commented Mar 3, 2024

Bit of cleaning up to do, will get onto next week

Copy link
Member

sigmavirus24 commented Mar 3, 2024

Closing and reopening to trigger precommit ci to auto fix this for you

sigmavirus24 closed this Mar 3, 2024
sigmavirus24 reopened this Mar 3, 2024
ericwb reviewed Mar 3, 2024
lukehinds added 3 commits March 4, 2024 10:46
Signed-off-by: Luke Hinds
Signed-off-by: Luke Hinds
Signed-off-by: Luke Hinds
Copy link
Member Author

lukehinds commented Mar 13, 2024

@sigmavirus24 / @ericwb I think I have reviewed most of the points now, fancy taking a second sweep?

sigmavirus24 reacted with eyes emoji

ericwb reviewed Mar 13, 2024
ericwb reviewed Aug 24, 2024
sigmavirus24 approved these changes Aug 24, 2024
ericwb requested changes Aug 26, 2024
Copy link
Member

ericwb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Recently the trojansource plugin was merged which conflicts with this plugin ID of B613. Please change to B614

lukehinds and others added 3 commits September 14, 2024 09:56
Copy link
Member Author

lukehinds commented Sep 14, 2024

sorry for late action, changes accepted @ericwb

ericwb approved these changes Sep 23, 2024
ericwb merged commit 36fd650 into PyCQA:main Sep 23, 2024
ericwb added a commit to ericwb/bandit that referenced this pull request Sep 27, 2024
* Pytorch Load / Save Plugin

This plugin checks for the use of `torch.load` and `torch.save`.
Using `torch.load` with untrusted data can lead to arbitrary code
execution, and improper use of `torch.save` might expose sensitive
data or lead to data corruption.

Signed-off-by: Luke Hinds

* [pre-commit.ci] auto fixes from pre-commit.com hooks

for more information, see https://pre-commit.ci

* Add missing save check

Signed-off-by: Luke Hinds

* Review fixes from 8b92a02

Signed-off-by: Luke Hinds

* Fix tox issues

Signed-off-by: Luke Hinds

* Review fixes

Signed-off-by: Luke Hinds

* [pre-commit.ci] auto fixes from pre-commit.com hooks

for more information, see https://pre-commit.ci

* Update test_functional.py

* Update bandit/plugins/pytorch_load_save.py

Co-authored-by: Eric Brown

* Update bandit/plugins/pytorch_load_save.py

Co-authored-by: Eric Brown

* Update doc/source/plugins/b704_pytorch_load_save.rst

Co-authored-by: Eric Brown

* Update bandit/plugins/pytorch_load_save.py

Co-authored-by: Eric Brown

---------

Signed-off-by: Luke Hinds
Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
Co-authored-by: Eric Brown
Signed-off-by: Eric Brown
Copy link

SpecLad commented Jan 28, 2025

improper use of torch.save might expose sensitive data or lead to data corruption.

What's the evidence for this? None of the references mention any security problems with torch.save.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

sigmavirus24 sigmavirus24 approved these changes

ericwb ericwb approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants