-
-
Notifications
You must be signed in to change notification settings - Fork 732
Merged
Conversation
Member
This plugin checks for the use of torch.load and torch.save.
Using torch.load with untrusted data can lead to arbitrary code execution,
and improper use of torch.save might expose sensitive data or lead to data
corruption.
This plugin checks for the use of `torch.load` and `torch.save`.
Using `torch.load` with untrusted data can lead to arbitrary code
execution, and improper use of `torch.save` might expose sensitive
data or lead to data corruption.
Signed-off-by: Luke Hinds
Using `torch.load` with untrusted data can lead to arbitrary code
execution, and improper use of `torch.save` might expose sensitive
data or lead to data corruption.
Signed-off-by: Luke Hinds
Member
Author
|
Bit of cleaning up to do, will get onto next week |
Member
|
Closing and reopening to trigger precommit ci to auto fix this for you |
for more information, see https://pre-commit.ci
sigmavirus24
reviewed
Mar 3, 2024
ericwb
reviewed
Mar 3, 2024
Signed-off-by: Luke Hinds
Signed-off-by: Luke Hinds
Signed-off-by: Luke Hinds
Member
Author
|
@sigmavirus24 / @ericwb I think I have reviewed most of the points now, fancy taking a second sweep? |
sigmavirus24
reviewed
Mar 13, 2024
ericwb
reviewed
Mar 13, 2024
Signed-off-by: Luke Hinds
for more information, see https://pre-commit.ci
ericwb
reviewed
Aug 24, 2024
sigmavirus24
approved these changes
Aug 24, 2024
Co-authored-by: Eric Brown
ericwb
requested changes
Aug 26, 2024
Member
ericwb
left a comment
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Recently the trojansource plugin was merged which conflicts with this plugin ID of B613. Please change to B614
Co-authored-by: Eric Brown
Co-authored-by: Eric Brown
Co-authored-by: Eric Brown
ericwb
approved these changes
Sep 23, 2024
ericwb
added a commit
to ericwb/bandit
that referenced
this pull request
Sep 27, 2024
* Pytorch Load / Save Plugin
This plugin checks for the use of `torch.load` and `torch.save`.
Using `torch.load` with untrusted data can lead to arbitrary code
execution, and improper use of `torch.save` might expose sensitive
data or lead to data corruption.
Signed-off-by: Luke Hinds
* [pre-commit.ci] auto fixes from pre-commit.com hooks
for more information, see https://pre-commit.ci
* Add missing save check
Signed-off-by: Luke Hinds
* Review fixes from 8b92a02
Signed-off-by: Luke Hinds
* Fix tox issues
Signed-off-by: Luke Hinds
* Review fixes
Signed-off-by: Luke Hinds
* [pre-commit.ci] auto fixes from pre-commit.com hooks
for more information, see https://pre-commit.ci
* Update test_functional.py
* Update bandit/plugins/pytorch_load_save.py
Co-authored-by: Eric Brown
* Update bandit/plugins/pytorch_load_save.py
Co-authored-by: Eric Brown
* Update doc/source/plugins/b704_pytorch_load_save.rst
Co-authored-by: Eric Brown
* Update bandit/plugins/pytorch_load_save.py
Co-authored-by: Eric Brown
---------
Signed-off-by: Luke Hinds
Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
Co-authored-by: Eric Brown
Signed-off-by: Eric Brown
This plugin checks for the use of `torch.load` and `torch.save`.
Using `torch.load` with untrusted data can lead to arbitrary code
execution, and improper use of `torch.save` might expose sensitive
data or lead to data corruption.
Signed-off-by: Luke Hinds
* [pre-commit.ci] auto fixes from pre-commit.com hooks
for more information, see https://pre-commit.ci
* Add missing save check
Signed-off-by: Luke Hinds
* Review fixes from 8b92a02
Signed-off-by: Luke Hinds
* Fix tox issues
Signed-off-by: Luke Hinds
* Review fixes
Signed-off-by: Luke Hinds
* [pre-commit.ci] auto fixes from pre-commit.com hooks
for more information, see https://pre-commit.ci
* Update test_functional.py
* Update bandit/plugins/pytorch_load_save.py
Co-authored-by: Eric Brown
* Update bandit/plugins/pytorch_load_save.py
Co-authored-by: Eric Brown
* Update doc/source/plugins/b704_pytorch_load_save.rst
Co-authored-by: Eric Brown
* Update bandit/plugins/pytorch_load_save.py
Co-authored-by: Eric Brown
---------
Signed-off-by: Luke Hinds
Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
Co-authored-by: Eric Brown
Signed-off-by: Eric Brown
What's the evidence for this? None of the references mention any security problems with |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.