Pytorch Load / Save Plugin

PyCQA / bandit

Bandit is a tool designed to find common security issues in Python code.

https://bandit.readthedocs.io

Apache License 2.0

6.5k stars 610 forks source link

Pytorch Load / Save Plugin #1114

Closed lukehinds closed 2 months ago

lukehinds commented 8 months ago

This plugin checks for the use of torch.load and torch.save. Using torch.load with untrusted data can lead to arbitrary code execution, and improper use of torch.save might expose sensitive data or lead to data corruption.

lukehinds commented 8 months ago

Bit of cleaning up to do, will get onto next week

sigmavirus24 commented 8 months ago

Closing and reopening to trigger precommit ci to auto fix this for you

lukehinds commented 8 months ago

@sigmavirus24 / @ericwb I think I have reviewed most of the points now, fancy taking a second sweep?

lukehinds commented 2 months ago

sorry for late action, changes accepted @ericwb