search

intel / neural-compressor

SOTA low-bit LLM quantization (INT8/FP8/INT4/FP4/NF4) & sparsity; leading model compression techniques on TensorFlow, PyTorch, and ONNX Runtime
https://intel.github.io/neural-compressor/
Apache License 2.0
2.18k stars 252 forks source link

Fix sql injection for Neural Solution gRPC #1879

Closed Kaihui-intel closed 3 months ago

Kaihui-intel commented 3 months ago

Type of Change

bug fix

Description

SQL injection When submitting task through gRPC, it calls to the function TaskSubmitterServicer.SubmitTask which then calls to submit_task_to_db to do the job. The sql is constructed at run time with the task parameter and most attributes of the task can be controlled by attacker (e.g. script_url field), which results in SQL injection.

Expected Behavior & Potential Risk

the expected behavior that triggered by this PR

How has this PR been tested?

how to reproduce the test (including hardware information)

Dependency Change?

any library dependency introduced or removed

github-actions[bot] commented 3 months ago

⚡ Required checks status: All passing 🟢

Groups summary

🟢 Code Scan Neural-Solution Tests workflow | Check ID | Status | Error details | | | -------- | ------ | ---- | --- | | [Code-Scan-Neural-Solution](https://dev.azure.com/lpot-inc/b7121868-d73a-4794-90c1-23135f974d09/_build/results?buildId=31657) | success | | ✅ | | [Code-Scan-Neural-Solution (Bandit Code Scan Bandit)](https://dev.azure.com/lpot-inc/b7121868-d73a-4794-90c1-23135f974d09/_build/results?buildId=31657&view=logs&jobId=343c57fa-283e-589b-e772-0a0553c93e53) | success | | ✅ | | [Code-Scan-Neural-Solution (DocStyle Code Scan DocStyle)](https://dev.azure.com/lpot-inc/b7121868-d73a-4794-90c1-23135f974d09/_build/results?buildId=31657&view=logs&jobId=c1e234ec-db76-5d40-e8f0-e1ad3ef905a3) | success | | ✅ | | [Code-Scan-Neural-Solution (Pylint Code Scan Pylint)](https://dev.azure.com/lpot-inc/b7121868-d73a-4794-90c1-23135f974d09/_build/results?buildId=31657&view=logs&jobId=454075da-6b11-57a5-edf2-4c5947924fa8) | success | | ✅ | These checks are required after the changes to `neural_solution/frontend/utility.py`.
🟢 Unit Tests Neural-Solution workflow | Check ID | Status | Error details | | | -------- | ------ | ---- | --- | | [UT-Neural-Solution](https://dev.azure.com/lpot-inc/b7121868-d73a-4794-90c1-23135f974d09/_build/results?buildId=31658) | success | | ✅ | These checks are required after the changes to `neural_solution/frontend/utility.py`.

Thank you for your contribution! 💜

Note This comment is automatically generated and will be updates every 180 seconds within the next 6 hours. If you have any other questions, contact chensuyue or XuehaoSun for help.