Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Pytorch fix #1231

Merged
merged 8 commits into from
Feb 16, 2025
Merged

Pytorch fix #1231

merged 8 commits into from
Feb 16, 2025

Conversation

lukehinds
Copy link
Member

B614: Fix PyTorch plugin to handle weights_only parameter correctly

The PyTorch plugin (B614) has been updated to properly handle the weights_only parameter in torch.load calls. When weights_only=True is specified, PyTorch will only deserialize known safe types, making the operation more secure.

I also removed torch.save as there is no specific insecure case as such, saving any file or artifact requires consideration of what it is you are saving and along with the legitimacy of the source input for the saved object.

Changes:

  • Update plugin to only check torch.load calls (not torch.save)
  • Fix weights_only check to handle both string and boolean True values
  • Remove map_location check as it doesn't affect security
  • Update example file to demonstrate both safe and unsafe cases
  • Update plugin documentation to mention weights_only as a safe alternative

The plugin now correctly identifies unsafe torch.load calls while allowing safe usage with weights_only=True to pass without warning.

Fixes: #1224

@lukehinds
Fix pytorch weights check
3674e2f
@lukehinds
B614: Fix PyTorch plugin to handle weights_only parameter correctly
c335d37 
The PyTorch plugin (B614) has been updated to properly handle the weights_only
parameter in torch.load calls. When weights_only=True is specified, PyTorch will
only deserialize known safe types, making the operation more secure.

I also removed torch.save as there is no certain insecure element as
such, saving any file or artifact requires consideration of what it is
you are saving.

Changes:
- Update plugin to only check torch.load calls (not torch.save)
- Fix weights_only check to handle both string and boolean True values
- Remove map_location check as it doesn't affect security
- Update example file to demonstrate both safe and unsafe cases
- Update plugin documentation to mention weights_only as a safe alternative

The plugin now correctly identifies unsafe torch.load calls while allowing safe
usage with weights_only=True to pass without warning.

Fixes: PyCQA#1224
ericwb
ericwb reviewed Feb 14, 2025
View reviewed changes
lukehinds and others added 2 commits February 16, 2025 01:07
@lukehinds @ericwb
Update doc/source/plugins/b614_pytorch_load.rst
b7ab6f3 
Co-authored-by: Eric Brown <ericwb@users.noreply.github.com>
@lukehinds
Update pytorch_load.py
e9b74ec
@ericwb ericwb merged commit 8ff25e0 into PyCQA:main Feb 16, 2025
15 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sigmavirus24 sigmavirus24 sigmavirus24 approved these changes

@ericwb ericwb ericwb approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

torch.load with weights_only=True should not be flagged
3 participants
@lukehinds @sigmavirus24 @ericwb