Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

torch.load with weights_only=True should not be flagged #1224

Closed
SpecLad opened this issue Jan 28, 2025 · 0 comments · Fixed by #1231
Closed

torch.load with weights_only=True should not be flagged #1224

SpecLad opened this issue Jan 28, 2025 · 0 comments · Fixed by #1231
Labels
enhancement New feature or request
Milestone
Release 1.8.3

Comments

@SpecLad
Copy link

SpecLad commented Jan 28, 2025

Is your feature request related to a problem? Please describe.
Currently bandit reports B614:pytorch_load_save for the following code:

import torch
torch.load('foobar.pth', weights_only=True)

However, when weights_only=True, PyTorch will only deserialize known safe types, so there should be no security issue.

Describe the solution you'd like
B614 should only be reported when weights_only is missing or set to False.

Describe alternatives you've considered
In PyTorch 2.6, weights_only is slated to default to True, so once that's out, it may not be necessary to warn when weights_only is missing either.

Additional context
N/A

Love this idea? Give it a 👍. We prioritize fulfilling features with the most 👍.
@SpecLad SpecLad added the enhancement New feature or request label Jan 28, 2025
lukehinds added a commit to lukehinds/bandit that referenced this issue Feb 10, 2025
@lukehinds
B614: Fix PyTorch plugin to handle weights_only parameter correctly
c335d37 
The PyTorch plugin (B614) has been updated to properly handle the weights_only
parameter in torch.load calls. When weights_only=True is specified, PyTorch will
only deserialize known safe types, making the operation more secure.

I also removed torch.save as there is no certain insecure element as
such, saving any file or artifact requires consideration of what it is
you are saving.

Changes:
- Update plugin to only check torch.load calls (not torch.save)
- Fix weights_only check to handle both string and boolean True values
- Remove map_location check as it doesn't affect security
- Update example file to demonstrate both safe and unsafe cases
- Update plugin documentation to mention weights_only as a safe alternative

The plugin now correctly identifies unsafe torch.load calls while allowing safe
usage with weights_only=True to pass without warning.

Fixes: PyCQA#1224
@lukehinds lukehinds mentioned this issue Feb 10, 2025
Merged
@ericwb ericwb added this to the Release 1.8.3 milestone Feb 13, 2025
@ericwb ericwb closed this as completed in 8ff25e0 Feb 16, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
Release 1.8.3
Development

Successfully merging a pull request may close this issue.

Pytorch fix lukehinds/bandit
2 participants
@SpecLad @ericwb