Skip to content

Commit

Permalink
Update ML allowlist
Browse files Browse the repository at this point in the history
  • Loading branch information
@Boyan-MILANOV
Boyan-MILANOV committed Oct 4, 2024
1 parent 78d1858 commit 78a55c9
Showing 1 changed file with 13 additions and 8 deletions.
21 changes: 13 additions & 8 deletions fickling/ml.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,10 +9,11 @@
)
BW_HOOKS_SAFE_MSG = (
"The `backward_hooks` argument can seem unsafe but can be exploited only if the "
"pickle can generate malicious callable objects. Since generating a malicious callable is sufficient for "
"the attacker to execute arbitrary code, using `backward_hooks` is not needed. So this function can be "
"considered safe."
)
"pickle can generate malicious callable objects. Since generating a malicious callable is sufficient for "
"the attacker to execute arbitrary code, using `backward_hooks` is not needed. So this function can be "
"considered safe."

ENUM_MSG = "A simple enumeration."
DATACLASS_MSG = (
"A simple dataclass that can update itself from a dict, and load/save from a JSON file."
Expand All @@ -22,13 +23,17 @@
SIMPLE_FUNCTION_MSG = "A simple function that is not callable and can not be used as a code exec or `getattr` primitive."
BINDING_CLASS_MSG = "A binding class."

TRANSFORMERS_TRAININGARGS_MSG = "A dataclass for model training parameters."
"The `push_to_hub` field can lead to model uploads to public repositories and should "
"be used with caution. Other than that no fields can not be used for arbitrary code execution."
TRANSFORMERS_TRAININGARGS_MSG = (
"A dataclass for model training parameters."
"The `push_to_hub` field can lead to model uploads to public repositories and should "
"be used with caution. Other than that no fields can not be used for arbitrary code execution."
)

TRAININGARGS_SUBCLASS_MSG = "A subclass deriving from transformers.training_args.TrainingArguments."
MAIN_IMPORT_MSG = "We consider this name safe to import from __main__ because it doesn't overlap "
"with names of known pickle exploit primitives."
MAIN_IMPORT_MSG = (
"We consider this name safe to import from __main__ because it doesn't overlap "
"with names of known pickle exploit primitives."
)

# Allowlist for imports that can be considered safe when scanning a file
# without actually loading it. This typically excludes imports that could
Expand Down

0 comments on commit 78a55c9

Please sign in to comment.