Skip to content

Refactor safe extract method to fix issue 6215 #6222

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 9 commits into from
Jul 16, 2024
Merged

Refactor safe extract method to fix issue 6215 #6222

merged 9 commits into from
Jul 16, 2024

Conversation

liqunfu
Copy link
Collaborator

@liqunfu liqunfu commented Jul 10, 2024

Description

#6215

@liqunfu
refactor safe extract method to fix issue 6215
a611ac8 
Signed-off-by: liqunfu <liqun.fu@microsoft.com>
@liqunfu liqunfu requested review from a team as code owners July 10, 2024 16:48
github-advanced-security[bot]
github-advanced-security bot found potential problems Jul 10, 2024
View reviewed changes
onnx/utils.py Outdated


def extract_model_safe(model_tar_path: str, local_model_with_data_dir_path: str) -> None:
"""

Check warning

Code scanning / lintrunner

RUFF/D212

Multi-line docstring summary should start at the first line. See https://docs.astral.sh/ruff/rules/multi-line-summary-first-line
github-advanced-security[bot]
github-advanced-security bot found potential problems Jul 10, 2024
View reviewed changes
onnx/utils.py
Comment on lines +294 to +296
members=_tar_members_filter(
model_with_data_zipped, local_model_with_data_dir_path
),

Check failure

Code scanning / CodeQL

Arbitrary file write during tarfile extraction

This file extraction depends on a [potentially untrusted source](1).
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jul 10, 2024
edited
Loading

Test Results

0 tests  ±0   0 ✅ ±0   0s ⏱️ ±0s
0 suites ±0   0 💤 ±0 
0 files   ±0   0 ❌ ±0 

Results for commit e26d8ea. ± Comparison against base commit 084c929.

♻️ This comment has been updated with latest results.

justinchuby
justinchuby reviewed Jul 10, 2024
View reviewed changes
justinchuby
justinchuby reviewed Jul 10, 2024
View reviewed changes
justinchuby
justinchuby reviewed Jul 10, 2024
View reviewed changes
@justinchuby justinchuby changed the title refactor safe extract method to fix issue 6215 Refactor safe extract method to fix issue 6215 Jul 10, 2024
@gramalingam
Copy link
Contributor

@liqunfu : should we merge this? I think renaming extract_model_safe to _extract_model_safe to make it private makes sense, as suggested above.

liqunfu and others added 3 commits July 16, 2024 10:48
@liqunfu @justinchuby
Update onnx/utils.py
324bb35 
Co-authored-by: Justin Chu <justinchuby@users.noreply.github.com>
Signed-off-by: liqun Fu <liqun.fu@microsoft.com>
@liqunfu @justinchuby
Update onnx/utils.py
3d7faa0 
Co-authored-by: Justin Chu <justinchuby@users.noreply.github.com>
Signed-off-by: liqun Fu <liqun.fu@microsoft.com>
@liqunfu
Merge branch 'main' into liqun/6215
d71694d
github-advanced-security[bot]
github-advanced-security bot found potential problems Jul 16, 2024
View reviewed changes
onnx/utils.py
model_with_data_zipped.extractall(
path=local_model_with_data_dir_path,
members=_tar_members_filter(
model_with_data_zipped, local_model_with_data_dir_path

Check failure

Code scanning / lintrunner

MYPY/arg-type

Argument 2 to "_tar_members_filter" has incompatible type "str | PathLike[Any]"; expected "str" To disable, use ` # type: ignore[arg-type]`
liqunfu added 4 commits July 16, 2024 10:56
@liqunfu
update with reviewers' comments
35edbc8 
Signed-off-by: liqunfu <liqun.fu@microsoft.com>
@liqunfu
lint
8a390a8 
Signed-off-by: liqunfu <liqun.fu@microsoft.com>
@liqunfu
lint
9800609 
Signed-off-by: liqunfu <liqun.fu@microsoft.com>
@liqunfu
lint
e26d8ea 
Signed-off-by: liqunfu <liqun.fu@microsoft.com>
@liqunfu liqunfu added this pull request to the merge queue Jul 16, 2024
Merged via the queue into main with commit 1b70f9b Jul 16, 2024
@liqunfu liqunfu deleted the liqun/6215 branch July 16, 2024 21:14
@Sunny-Anand Sunny-Anand mentioned this pull request Jul 19, 2024
Closed
cjvolzka pushed a commit that referenced this pull request Jul 19, 2024
@liqunfu @gramalingam
@justinchuby @cjvolzka
Refactor safe extract method to fix issue 6215 (#6222)
58675ed 
### Description
#6215

---------

Signed-off-by: liqunfu <liqun.fu@microsoft.com>
Signed-off-by: liqun Fu <liqun.fu@microsoft.com>
Co-authored-by: G. Ramalingam <grama@microsoft.com>
Co-authored-by: Justin Chu <justinchuby@users.noreply.github.com>
(cherry picked from commit 1b70f9b)
cjvolzka pushed a commit that referenced this pull request Jul 19, 2024
@liqunfu @gramalingam
@justinchuby @cjvolzka
Refactor safe extract method to fix issue 6215 (#6222)
d006365 
---------

Signed-off-by: liqunfu <liqfu@microsoft.com>
Signed-off-by: liqun Fu <liqfu@microsoft.com>
Co-authored-by: G. Ramalingam <grama@microsoft.com>
Co-authored-by: Justin Chu <justinchuby@users.noreply.github.com>
(cherry picked from commit 1b70f9b)
cjvolzka pushed a commit that referenced this pull request Jul 19, 2024
@liqunfu @gramalingam
@justinchuby @cjvolzka
Refactor safe extract method to fix issue 6215 (#6222)
b44f17e 
---------

Signed-off-by: liqunfu <liqfu@microsoft.com>
Signed-off-by: liqun Fu <liqfu@microsoft.com>
Co-authored-by: G. Ramalingam <grama@microsoft.com>
Co-authored-by: Justin Chu <justinchuby@users.noreply.github.com>
(cherry picked from commit 1b70f9b)
cjvolzka pushed a commit that referenced this pull request Jul 19, 2024
@liqunfu @gramalingam
@justinchuby @cjvolzka
Refactor safe extract method to fix issue 6215 (#6222)
1faaf7d 
---------

Signed-off-by: liqunfu <liqfu@microsoft.com>
Signed-off-by: liqun Fu <liqfu@microsoft.com>
Co-authored-by: G. Ramalingam <grama@microsoft.com>
Co-authored-by: Justin Chu <justinchuby@users.noreply.github.com>
(cherry picked from commit 1b70f9b)
@cjvolzka cjvolzka mentioned this pull request Jul 19, 2024
Closed
andife pushed a commit to andife/onnx that referenced this pull request Jul 20, 2024
@liqunfu @gramalingam
@justinchuby @andife
Refactor safe extract method to fix issue 6215 (onnx#6222)
70f99c3 
### Description
onnx#6215

---------

Signed-off-by: liqunfu <liqun.fu@microsoft.com>
Signed-off-by: liqun Fu <liqun.fu@microsoft.com>
Co-authored-by: G. Ramalingam <grama@microsoft.com>
Co-authored-by: Justin Chu <justinchuby@users.noreply.github.com>
Signed-off-by: Andreas Fehlner <fehlner@arcor.de>
andife pushed a commit that referenced this pull request Jul 23, 2024
@liqunfu @gramalingam
@justinchuby @andife
Refactor safe extract method to fix issue 6215 (#6222)
f186d8e 
---------

Signed-off-by: liqunfu <liqfu@microsoft.com>
Signed-off-by: liqun Fu <liqfu@microsoft.com>
Co-authored-by: G. Ramalingam <grama@microsoft.com>
Co-authored-by: Justin Chu <justinchuby@users.noreply.github.com>
(cherry picked from commit 1b70f9b)
Signed-off-by: Andreas Fehlner <fehlner@arcor.de>
@cjvolzka cjvolzka added this to the 1.16.2 milestone Jul 25, 2024
@cjvolzka cjvolzka mentioned this pull request Jul 26, 2024
Merged
cjvolzka pushed a commit that referenced this pull request Jul 29, 2024
@liqunfu @gramalingam
@justinchuby @cjvolzka
Refactor safe extract method to fix issue 6215 (#6222)
4a349e2 
---------

Signed-off-by: liqunfu <liqfu@microsoft.com>
Signed-off-by: liqun Fu <liqfu@microsoft.com>
Co-authored-by: G. Ramalingam <grama@microsoft.com>
Co-authored-by: Justin Chu <justinchuby@users.noreply.github.com>
(cherry picked from commit 1b70f9b)
cjvolzka added a commit that referenced this pull request Jul 30, 2024
@cjvolzka @sunflowersxu
@liqunfu @gramalingam
1.16.2 cherry picks (#6238)
8405188 
### Description
Check-pick commits from `main` into `rel-1.16.2` branch

### Motivation and Context
Fix 1.16.1 issues and enabled 1.16.2 builds by cherry-picking the
following PRs from `main` into the `1.16.2` branch

* Fixes since 1.16.0 release
  * #6164
  * #6222
  * #6217
  * #6255
  * #6254

---------

Co-authored-by: sunflowersxu <166728538+sunflowersxu@users.noreply.github.com>
Co-authored-by: liqun Fu <liqfu@microsoft.com>
Co-authored-by: G. Ramalingam <grama@microsoft.com>
@liqunfu liqunfu mentioned this pull request Aug 1, 2024
Closed
@hamptonm1 hamptonm1 mentioned this pull request Aug 1, 2024
Closed
andife pushed a commit to andife/onnx that referenced this pull request Aug 26, 2024
@liqunfu @gramalingam
@justinchuby @andife
Refactor safe extract method to fix issue 6215 (onnx#6222)
4095a5b 
### Description
onnx#6215

---------

Signed-off-by: liqunfu <liqun.fu@microsoft.com>
Signed-off-by: liqun Fu <liqun.fu@microsoft.com>
Co-authored-by: G. Ramalingam <grama@microsoft.com>
Co-authored-by: Justin Chu <justinchuby@users.noreply.github.com>
Signed-off-by: Andreas Fehlner <fehlner@arcor.de>
linshokaku pushed a commit to linshokaku/onnx that referenced this pull request Oct 2, 2024
@liqunfu @gramalingam
@justinchuby @linshokaku
Refactor safe extract method to fix issue 6215 (onnx#6222)
cba3791 
### Description
onnx#6215

---------

Signed-off-by: liqunfu <liqun.fu@microsoft.com>
Signed-off-by: liqun Fu <liqun.fu@microsoft.com>
Co-authored-by: G. Ramalingam <grama@microsoft.com>
Co-authored-by: Justin Chu <justinchuby@users.noreply.github.com>
Signed-off-by: Linsho Kaku <linsho@preferred.jp>
@kit1980 kit1980 mentioned this pull request Jan 28, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@justinchuby justinchuby justinchuby left review comments

@gramalingam gramalingam gramalingam approved these changes

Assignees
No one assigned
Labels
None yet
Projects
PR Tracker
Status: Done
Milestone
1.16.2
Development

Successfully merging this pull request may close these issues.
4 participants
@liqunfu @gramalingam @justinchuby @cjvolzka