From 8c01754beeb35e3e6699fb307d0928a9296fca11 Mon Sep 17 00:00:00 2001
From: Roman Donchenko <roman@cvat.ai>
Date: Tue, 28 Jan 2025 12:26:51 +0200
Subject: [PATCH 1/2] Add bandit suppressions to tracker functions

Now that GHSA-wq36-mxf8-hv62 is fixed, it is actually safe to use jsonpickle.
---
 .../dschoerk/transt/nuclio/model_handler.py   | 24 +++++++++++--------
 .../foolwood/siammask/nuclio/model_handler.py |  4 +++-
 2 files changed, 17 insertions(+), 11 deletions(-)

diff --git a/serverless/pytorch/dschoerk/transt/nuclio/model_handler.py b/serverless/pytorch/dschoerk/transt/nuclio/model_handler.py
index 826cdef55431..43c8ce37e739 100644
--- a/serverless/pytorch/dschoerk/transt/nuclio/model_handler.py
+++ b/serverless/pytorch/dschoerk/transt/nuclio/model_handler.py
@@ -18,20 +18,24 @@ def __init__(self):
         self.tracker = Tracker(name='transt', net=net, window_penalty=0.49, exemplar_size=128, instance_size=256)
 
     def decode_state(self, state):
-        self.tracker.net.net.zf = jsonpickle.decode(state['model.net.net.zf'])
-        self.tracker.net.net.pos_template = jsonpickle.decode(state['model.net.net.pos_template'])
+        # The server ensures that `state` is one of the values that the function itself
+        # has previously output. Therefore it should be safe to use jsonpickle.
+        decode = jsonpickle.decode  # nosec: B301
 
-        self.tracker.window = jsonpickle.decode(state['model.window'])
-        self.tracker.center_pos = jsonpickle.decode(state['model.center_pos'])
-        self.tracker.size = jsonpickle.decode(state['model.size'])
-        self.tracker.channel_average = jsonpickle.decode(state['model.channel_average'])
-        self.tracker.mean = jsonpickle.decode(state['model.mean'])
-        self.tracker.std = jsonpickle.decode(state['model.std'])
-        self.tracker.inplace = jsonpickle.decode(state['model.inplace'])
+        self.tracker.net.net.zf = decode(state['model.net.net.zf'])
+        self.tracker.net.net.pos_template = decode(state['model.net.net.pos_template'])
+
+        self.tracker.window = decode(state['model.window'])
+        self.tracker.center_pos = decode(state['model.center_pos'])
+        self.tracker.size = decode(state['model.size'])
+        self.tracker.channel_average = decode(state['model.channel_average'])
+        self.tracker.mean = decode(state['model.mean'])
+        self.tracker.std = decode(state['model.std'])
+        self.tracker.inplace = decode(state['model.inplace'])
 
         self.tracker.features_initialized = False
         if 'model.features_initialized' in state:
-            self.tracker.features_initialized = jsonpickle.decode(state['model.features_initialized'])
+            self.tracker.features_initialized = decode(state['model.features_initialized'])
 
     def encode_state(self):
         state = {}
diff --git a/serverless/pytorch/foolwood/siammask/nuclio/model_handler.py b/serverless/pytorch/foolwood/siammask/nuclio/model_handler.py
index 4c97c20cf9d9..4b2c9318f2db 100644
--- a/serverless/pytorch/foolwood/siammask/nuclio/model_handler.py
+++ b/serverless/pytorch/foolwood/siammask/nuclio/model_handler.py
@@ -37,7 +37,9 @@ def encode_state(self, state):
 
     def decode_state(self, state):
         for k,v in state.items():
-            state[k] = jsonpickle.decode(v)
+            # The server ensures that `state` is one of the values that the function itself
+            # has previously output. Therefore it should be safe to use jsonpickle.
+            state[k] = jsonpickle.decode(v)  # nosec: B301
 
         state['net'] = copy(self.siammask)
         state['net'].zf = state['net.zf']

From 862229f3182a7bb2adb19948029768dff8759297 Mon Sep 17 00:00:00 2001
From: Roman Donchenko <roman@cvat.ai>
Date: Tue, 28 Jan 2025 14:01:46 +0200
Subject: [PATCH 2/2] Fix pylint warnings in siammask

---
 .../pytorch/foolwood/siammask/nuclio/model_handler.py      | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/serverless/pytorch/foolwood/siammask/nuclio/model_handler.py b/serverless/pytorch/foolwood/siammask/nuclio/model_handler.py
index 4b2c9318f2db..70c411b3fbe6 100644
--- a/serverless/pytorch/foolwood/siammask/nuclio/model_handler.py
+++ b/serverless/pytorch/foolwood/siammask/nuclio/model_handler.py
@@ -2,11 +2,16 @@
 #
 # SPDX-License-Identifier: MIT
 
-from tools.test import *
 import os
 from copy import copy
+
 import jsonpickle
 import numpy as np
+import torch
+
+from tools.test import siamese_init, siamese_track
+from utils.config_helper import load_config
+from utils.load_helper import load_pretrain
 
 class ModelHandler:
     def __init__(self):