Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Release v2.26.1 #9016

Merged
merged 9 commits into from
Jan 29, 2025
Prev Previous commit
Next Next commit
Add bandit suppressions to tracker functions (#9004)
Now that GHSA-wq36-mxf8-hv62 is fixed, it is actually safe to use
jsonpickle in this context.
SpecLad authored Jan 28, 2025
commit fa0e3f1a3173a166591a9bfee3b74778ef8b380a
24 changes: 14 additions & 10 deletions serverless/pytorch/dschoerk/transt/nuclio/model_handler.py
Original file line number Diff line number Diff line change
@@ -18,20 +18,24 @@ def __init__(self):
self.tracker = Tracker(name='transt', net=net, window_penalty=0.49, exemplar_size=128, instance_size=256)

def decode_state(self, state):
self.tracker.net.net.zf = jsonpickle.decode(state['model.net.net.zf'])
self.tracker.net.net.pos_template = jsonpickle.decode(state['model.net.net.pos_template'])
# The server ensures that `state` is one of the values that the function itself
# has previously output. Therefore it should be safe to use jsonpickle.
decode = jsonpickle.decode # nosec: B301

self.tracker.window = jsonpickle.decode(state['model.window'])
self.tracker.center_pos = jsonpickle.decode(state['model.center_pos'])
self.tracker.size = jsonpickle.decode(state['model.size'])
self.tracker.channel_average = jsonpickle.decode(state['model.channel_average'])
self.tracker.mean = jsonpickle.decode(state['model.mean'])
self.tracker.std = jsonpickle.decode(state['model.std'])
self.tracker.inplace = jsonpickle.decode(state['model.inplace'])
self.tracker.net.net.zf = decode(state['model.net.net.zf'])
self.tracker.net.net.pos_template = decode(state['model.net.net.pos_template'])

self.tracker.window = decode(state['model.window'])
self.tracker.center_pos = decode(state['model.center_pos'])
self.tracker.size = decode(state['model.size'])
self.tracker.channel_average = decode(state['model.channel_average'])
self.tracker.mean = decode(state['model.mean'])
self.tracker.std = decode(state['model.std'])
self.tracker.inplace = decode(state['model.inplace'])

self.tracker.features_initialized = False
if 'model.features_initialized' in state:
self.tracker.features_initialized = jsonpickle.decode(state['model.features_initialized'])
self.tracker.features_initialized = decode(state['model.features_initialized'])

def encode_state(self):
state = {}
11 changes: 9 additions & 2 deletions serverless/pytorch/foolwood/siammask/nuclio/model_handler.py
Original file line number Diff line number Diff line change
@@ -2,11 +2,16 @@
#
# SPDX-License-Identifier: MIT

from tools.test import *
import os
from copy import copy

import jsonpickle
import numpy as np
import torch

from tools.test import siamese_init, siamese_track
from utils.config_helper import load_config
from utils.load_helper import load_pretrain

class ModelHandler:
def __init__(self):
@@ -37,7 +42,9 @@ def encode_state(self, state):

def decode_state(self, state):
for k,v in state.items():
state[k] = jsonpickle.decode(v)
# The server ensures that `state` is one of the values that the function itself
# has previously output. Therefore it should be safe to use jsonpickle.
state[k] = jsonpickle.decode(v) # nosec: B301

state['net'] = copy(self.siammask)
state['net'].zf = state['net.zf']

Unchanged files with check annotations Beta

ARG http_proxy
ARG https_proxy
ARG no_proxy="nuclio,${no_proxy}"

Check warning on line 97 in Dockerfile

GitHub Actions / build

Variables should be defined before their use

UndefinedVar: Usage of undefined variable '$no_proxy' More info: https://docs.docker.com/go/dockerfile/rule/undefined-var/

Check warning on line 97 in Dockerfile

GitHub Actions / Caching_CVAT

Variables should be defined before their use

UndefinedVar: Usage of undefined variable '$no_proxy' More info: https://docs.docker.com/go/dockerfile/rule/undefined-var/

Check warning on line 97 in Dockerfile

GitHub Actions / build

Variables should be defined before their use

UndefinedVar: Usage of undefined variable '$no_proxy' More info: https://docs.docker.com/go/dockerfile/rule/undefined-var/
ARG socks_proxy
ARG TZ="Etc/UTC"
# Add a non-root user
ENV USER=${USER}
ENV HOME /home/${USER}

Check warning on line 149 in Dockerfile

GitHub Actions / build

Legacy key/value format with whitespace separator should not be used

LegacyKeyValueFormat: "ENV key=value" should be used instead of legacy "ENV key value" format More info: https://docs.docker.com/go/dockerfile/rule/legacy-key-value-format/

Check warning on line 149 in Dockerfile

GitHub Actions / Caching_CVAT

Legacy key/value format with whitespace separator should not be used

LegacyKeyValueFormat: "ENV key=value" should be used instead of legacy "ENV key value" format More info: https://docs.docker.com/go/dockerfile/rule/legacy-key-value-format/

Check warning on line 149 in Dockerfile

GitHub Actions / build

Legacy key/value format with whitespace separator should not be used

LegacyKeyValueFormat: "ENV key=value" should be used instead of legacy "ENV key value" format More info: https://docs.docker.com/go/dockerfile/rule/legacy-key-value-format/
RUN adduser --shell /bin/bash --disabled-password --gecos "" ${USER}
ARG CLAM_AV="no"
ARG UI_APP_CONFIG
ARG CLIENT_PLUGINS
ARG DISABLE_SOURCE_MAPS
ARG SOURCE_MAPS_TOKEN

Check warning on line 30 in Dockerfile.ui

GitHub Actions / build

Sensitive data should not be used in the ARG or ENV commands

SecretsUsedInArgOrEnv: Do not use ARG or ENV instructions for sensitive data (ARG "SOURCE_MAPS_TOKEN") More info: https://docs.docker.com/go/dockerfile/rule/secrets-used-in-arg-or-env/

Check warning on line 30 in Dockerfile.ui

GitHub Actions / Caching_CVAT

Sensitive data should not be used in the ARG or ENV commands

SecretsUsedInArgOrEnv: Do not use ARG or ENV instructions for sensitive data (ARG "SOURCE_MAPS_TOKEN") More info: https://docs.docker.com/go/dockerfile/rule/secrets-used-in-arg-or-env/

Check warning on line 30 in Dockerfile.ui

GitHub Actions / build

Sensitive data should not be used in the ARG or ENV commands

SecretsUsedInArgOrEnv: Do not use ARG or ENV instructions for sensitive data (ARG "SOURCE_MAPS_TOKEN") More info: https://docs.docker.com/go/dockerfile/rule/secrets-used-in-arg-or-env/
RUN CLIENT_PLUGINS="${CLIENT_PLUGINS}" \
DISABLE_SOURCE_MAPS="${DISABLE_SOURCE_MAPS}" \