fix(security): avoid torch import-hijack in PyTorch ZIP CVE checks#728
fix(security): avoid torch import-hijack in PyTorch ZIP CVE checks#728mldangelo-oai merged 2 commits intomainfrom
Conversation
|
Warning Rate limit exceeded
⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Repository UI Review profile: ASSERTIVE Plan: Pro Run ID: 📒 Files selected for processing (2)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 7636cc9a1f
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| torch_module = sys.modules.get("torch") | ||
| if torch_module is None: | ||
| return None |
There was a problem hiding this comment.
Return value now depends on torch already being present in sys.modules. In normal scanner runs, torch is often installed but not imported, so this returns None. That causes _select_pytorch_version_for_check() to ignore vulnerable local runtimes (or skip version-gated CVE checks when metadata is missing), creating false negatives in security detection.
Useful? React with 👍 / 👎.
Remove any preloaded torch module from sys.modules in the import-guard test so it verifies the scanner does not import torch, independent of CI environment state. Co-authored-by: Codex <noreply@openai.com>
1 participant
Motivation
torchduring scans which allowed import-hijack execution if an attacker placed a malicioustorch.pyonsys.pathor in the working directory.Description
PyTorchZipScanner._get_installed_pytorch_versionto avoidimport torchand instead readtorch.__version__only fromsys.moduleswhentorchis already imported.test_get_installed_pytorch_version_does_not_import_torchintests/scanners/test_pytorch_zip_scanner.pythat verifies the helper does not trigger atorchimport (monkeypatches__import__).modelaudit/scanners/pytorch_zip_scanner.pyandtests/scanners/test_pytorch_zip_scanner.py.Testing
uv run pytest tests/scanners/test_pytorch_zip_scanner.pyand all related tests passed (44 passed).uv run ruff format modelaudit/ tests/anduv run ruff check --fix modelaudit/ tests/which succeeded with no changes required.uv run mypy modelaudit/which reported no issues.uv run pytest -n auto -m "not slow and not integration" --maxfail=1, which mostly passed but aborted due to an unrelated environment-sensitive test failure (tests/utils/helpers/test_secure_hasher.py::TestErrorHandling::test_hash_permission_denied), and is not tied to this change.Codex Task