The following issues were found
android/test_app/make_assets_custom.py
3 issues
Line: 7
Column: 1
build script to create a tailored build which only contains these used ops.
"""
import torch
import torchvision
import yaml
# Download and trace the model.
model = torchvision.models.mobilenet_v2(pretrained=True)
Reported by Pylint.
Line: 8
Column: 1
"""
import torch
import torchvision
import yaml
# Download and trace the model.
model = torchvision.models.mobilenet_v2(pretrained=True)
model.eval()
Reported by Pylint.
Line: 15
Column: 3
model = torchvision.models.mobilenet_v2(pretrained=True)
model.eval()
example = torch.rand(1, 3, 224, 224)
# TODO: create script model with `torch.jit.script`
traced_script_module = torch.jit.trace(model, example)
# Save traced TorchScript model.
traced_script_module.save("MobileNetV2.pt")
Reported by Pylint.
aten/src/ATen/core/register_symbols.cpp
3 issues
Line: 16
Column: 30
CWE codes:
126
std::string qual_name_for_entry(const Entry& entry) {
const char *const sep = "::";
const auto namespace_len = strlen(entry.namespace_);
const auto sep_len = strlen(sep);
const auto unqual_name_len = strlen(entry.unqual_name);
std::string s;
s.reserve(namespace_len + sep_len + unqual_name_len);
s.append(entry.namespace_, namespace_len);
Reported by FlawFinder.
Line: 17
Column: 24
CWE codes:
126
std::string qual_name_for_entry(const Entry& entry) {
const char *const sep = "::";
const auto namespace_len = strlen(entry.namespace_);
const auto sep_len = strlen(sep);
const auto unqual_name_len = strlen(entry.unqual_name);
std::string s;
s.reserve(namespace_len + sep_len + unqual_name_len);
s.append(entry.namespace_, namespace_len);
s.append(sep, sep_len);
Reported by FlawFinder.
Line: 18
Column: 32
CWE codes:
126
const char *const sep = "::";
const auto namespace_len = strlen(entry.namespace_);
const auto sep_len = strlen(sep);
const auto unqual_name_len = strlen(entry.unqual_name);
std::string s;
s.reserve(namespace_len + sep_len + unqual_name_len);
s.append(entry.namespace_, namespace_len);
s.append(sep, sep_len);
s.append(entry.unqual_name, unqual_name_len);
Reported by FlawFinder.
caffe2/core/db.cc
3 issues
Line: 136
Column: 17
CWE codes:
362
MiniDB(const string& source, Mode mode) : DB(source, mode), file_(nullptr) {
switch (mode) {
case NEW:
file_ = fopen(source.c_str(), "wb");
break;
case WRITE:
file_ = fopen(source.c_str(), "ab");
fseek(file_, 0, SEEK_END);
break;
Reported by FlawFinder.
Line: 139
Column: 17
CWE codes:
362
file_ = fopen(source.c_str(), "wb");
break;
case WRITE:
file_ = fopen(source.c_str(), "ab");
fseek(file_, 0, SEEK_END);
break;
case READ:
file_ = fopen(source.c_str(), "rb");
break;
Reported by FlawFinder.
Line: 143
Column: 17
CWE codes:
362
fseek(file_, 0, SEEK_END);
break;
case READ:
file_ = fopen(source.c_str(), "rb");
break;
}
CAFFE_ENFORCE(file_, "Cannot open file: " + source);
VLOG(1) << "Opened MiniDB " << source;
}
Reported by FlawFinder.
aten/src/ATen/native/TensorAdvancedIndexing.cpp
3 issues
Line: 846
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
auto src = src_base + batch * src_batch_bytesize + idx * block_bytesize;
auto dst = out + batch * gathered_batch_bytesize + i * block_bytesize;
memcpy(dst, src, block_bytesize);
}
}
}
});
return result_contig;
Reported by FlawFinder.
Line: 954
Column: 15
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
TORCH_CHECK_INDEX((self_i >= 0) && (self_i < self_dim_size), "index out of range in self");
auto self_data = static_cast<char*>(selfSlice_data) + self_i * self_stride_bytes;
auto result_data = static_cast<char*>(resultSlice_data) + i * result_stride_bytes;
memcpy(result_data, self_data, slice_size_bytes);
}
});
});
} else {
at::parallel_for(0, numel, grain_size / slice_size, outer_loop);
Reported by FlawFinder.
Line: 594
Column: 13
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
sourceSlicedSizes.erase(sourceSlicedSizes.begin() + dim);
}
if (selfSlicedSizes.size() != sourceSlicedSizes.size() ||
!std::equal(selfSlicedSizes.begin(), selfSlicedSizes.end(),
sourceSlicedSizes.begin())) {
std::stringstream ss;
ss << "index_copy_(): Source/destination tensor must have same slice shapes. ";
ss << "Destination slice shape: " << selfSlicedSizes << " at dimension " << dim;
ss << " and source slice shape: " << sourceSlicedSizes << " at dimension 0.";
Reported by FlawFinder.
aten/src/ATen/core/dispatch/Dispatcher.cpp
3 issues
Line: 52
Column: 31
CWE codes:
120
20
}
c10::optional<OperatorHandle> Dispatcher::findOp(const OperatorName& overload_name) {
return operatorLookupTable_.read([&] (const ska::flat_hash_map<OperatorName, OperatorHandle>& operatorLookupTable) -> c10::optional<OperatorHandle> {
auto found = operatorLookupTable.find(overload_name);
if (found == operatorLookupTable.end()) {
return c10::nullopt;
}
return found->second;
Reported by FlawFinder.
Line: 91
Column: 31
CWE codes:
120
20
}
const std::vector<OperatorName> Dispatcher::getAllOpNames() {
return operatorLookupTable_.read([&] (const ska::flat_hash_map<OperatorName, OperatorHandle>& operatorLookupTable) -> std::vector<OperatorName> {
std::vector<OperatorName> allOpNames;
for (const auto& op : operatorLookupTable) {
allOpNames.push_back(op.first);
}
return allOpNames;
Reported by FlawFinder.
Line: 315
Column: 31
CWE codes:
120
20
}
std::vector<OperatorHandle> Dispatcher::findDanglingImpls() const {
return operatorLookupTable_.read([&] (const ska::flat_hash_map<OperatorName, OperatorHandle>& operatorLookupTable) -> std::vector<OperatorHandle> {
std::vector<OperatorHandle> opsWithDanglingImpls;
for (const auto& op : operatorLookupTable) {
if (!op.second.hasSchema()) {
opsWithDanglingImpls.push_back(op.second);
}
Reported by FlawFinder.
caffe2/python/layers/reservoir_sampling.py
3 issues
Line: 1
Column: 1
## @package reservoir_sampling
# Module caffe2.python.layers.reservoir_sampling
from caffe2.python import core, schema
from caffe2.python.layers.layers import ModelLayer
Reported by Pylint.
Line: 22
Column: 9
def __init__(self, model, input_record, num_to_collect,
name='reservoir_sampling', **kwargs):
super(ReservoirSampling, self).__init__(
model, name, input_record, **kwargs)
assert num_to_collect > 0
self.num_to_collect = num_to_collect
self.reservoir = self.create_param(
Reported by Pylint.
Line: 24
Suggestion:
https://bandit.readthedocs.io/en/latest/plugins/b101_assert_used.html
name='reservoir_sampling', **kwargs):
super(ReservoirSampling, self).__init__(
model, name, input_record, **kwargs)
assert num_to_collect > 0
self.num_to_collect = num_to_collect
self.reservoir = self.create_param(
param_name='reservoir',
shape=[0],
Reported by Bandit.
c10/core/Scalar.h
3 issues
Line: 100
Column: 8
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
template <
typename T,
typename std::enable_if<!c10::is_complex<T>::value, int>::type = 0>
bool equal(T num) const {
if (isComplex()) {
auto val = v.z;
return (val.real() == num) && (val.imag() == T());
} else if (isFloatingPoint()) {
return v.d == num;
Reported by FlawFinder.
Line: 117
Column: 8
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
template <
typename T,
typename std::enable_if<c10::is_complex<T>::value, int>::type = 0>
bool equal(T num) const {
if (isComplex()) {
return v.z == num;
} else if (isFloatingPoint()) {
return (v.d == num.real()) && (num.imag() == T());
} else if (isIntegral(/*includeBool=*/false)) {
Reported by FlawFinder.
Line: 130
Column: 8
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
}
}
bool equal(bool num) const {
if (isBoolean()) {
return static_cast<bool>(v.i) == num;
} else {
return false;
}
Reported by FlawFinder.
aten/src/ATen/core/aten_interned_strings.h
3 issues
Line: 587
Column: 9
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
_(aten, randint_like) \
_(aten, randn) \
_(aten, randn_like) \
_(aten, random) \
_(aten, randperm) \
_(aten, range) \
_(aten, ravel) \
_(aten, reciprocal) \
_(aten, reflection_pad1d) \
Reported by FlawFinder.
Line: 789
Column: 9
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
_(attr, alpha) \
_(attr, anchor) \
_(attr, argmaxes) \
_(attr, atol) \
_(attr, b_hh) \
_(attr, b_ih) \
_(attr, bag_size) \
_(attr, base) \
_(attr, batch1) \
Reported by FlawFinder.
Line: 325
Column: 9
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
_(aten, empty_strided) \
_(aten, special_entr) \
_(aten, eq) \
_(aten, equal) \
_(aten, exp) \
_(aten, expand) \
_(aten, expand_as) \
_(aten, exponential) \
_(aten, eye) \
Reported by FlawFinder.
aten/src/ATen/core/DistributionsHelper.h
3 issues
Line: 55
Column: 64
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
{
return transformation::uniform_int_from_to<T>(generator->random64(), range_, base_);
} else {
return transformation::uniform_int_from_to<T>(generator->random(), range_, base_);
}
}
private:
uint64_t range_;
Reported by FlawFinder.
Line: 89
Column: 56
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
if (std::is_same<T, double>::value || std::is_same<T, int64_t>::value) {
return transformation::uniform_int<T>(generator->random64());
} else {
return transformation::uniform_int<T>(generator->random());
}
}
};
Reported by FlawFinder.
Line: 113
Column: 57
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
if(std::is_same<T, double>::value) {
return transformation::uniform_real<T>(generator->random64(), from_, to_);
} else {
return transformation::uniform_real<T>(generator->random(), from_, to_);
}
}
private:
T from_;
Reported by FlawFinder.
.circleci/cimodel/data/simple/anaconda_prune_defintions.py
3 issues
Line: 1
Column: 1
from collections import OrderedDict
from cimodel.data.simple.util.branch_filters import gen_filter_dict
from cimodel.lib.miniutils import quote
CHANNELS_TO_PRUNE = ["pytorch-nightly", "pytorch-test"]
PACKAGES_TO_PRUNE = "pytorch torchvision torchaudio torchtext ignite torchcsprng"
Reported by Pylint.
Line: 11
Column: 1
PACKAGES_TO_PRUNE = "pytorch torchvision torchaudio torchtext ignite torchcsprng"
def gen_workflow_job(channel: str):
return OrderedDict(
{
"anaconda_prune": OrderedDict(
{
"name": f"anaconda-prune-{channel}",
Reported by Pylint.
Line: 27
Column: 1
)
def get_workflow_jobs():
return [gen_workflow_job(channel) for channel in CHANNELS_TO_PRUNE]
Reported by Pylint.