The following issues were found

torch/nn/quantizable/__init__.py
2 issues
Unable to import '__init__.modules'
Error

Line: 1 Column: 1 

              from .modules import *  # noqa: F403

Reported by Pylint.

Missing module docstring
Error

Line: 1 Column: 1 

              from .modules import *  # noqa: F403

Reported by Pylint.

torch/nn/intrinsic/qat/__init__.py
2 issues
Unable to import '__init__.modules'
Error

Line: 1 Column: 1 

              from .modules import *  # noqa: F403

Reported by Pylint.

Missing module docstring
Error

Line: 1 Column: 1 

              from .modules import *  # noqa: F403

Reported by Pylint.

torch/quantization/fx/quantization_types.py
2 issues
TODO(future PR): improve this.
Error

Line: 7 Column: 3 

              
# This is the Quantizer class instance from torch/quantization/fx/quantize.py.
# Define separately to prevent circular imports.
# TODO(future PR): improve this.
QuantizerCls = Any

Reported by Pylint.

Missing module docstring
Error

Line: 1 Column: 1 

              from typing import Any, Callable, Tuple, Union

Pattern = Union[Callable, Tuple[Callable, Callable], Tuple[Callable, Callable, Callable]]

# This is the Quantizer class instance from torch/quantization/fx/quantize.py.
# Define separately to prevent circular imports.
# TODO(future PR): improve this.
QuantizerCls = Any

Reported by Pylint.

torch/fx/experimental/unification/dispatch.py
2 issues
Attempted relative import beyond top-level package
Error

Line: 2 Column: 1 

              from functools import partial
from .multipledispatch import dispatch  # type: ignore[import]

namespace = dict()  # type: ignore[var-annotated]

dispatch = partial(dispatch, namespace=namespace)

Reported by Pylint.

Missing module docstring
Error

Line: 1 Column: 1 

              from functools import partial
from .multipledispatch import dispatch  # type: ignore[import]

namespace = dict()  # type: ignore[var-annotated]

dispatch = partial(dispatch, namespace=namespace)

Reported by Pylint.

torch/utils/model_dump/__main__.py
2 issues
Attempted relative import beyond top-level package
Error

Line: 3 Column: 1 

              #!/usr/bin/env python3
import sys
from . import main

sys.exit(main(sys.argv))

Reported by Pylint.

Missing module docstring
Error

Line: 1 Column: 1 

              #!/usr/bin/env python3
import sys
from . import main

sys.exit(main(sys.argv))

Reported by Pylint.

test/cpp/c10d/ProcessGroupNCCLTest.cpp
2 issues
getenv - Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once
Security

Line: 530 Column: 25 CWE codes: 807 20
Suggestion: Check environment variables carefully before using them 

                void SetUp() override {
    // Use WORLD_SIZE and RANK environmental variables to do multi-node
    // distributed testing
    auto sizeEnv = std::getenv("WORLD_SIZE");
    auto rankEnv = std::getenv("RANK");

    if (sizeEnv && rankEnv) {
      size_ = std::stoi(std::string(sizeEnv));
      rank_ = std::stoi(std::string(rankEnv));

Reported by FlawFinder.

getenv - Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once
Security

Line: 531 Column: 25 CWE codes: 807 20
Suggestion: Check environment variables carefully before using them 

                  // Use WORLD_SIZE and RANK environmental variables to do multi-node
    // distributed testing
    auto sizeEnv = std::getenv("WORLD_SIZE");
    auto rankEnv = std::getenv("RANK");

    if (sizeEnv && rankEnv) {
      size_ = std::stoi(std::string(sizeEnv));
      rank_ = std::stoi(std::string(rankEnv));
    }

Reported by FlawFinder.

test/cpp/c10d/ProcessGroupMPITest.cpp
2 issues
execl - This causes a new program to execute and is difficult to use safely
Security

Line: 360 Column: 5 CWE codes: 78
Suggestion: try using a library call that implements the same functionality if available 

                // If we are within an openmpi mpirun, then skip the exec
  if (!std::getenv("OMPI_COMM_WORLD_SIZE")) {
    std::cout << "Execute mpiexec from: " << STR(MPIEXEC) << std::endl;
    execl(STR(MPIEXEC), "-np 2", argv[0], (char*)nullptr);
  }

  testAllreduce();
  testBroadcast();
  testReduce();

Reported by FlawFinder.

getenv - Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once
Security

Line: 358 Column: 13 CWE codes: 807 20
Suggestion: Check environment variables carefully before using them 

              int main(int argc, char** argv) {
#ifdef MPIEXEC
  // If we are within an openmpi mpirun, then skip the exec
  if (!std::getenv("OMPI_COMM_WORLD_SIZE")) {
    std::cout << "Execute mpiexec from: " << STR(MPIEXEC) << std::endl;
    execl(STR(MPIEXEC), "-np 2", argv[0], (char*)nullptr);
  }

  testAllreduce();

Reported by FlawFinder.

test/cpp/api/functional.cpp
2 issues
equal - Function does not check the second iterator for over-read conditions
Security

Line: 167 Column: 22 CWE codes: 126
Suggestion: This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it 

                ASSERT_EQ(y.sizes(), std::vector<int64_t>({2, 2, 2}));

  auto y_with_indices = F::fractional_max_pool2d_with_indices(x, F::FractionalMaxPool2dFuncOptions(3).output_size(2));
  ASSERT_TRUE(torch::equal(y, std::get<0>(y_with_indices)));
  ASSERT_TRUE(torch::allclose(
    std::get<1>(y_with_indices),
    torch::tensor({{{ 0,  2},
                    {10, 12}},
                   {{ 0,  2},

Reported by FlawFinder.

equal - Function does not check the second iterator for over-read conditions
Security

Line: 186 Column: 22 CWE codes: 126
Suggestion: This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it 

                ASSERT_EQ(y.sizes(), std::vector<int64_t>({2, 2, 2, 2}));

  auto y_with_indices = F::fractional_max_pool3d_with_indices(x, F::FractionalMaxPool3dFuncOptions(3).output_size(2));
  ASSERT_TRUE(torch::equal(y, std::get<0>(y_with_indices)));
  ASSERT_TRUE(torch::allclose(
    std::get<1>(y_with_indices),
    torch::tensor({{{{ 0,  2},
                     {10, 12}},
                    {{50, 52},

Reported by FlawFinder.

test/cpp/c10d/FileStoreTest.cpp
2 issues
getenv - Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once
Security

Line: 23 Column: 24 CWE codes: 807 20
Suggestion: Check environment variables carefully before using them 

              }
#else
std::string tmppath() {
  const char* tmpdir = getenv("TMPDIR");
  if (tmpdir == nullptr) {
    tmpdir = "/tmp";
  }

  // Create template

Reported by FlawFinder.

mkstemp - Potential for temporary file vulnerability in some circumstances. Some older Unix-like systems create temp files with permission to write by all by default, so be sure to set the umask to override this. Also, some older Unix systems might fail to use O_EXCL when opening the file, so make sure that O_EXCL is used by the library
Security

Line: 34 Column: 13 CWE codes: 377 

                tmp.resize(len);

  // Create temporary file
  auto fd = mkstemp(&tmp[0]);
  if (fd == -1) {
    throw std::system_error(errno, std::system_category());
  }
  close(fd);
  return std::string(tmp.data(), tmp.size());

Reported by FlawFinder.

test/cpp/api/sequential.cpp
2 issues
equal - Function does not check the second iterator for over-read conditions
Security

Line: 260 Column: 45 CWE codes: 126
Suggestion: This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it 

              
  Sequential sequential(M{});
  auto variable = torch::ones({3, 3}, torch::requires_grad());
  ASSERT_TRUE(sequential->forward(variable).equal(variable));
}

TEST_F(SequentialTest, ForwardReturnsTheLastValue) {
  torch::manual_seed(0);
  Sequential sequential(Linear(10, 3), Linear(3, 5), Linear(5, 100));

Reported by FlawFinder.

equal - Function does not check the second iterator for over-read conditions
Security

Line: 336 Column: 20 CWE codes: 126
Suggestion: This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it 

              
  ASSERT_EQ(first.get(), second.get());
  ASSERT_EQ(first->size(), second->size());
  ASSERT_TRUE(std::equal(
      first->begin(),
      first->end(),
      second->begin(),
      [](const AnyModule& first, const AnyModule& second) {
        return &first == &second;

Reported by FlawFinder.