Vulnerability Report:trust_remote_code param is enabled, causing unsafe execution of Python files

[kyo-w]

I think it's necessary to provide a security vulnerability report for the project https://github.com/lm-sys/FastChat/blob/main/fastchat/model/model_adapter.py#L108 tokenizer = AutoTokenizer.from_pretrained( model_path, use_fast=self.use_fast_tokenizer, revision=revision, trust_remote_code=True, ) There is a security risk in using the AutoTokenizer.from_pretrained function if 'trust_remote_code' is equal to True. When there is a tokenizer_config.json file in the model's project directory and the "auto_map" field in this file contains an array parameter that starts with the character value "AutoTokenizer", the function will try to parse the following values ​​of the array as Python files.

The attack effects are as follows