ipex-llm icon indicating copy to clipboard operation
ipex-llm copied to clipboard

Published 20 hours ago verified publisher icon intel-analytics

fix cmd injection

Open zhentaocc opened this issue 1 year ago • 1 comments

Description

Fix command injection during model conversion: Details: the system passes user-supplied input directly to exec(), eval(), and os.system() methods without validation, which could result in command injection.

1. Why the change?

Fix command injection during model conversion

2. User API changes

N/A

3. Summary of the change

use subprocess.checkoutput instead of os.system.

4. How to test?

  • [ ] Unit test

zhentaocc avatar Sep 01 '22 03:09 zhentaocc

just found this PR......, we definitely need to merge this. @zhentaocc do you have any changes need to do on this PR? I will merge it tomorrow.

TheaperDeng avatar Sep 20 '22 13:09 TheaperDeng

@hjzin any comments about this PR? I will merge it today if you are ok with it.

TheaperDeng avatar Sep 26 '22 06:09 TheaperDeng

@hjzin any comments about this PR? I will merge it today if you are ok with it.

nothing to update, you can merge it.

hjzin avatar Sep 26 '22 06:09 hjzin