spopt icon indicating copy to clipboard operation
spopt copied to clipboard

Published 20 hours ago verified publisher icon pysal

input is not sanitised before it is used

Open ljwolf opened this issue 7 years ago • 3 comments

I'm not running checks on the input, nor casting input to an array in the Spanning_Tree clusterer.

ljwolf avatar Oct 31 '18 10:10 ljwolf

@ljwolf Any update on this?

jGaboardi avatar Aug 05 '21 17:08 jGaboardi

Nope. A simple "asarray" would do it I think.

ljwolf avatar Aug 05 '21 18:08 ljwolf

@ljwolf Is this from within skater.Skater()? I can't find anything defined as Spanning_Tree within spopt. If it is, doesn't the .values property automatically convert to a numpy.array in data?:

def solve(self):
    data = self.gdf
    X = data[self.attrs_name].values
    model = SpanningForest(**self.spanning_forest_kwds)
    model.fit(
        self.n_clusters,
        self.w,
        data=X,
        quorum=self.floor,
        trace=self.trace,
        islands=self.islands,
    )

jGaboardi avatar Aug 05 '21 20:08 jGaboardi

@sjsrey Any thoughts here? This seems like it would be an easy issue to close out, but I'm not sure where it was happening before.

jGaboardi avatar Dec 24 '22 01:12 jGaboardi

Using the .values is fine! I think I filed this before the new api

ljwolf avatar Dec 24 '22 19:12 ljwolf

OK, awesome. Thanks for the feedback @ljwolf! I'll go ahead and close this then. Also, happy holidays!

jGaboardi avatar Dec 24 '22 19:12 jGaboardi