Skip to content

Commit 1b88161

Browse files
felkerfelker
committed
Explicitly add allow_pickle=False (default) to all np.load() calls
Will change to True only for the calls that may possibly load trusted Pickles, not only generic .npz files. https://docs.scipy.org/doc/numpy/reference/generated/numpy.load.html Changed in version 1.16.3: Made default False in response to CVE-2019-6446. Reported by @Wouter-VDP via Slack on 2019-08-08.
1 parent 6563d66 commit 1b88161

File tree

8 files changed

+45
-74
lines changed

8 files changed

+45
-74
lines changed

examples/notebooks/Signal Influence.ipynb

Lines changed: 20 additions & 46 deletions
Original file line numberDiff line numberDiff line change
@@ -26,20 +26,16 @@
2626
{
2727
"cell_type": "code",
2828
"execution_count": 6,
29-
"metadata": {
30-
"collapsed": false
31-
},
29+
"metadata": {},
3230
"outputs": [],
3331
"source": [
34-
"dat = np.load('./temp_data/signal_influence/signal_influence_results_155191_2017-12-01-01-42-33.npz')"
32+
"dat = np.load('./temp_data/signal_influence/signal_influence_results_155191_2017-12-01-01-42-33.npz', allow_pickle=False)"
3533
]
3634
},
3735
{
3836
"cell_type": "code",
3937
"execution_count": 7,
40-
"metadata": {
41-
"collapsed": false
42-
},
38+
"metadata": {},
4339
"outputs": [
4440
{
4541
"name": "stdout",
@@ -60,9 +56,7 @@
6056
{
6157
"cell_type": "code",
6258
"execution_count": 8,
63-
"metadata": {
64-
"collapsed": false
65-
},
59+
"metadata": {},
6660
"outputs": [
6761
{
6862
"data": {
@@ -102,9 +96,7 @@
10296
{
10397
"cell_type": "code",
10498
"execution_count": 9,
105-
"metadata": {
106-
"collapsed": false
107-
},
99+
"metadata": {},
108100
"outputs": [
109101
{
110102
"data": {
@@ -139,9 +131,7 @@
139131
{
140132
"cell_type": "code",
141133
"execution_count": 17,
142-
"metadata": {
143-
"collapsed": false
144-
},
134+
"metadata": {},
145135
"outputs": [
146136
{
147137
"name": "stdout",
@@ -211,9 +201,7 @@
211201
{
212202
"cell_type": "code",
213203
"execution_count": 15,
214-
"metadata": {
215-
"collapsed": false
216-
},
204+
"metadata": {},
217205
"outputs": [
218206
{
219207
"data": {
@@ -315,15 +303,13 @@
315303
},
316304
"outputs": [],
317305
"source": [
318-
"dat = np.load('./temp_data/signal_influence/signal_influence_results_2017-11-30-20-13-39.npz')"
306+
"dat = np.load('./temp_data/signal_influence/signal_influence_results_2017-11-30-20-13-39.npz', allow_pickle=False)"
319307
]
320308
},
321309
{
322310
"cell_type": "code",
323311
"execution_count": 4,
324-
"metadata": {
325-
"collapsed": false
326-
},
312+
"metadata": {},
327313
"outputs": [],
328314
"source": [
329315
"y_gold = dat['y_gold']\n",
@@ -333,9 +319,7 @@
333319
{
334320
"cell_type": "code",
335321
"execution_count": 97,
336-
"metadata": {
337-
"collapsed": false
338-
},
322+
"metadata": {},
339323
"outputs": [
340324
{
341325
"data": {
@@ -362,9 +346,7 @@
362346
{
363347
"cell_type": "code",
364348
"execution_count": 18,
365-
"metadata": {
366-
"collapsed": false
367-
},
349+
"metadata": {},
368350
"outputs": [],
369351
"source": [
370352
"t_range = np.linspace(0,len(y_gold[0]),10,dtype=np.int)"
@@ -373,9 +355,7 @@
373355
{
374356
"cell_type": "code",
375357
"execution_count": 19,
376-
"metadata": {
377-
"collapsed": false
378-
},
358+
"metadata": {},
379359
"outputs": [
380360
{
381361
"data": {
@@ -395,9 +375,7 @@
395375
{
396376
"cell_type": "code",
397377
"execution_count": 95,
398-
"metadata": {
399-
"collapsed": false
400-
},
378+
"metadata": {},
401379
"outputs": [],
402380
"source": [
403381
"def difference_metric(y_prime,y_prime_orig):\n",
@@ -422,9 +400,7 @@
422400
{
423401
"cell_type": "code",
424402
"execution_count": 96,
425-
"metadata": {
426-
"collapsed": false
427-
},
403+
"metadata": {},
428404
"outputs": [],
429405
"source": [
430406
"differences = get_importance_measure(y_prime,difference_metric)"
@@ -433,9 +409,7 @@
433409
{
434410
"cell_type": "code",
435411
"execution_count": 24,
436-
"metadata": {
437-
"collapsed": false
438-
},
412+
"metadata": {},
439413
"outputs": [
440414
{
441415
"data": {
@@ -464,21 +438,21 @@
464438
],
465439
"metadata": {
466440
"kernelspec": {
467-
"display_name": "Python [conda root]",
441+
"display_name": "Python 3",
468442
"language": "python",
469-
"name": "conda-root-py"
443+
"name": "python3"
470444
},
471445
"language_info": {
472446
"codemirror_mode": {
473447
"name": "ipython",
474-
"version": 2
448+
"version": 3
475449
},
476450
"file_extension": ".py",
477451
"mimetype": "text/x-python",
478452
"name": "python",
479453
"nbconvert_exporter": "python",
480-
"pygments_lexer": "ipython2",
481-
"version": "2.7.12"
454+
"pygments_lexer": "ipython3",
455+
"version": "3.7.4"
482456
},
483457
"latex_envs": {
484458
"LaTeX_envs_menu_present": true,

plasma/conf_parser.py

Lines changed: 11 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -23,14 +23,15 @@ def parameters(input_file):
2323
base_path = output_path
2424

2525
params['paths']['base_path'] = base_path
26-
params['paths']['signal_prepath'] = base_path + \
27-
params['paths']['signal_prepath']
28-
params['paths']['shot_list_dir'] = base_path + \
29-
params['paths']['shot_list_dir']
26+
params['paths']['signal_prepath'] = (
27+
base_path + params['paths']['signal_prepath'])
28+
params['paths']['shot_list_dir'] = (
29+
base_path + params['paths']['shot_list_dir'])
3030
params['paths']['output_path'] = output_path
3131
h = get_unique_signal_hash(sig.all_signals.values())
32-
params['paths']['global_normalizer_path'] = output_path + \
33-
'/normalization/normalization_signal_group_{}.npz'.format(h)
32+
params['paths']['global_normalizer_path'] = (
33+
output_path
34+
+ '/normalization/normalization_signal_group_{}.npz'.format(h))
3435
if params['training']['hyperparam_tuning']:
3536
# params['paths']['saved_shotlist_path'] =
3637
# './normalization/shot_lists.npz'
@@ -44,12 +45,12 @@ def parameters(input_file):
4445
# '/normalization/shot_lists.npz'
4546
params['paths']['normalizer_path'] = (
4647
params['paths']['global_normalizer_path'])
47-
params['paths']['model_save_path'] = (
48-
output_path + '/model_checkpoints/')
48+
params['paths']['model_save_path'] = (output_path
49+
+ '/model_checkpoints/')
4950
params['paths']['csvlog_save_path'] = output_path + '/csv_logs/'
5051
params['paths']['results_prepath'] = output_path + '/results/'
51-
params['paths']['tensorboard_save_path'] = output_path + \
52-
params['paths']['tensorboard_save_path']
52+
params['paths']['tensorboard_save_path'] = (
53+
output_path + params['paths']['tensorboard_save_path'])
5354
params['paths']['saved_shotlist_path'] = (
5455
params['paths']['base_path'] + '/processed_shotlists/'
5556
+ params['paths']['data']

plasma/models/mpi_runner.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -670,7 +670,7 @@ def save_shotlists(conf, shot_list_train, shot_list_validate, shot_list_test):
670670

671671
def load_shotlists(conf):
672672
path = get_shot_list_path(conf)
673-
data = np.load(path)
673+
data = np.load(path, allow_pickle=False)
674674
shot_list_train = data['shot_list_train'][()]
675675
shot_list_validate = data['shot_list_validate'][()]
676676
shot_list_test = data['shot_list_test'][()]

plasma/models/shallow_runner.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -137,7 +137,7 @@ def process(self, shot):
137137
# print(X.shape, Y.shape)
138138
else:
139139
try:
140-
dat = np.load(save_path)
140+
dat = np.load(save_path, allow_pickle=False)
141141
# X, Y, disr = dat["X"], dat["Y"], dat["disr"][()]
142142
X = dat["X"]
143143
except BaseException:

plasma/preprocessor/normalize.py

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -185,7 +185,7 @@ def previously_saved_stats(self):
185185
if not os.path.isfile(self.path):
186186
return False, set([])
187187
else:
188-
dat = np.load(self.path, encoding="latin1")
188+
dat = np.load(self.path, encoding="latin1", allow_pickle=False)
189189
machines = dat['machines'][()]
190190
ret = all(
191191
[m in machines for m in self.conf['paths']['all_machines']])
@@ -292,7 +292,7 @@ def save_stats(self):
292292

293293
def load_stats(self):
294294
assert self.previously_saved_stats()[0], "stats not saved before"
295-
dat = np.load(self.path, encoding="latin1")
295+
dat = np.load(self.path, encoding="latin1", allow_pickle=False)
296296
self.means = dat['means'][()]
297297
self.stds = dat['stds'][()]
298298
self.num_processed = dat['num_processed'][()]
@@ -448,7 +448,7 @@ def save_stats(self):
448448

449449
def load_stats(self):
450450
assert(self.previously_saved_stats()[0])
451-
dat = np.load(self.path, encoding="latin1")
451+
dat = np.load(self.path, encoding="latin1", allow_pickle=False)
452452
self.minimums = dat['minimums'][()]
453453
self.maximums = dat['maximums'][()]
454454
self.num_processed = dat['num_processed'][()]

plasma/preprocessor/preprocess.py

Lines changed: 6 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -149,7 +149,7 @@ def get_shot_list_path(self):
149149

150150
def load_shotlists(self):
151151
path = self.get_shot_list_path()
152-
data = np.load(path, encoding="latin1")
152+
data = np.load(path, encoding="latin1", allow_pickle=False)
153153
shot_list_train = data['shot_list_train'][()]
154154
shot_list_validate = data['shot_list_validate'][()]
155155
shot_list_test = data['shot_list_test'][()]
@@ -159,18 +159,13 @@ def load_shotlists(self):
159159
return ShotList(shot_list_train), ShotList(
160160
shot_list_validate), ShotList(shot_list_test)
161161

162-
def save_shotlists(
163-
self,
164-
shot_list_train,
165-
shot_list_validate,
166-
shot_list_test):
162+
def save_shotlists(self, shot_list_train, shot_list_validate,
163+
shot_list_test):
167164
path = self.get_shot_list_path()
168165
mkdirdepth(path)
169-
np.savez(
170-
path,
171-
shot_list_train=shot_list_train,
172-
shot_list_validate=shot_list_validate,
173-
shot_list_test=shot_list_test)
166+
np.savez(path, shot_list_train=shot_list_train,
167+
shot_list_validate=shot_list_validate,
168+
shot_list_test=shot_list_test)
174169

175170

176171
def apply_bleed_in(conf, shot_list_train, shot_list_validate, shot_list_test):

plasma/primitives/shots.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -498,7 +498,7 @@ def get_save_path(self, prepath):
498498
def restore(self, prepath, light=False):
499499
assert self.previously_saved(prepath), 'shot was never saved'
500500
save_path = self.get_save_path(prepath)
501-
dat = np.load(save_path, encoding="latin1")
501+
dat = np.load(save_path, encoding="latin1", allow_pickle=False)
502502

503503
self.valid = dat['valid'][()]
504504
self.is_disruptive = dat['is_disruptive'][()]

plasma/utils/performance.py

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -364,7 +364,8 @@ def get_accuracy_and_fp_rate_from_stats(
364364
def load_ith_file(self):
365365
results_files = os.listdir(self.results_dir)
366366
print(results_files)
367-
dat = np.load(self.results_dir + results_files[self.i])
367+
dat = np.load(self.results_dir + results_files[self.i],
368+
allow_pickle=False)
368369
print("Loading results file {}".format(
369370
self.results_dir + results_files[self.i]))
370371

0 commit comments

Comments
 (0)