Browse Source
chore(api): enhance ruff rules to disallow dangerous functions and modules (#16461)
tags/1.1.2
QuantumGhost
7 months ago
2 changed files with 7 additions and 1 deletions
+ 6
- 0
api/.ruff.toml
View File
| @@ -37,6 +37,12 @@ select = [ | |||
| "UP", # pyupgrade rules | |||
| "W191", # tab-indentation | |||
| "W605", # invalid-escape-sequence | |||
| # security related linting rules | |||
| # RCE proctection (sort of) | |||
| "S102", # exec-builtin, disallow use of `exec` | |||
| "S307", # suspicious-eval-usage, disallow use of `eval` and `ast.literal_eval` | |||
| "S301", # suspicious-pickle-usage, disallow use of `pickle` and its wrappers. | |||
| "S302", # suspicious-marshal-usage, disallow use of `marshal` module | |||
| ] | |||
| ignore = [ | |||
+ 1
- 1
api/models/dataset.py
View File
| @@ -910,7 +910,7 @@ class Embedding(db.Model): # type: ignore[name-defined] | |||
| self.embedding = pickle.dumps(embedding_data, protocol=pickle.HIGHEST_PROTOCOL) | |||
| def get_embedding(self) -> list[float]: | |||
| return cast(list[float], pickle.loads(self.embedding)) | |||
| return cast(list[float], pickle.loads(self.embedding)) # noqa: S301 | |||
| class DatasetCollectionBinding(db.Model): # type: ignore[name-defined] | |||
Loading…