mirror of
https://github.com/oobabooga/text-generation-webui.git
synced 2024-11-23 00:18:20 +01:00
Merge pull request from GHSA-hv5m-3rp9-xcpf
* Remove eval of API input * Remove unnecessary eval/exec for security * Use ast.literal_eval * Use ast.literal_eval --------- Co-authored-by: oobabooga <112222186+oobabooga@users.noreply.github.com>
This commit is contained in:
parent
d2ea925fa5
commit
16a3a5b039
@ -1,3 +1,4 @@
|
|||||||
|
import ast
|
||||||
import base64
|
import base64
|
||||||
import copy
|
import copy
|
||||||
import io
|
import io
|
||||||
@ -81,7 +82,7 @@ def get_stopping_strings(state):
|
|||||||
stopping_strings = [f"\n{state['name1']}", f"\n{state['name2']}"]
|
stopping_strings = [f"\n{state['name1']}", f"\n{state['name2']}"]
|
||||||
else:
|
else:
|
||||||
stopping_strings = [f"\n{state['name1']}:", f"\n{state['name2']}:"]
|
stopping_strings = [f"\n{state['name1']}:", f"\n{state['name2']}:"]
|
||||||
stopping_strings += eval(f"[{state['custom_stopping_strings']}]")
|
stopping_strings += ast.literal_eval(f"[{state['custom_stopping_strings']}]")
|
||||||
return stopping_strings
|
return stopping_strings
|
||||||
|
|
||||||
|
|
||||||
|
@ -17,7 +17,7 @@ def load_extensions():
|
|||||||
print(f'Loading the extension "{name}"... ', end='')
|
print(f'Loading the extension "{name}"... ', end='')
|
||||||
try:
|
try:
|
||||||
exec(f"import extensions.{name}.script")
|
exec(f"import extensions.{name}.script")
|
||||||
extension = eval(f"extensions.{name}.script")
|
extension = getattr(extensions, name).script
|
||||||
if extension not in setup_called and hasattr(extension, "setup"):
|
if extension not in setup_called and hasattr(extension, "setup"):
|
||||||
setup_called.add(extension)
|
setup_called.add(extension)
|
||||||
extension.setup()
|
extension.setup()
|
||||||
@ -32,7 +32,7 @@ def load_extensions():
|
|||||||
def iterator():
|
def iterator():
|
||||||
for name in sorted(state, key=lambda x: state[x][1]):
|
for name in sorted(state, key=lambda x: state[x][1]):
|
||||||
if state[name][0]:
|
if state[name][0]:
|
||||||
yield eval(f"extensions.{name}.script"), name
|
yield getattr(extensions, name).script, name
|
||||||
|
|
||||||
|
|
||||||
# Extension functions that map string -> string
|
# Extension functions that map string -> string
|
||||||
|
@ -152,9 +152,9 @@ args_defaults = parser.parse_args([])
|
|||||||
# Deprecation warnings for parameters that have been renamed
|
# Deprecation warnings for parameters that have been renamed
|
||||||
deprecated_dict = {}
|
deprecated_dict = {}
|
||||||
for k in deprecated_dict:
|
for k in deprecated_dict:
|
||||||
if eval(f"args.{k}") != deprecated_dict[k][1]:
|
if getattr(args, k) != deprecated_dict[k][1]:
|
||||||
print(f"Warning: --{k} is deprecated and will be removed. Use --{deprecated_dict[k][0]} instead.")
|
print(f"Warning: --{k} is deprecated and will be removed. Use --{deprecated_dict[k][0]} instead.")
|
||||||
exec(f"args.{deprecated_dict[k][0]} = args.{k}")
|
setattr(args, deprecated_dict[k][0], getattr(args, k))
|
||||||
|
|
||||||
# Deprecation warnings for parameters that have been removed
|
# Deprecation warnings for parameters that have been removed
|
||||||
if args.cai_chat:
|
if args.cai_chat:
|
||||||
|
@ -1,3 +1,4 @@
|
|||||||
|
import ast
|
||||||
import random
|
import random
|
||||||
import re
|
import re
|
||||||
import time
|
import time
|
||||||
@ -192,7 +193,7 @@ def generate_reply(question, state, eos_token=None, stopping_strings=[]):
|
|||||||
|
|
||||||
# Handling the stopping strings
|
# Handling the stopping strings
|
||||||
stopping_criteria_list = transformers.StoppingCriteriaList()
|
stopping_criteria_list = transformers.StoppingCriteriaList()
|
||||||
for st in [stopping_strings, eval(f"[{state['custom_stopping_strings']}]")]:
|
for st in (stopping_strings, ast.literal_eval(f"[{state['custom_stopping_strings']}]")]):
|
||||||
if type(st) is list and len(st) > 0:
|
if type(st) is list and len(st) > 0:
|
||||||
sentinel_token_ids = [encode(string, add_special_tokens=False) for string in st]
|
sentinel_token_ids = [encode(string, add_special_tokens=False) for string in st]
|
||||||
stopping_criteria_list.append(_SentinelTokenStoppingCriteria(sentinel_token_ids=sentinel_token_ids, starting_idx=len(input_ids[0])))
|
stopping_criteria_list.append(_SentinelTokenStoppingCriteria(sentinel_token_ids=sentinel_token_ids, starting_idx=len(input_ids[0])))
|
||||||
|
12
server.py
12
server.py
@ -214,7 +214,7 @@ def update_model_parameters(state, initial=False):
|
|||||||
elif element == 'cpu_memory' and value is not None:
|
elif element == 'cpu_memory' and value is not None:
|
||||||
value = f"{value}MiB"
|
value = f"{value}MiB"
|
||||||
|
|
||||||
exec(f"shared.args.{element} = value")
|
setattr(shared.args, element, value)
|
||||||
|
|
||||||
found_positive = False
|
found_positive = False
|
||||||
for i in gpu_memories:
|
for i in gpu_memories:
|
||||||
@ -449,14 +449,14 @@ def set_interface_arguments(interface_mode, extensions, bool_active):
|
|||||||
|
|
||||||
shared.args.extensions = extensions
|
shared.args.extensions = extensions
|
||||||
for k in modes[1:]:
|
for k in modes[1:]:
|
||||||
exec(f"shared.args.{k} = False")
|
setattr(shared.args, k, False)
|
||||||
if interface_mode != "default":
|
if interface_mode != "default":
|
||||||
exec(f"shared.args.{interface_mode} = True")
|
setattr(shared.args, interface_mode, True)
|
||||||
|
|
||||||
for k in bool_list:
|
for k in bool_list:
|
||||||
exec(f"shared.args.{k} = False")
|
setattr(shared.args, k, False)
|
||||||
for k in bool_active:
|
for k in bool_active:
|
||||||
exec(f"shared.args.{k} = True")
|
setattr(shared.args, k, True)
|
||||||
|
|
||||||
shared.need_restart = True
|
shared.need_restart = True
|
||||||
|
|
||||||
@ -673,7 +673,7 @@ def create_interface():
|
|||||||
modes = ["default", "notebook", "chat", "cai_chat"]
|
modes = ["default", "notebook", "chat", "cai_chat"]
|
||||||
current_mode = "default"
|
current_mode = "default"
|
||||||
for mode in modes[1:]:
|
for mode in modes[1:]:
|
||||||
if eval(f"shared.args.{mode}"):
|
if getattr(shared.args, mode):
|
||||||
current_mode = mode
|
current_mode = mode
|
||||||
break
|
break
|
||||||
cmd_list = vars(shared.args)
|
cmd_list = vars(shared.args)
|
||||||
|
Loading…
Reference in New Issue
Block a user