mirror of
https://github.com/oobabooga/text-generation-webui.git
synced 2024-11-22 16:17:57 +01:00
Merge pull request from GHSA-hv5m-3rp9-xcpf
* Remove eval of API input * Remove unnecessary eval/exec for security * Use ast.literal_eval * Use ast.literal_eval --------- Co-authored-by: oobabooga <112222186+oobabooga@users.noreply.github.com>
This commit is contained in:
parent
d2ea925fa5
commit
16a3a5b039
@ -1,3 +1,4 @@
|
||||
import ast
|
||||
import base64
|
||||
import copy
|
||||
import io
|
||||
@ -81,7 +82,7 @@ def get_stopping_strings(state):
|
||||
stopping_strings = [f"\n{state['name1']}", f"\n{state['name2']}"]
|
||||
else:
|
||||
stopping_strings = [f"\n{state['name1']}:", f"\n{state['name2']}:"]
|
||||
stopping_strings += eval(f"[{state['custom_stopping_strings']}]")
|
||||
stopping_strings += ast.literal_eval(f"[{state['custom_stopping_strings']}]")
|
||||
return stopping_strings
|
||||
|
||||
|
||||
|
@ -17,7 +17,7 @@ def load_extensions():
|
||||
print(f'Loading the extension "{name}"... ', end='')
|
||||
try:
|
||||
exec(f"import extensions.{name}.script")
|
||||
extension = eval(f"extensions.{name}.script")
|
||||
extension = getattr(extensions, name).script
|
||||
if extension not in setup_called and hasattr(extension, "setup"):
|
||||
setup_called.add(extension)
|
||||
extension.setup()
|
||||
@ -32,7 +32,7 @@ def load_extensions():
|
||||
def iterator():
|
||||
for name in sorted(state, key=lambda x: state[x][1]):
|
||||
if state[name][0]:
|
||||
yield eval(f"extensions.{name}.script"), name
|
||||
yield getattr(extensions, name).script, name
|
||||
|
||||
|
||||
# Extension functions that map string -> string
|
||||
|
@ -152,9 +152,9 @@ args_defaults = parser.parse_args([])
|
||||
# Deprecation warnings for parameters that have been renamed
|
||||
deprecated_dict = {}
|
||||
for k in deprecated_dict:
|
||||
if eval(f"args.{k}") != deprecated_dict[k][1]:
|
||||
if getattr(args, k) != deprecated_dict[k][1]:
|
||||
print(f"Warning: --{k} is deprecated and will be removed. Use --{deprecated_dict[k][0]} instead.")
|
||||
exec(f"args.{deprecated_dict[k][0]} = args.{k}")
|
||||
setattr(args, deprecated_dict[k][0], getattr(args, k))
|
||||
|
||||
# Deprecation warnings for parameters that have been removed
|
||||
if args.cai_chat:
|
||||
|
@ -1,3 +1,4 @@
|
||||
import ast
|
||||
import random
|
||||
import re
|
||||
import time
|
||||
@ -192,7 +193,7 @@ def generate_reply(question, state, eos_token=None, stopping_strings=[]):
|
||||
|
||||
# Handling the stopping strings
|
||||
stopping_criteria_list = transformers.StoppingCriteriaList()
|
||||
for st in [stopping_strings, eval(f"[{state['custom_stopping_strings']}]")]:
|
||||
for st in (stopping_strings, ast.literal_eval(f"[{state['custom_stopping_strings']}]")]):
|
||||
if type(st) is list and len(st) > 0:
|
||||
sentinel_token_ids = [encode(string, add_special_tokens=False) for string in st]
|
||||
stopping_criteria_list.append(_SentinelTokenStoppingCriteria(sentinel_token_ids=sentinel_token_ids, starting_idx=len(input_ids[0])))
|
||||
|
12
server.py
12
server.py
@ -214,7 +214,7 @@ def update_model_parameters(state, initial=False):
|
||||
elif element == 'cpu_memory' and value is not None:
|
||||
value = f"{value}MiB"
|
||||
|
||||
exec(f"shared.args.{element} = value")
|
||||
setattr(shared.args, element, value)
|
||||
|
||||
found_positive = False
|
||||
for i in gpu_memories:
|
||||
@ -449,14 +449,14 @@ def set_interface_arguments(interface_mode, extensions, bool_active):
|
||||
|
||||
shared.args.extensions = extensions
|
||||
for k in modes[1:]:
|
||||
exec(f"shared.args.{k} = False")
|
||||
setattr(shared.args, k, False)
|
||||
if interface_mode != "default":
|
||||
exec(f"shared.args.{interface_mode} = True")
|
||||
setattr(shared.args, interface_mode, True)
|
||||
|
||||
for k in bool_list:
|
||||
exec(f"shared.args.{k} = False")
|
||||
setattr(shared.args, k, False)
|
||||
for k in bool_active:
|
||||
exec(f"shared.args.{k} = True")
|
||||
setattr(shared.args, k, True)
|
||||
|
||||
shared.need_restart = True
|
||||
|
||||
@ -673,7 +673,7 @@ def create_interface():
|
||||
modes = ["default", "notebook", "chat", "cai_chat"]
|
||||
current_mode = "default"
|
||||
for mode in modes[1:]:
|
||||
if eval(f"shared.args.{mode}"):
|
||||
if getattr(shared.args, mode):
|
||||
current_mode = mode
|
||||
break
|
||||
cmd_list = vars(shared.args)
|
||||
|
Loading…
Reference in New Issue
Block a user