Skip to content

Insecure defaults in CosyVoice runtime paths (Must Read Before You Download The Code) #1828

@robinbakshi007

Description

@robinbakshi007

Describe the bug
CosyVoice contains several insecure-by-default behaviors in runtime/example code that can expose deployments to avoidable security risk:

  • Broad CORS (allow_origins=["*"]) in FastAPI runtime service.
  • TLS certificate validation disabled (verify=False) in reward client.
  • Remote dataset code execution enabled (trust_remote_code=True) in inference scripts.
  • Unsafe checkpoint deserialization (weights_only=False) in Triton model loaders.
  • Shell invocation in utility (os.system('sed ...')) where in-process file editing is safer.

Files in Questions

  • server.py
  • reward_tts.py
  • file_utils.py
  • streaming_inference.py
  • token2wav_dit.py
  • offline_inference.py
  • model.py

To Reproduce

  1. Go to runtime/python/fastapi/server.py and run the server with defaults.
  2. From any browser origin, call inference endpoints and observe permissive CORS behavior.
  3. Go to examples/grpo/cosyvoice2/reward_tts.py and run score request against a TLS endpoint with invalid cert.
  4. Observe request still proceeds due to verify=False.
  5. Go to runtime/triton_trtllm/streaming_inference.py (or offline_inference.py) and run dataset loading.
  6. Observe load_dataset(..., trust_remote_code=True) executes remote code if dataset defines it.
  7. Go to Triton model loaders and observe torch.load(..., weights_only=False) for spk2info.pt.

Expected behavior

  • Default CORS should be restricted (localhost or explicit allow-list).
  • TLS verification should be on by default.
  • trust_remote_code should be opt-in, not default.
  • Model loading should prefer weights_only=True when feasible.
  • Avoid shell command execution for local file edits.

## Screenshots
N/A (code-level security issue).

## Desktop (please complete the following information):

  • OS: macOS
  • Browser: Chrome
  • Version: latest

## Smartphone (please complete the following information):

  • Device: N/A
  • OS: MacOs
  • Browser: Chrome
  • Version: N/A

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions