add pdsa-2022-002 (#47486) (#47526)

Author: VigiZhang

security/README.md

@@ -10,3 +10,4 @@ We regularly publish security advisories about using PaddlePaddle.
 | Advisory Number                              | Type                    | Versions affected | Reported by                           | Additional Information |
 |----------------------------------------------|-------------------------|:-----------------:|---------------------------------------|------------------------|
 | [PDSA-2022-001](./advisory/pdsa-2022-001.md) | OOB read in gather_tree |       < 2.4       | Wang Xuan(王旋) of Qihoo 360 AIVul Team |                        |
+| [PDSA-2022-002](./advisory/pdsa-2022-002.md) | Code injection in paddle.audio.functional.get_window | = 2.4.0-rc0 | Tong Liu of ShanghaiTech University |                        |

security/README_cn.md

@@ -7,6 +7,7 @@
 注：我们非常建议飞桨用户阅读和理解[SECURITY_cn.md](../SECURITY_cn.md)所介绍的飞桨安全模型，以便更好地了解此安全公告。
 
 
-| 安全公告编号                                          | 类型                      | 受影响版本 | 报告者                                   | 备注 |
-|-------------------------------------------------|-------------------------|:-----:|---------------------------------------| ----------------------|
-| [PDSA-2022-001](./advisory/pdsa-2022-001_cn.md) | OOB read in gather_tree | < 2.4 | Wang Xuan(王旋) of Qihoo 360 AIVul Team |  |
+| 安全公告编号                                          | 类型                      | 受影响版本 | 报告者                                   | 备注  |
+|-------------------------------------------------|-------------------------|:-----:|---------------------------------------|-----|
+| [PDSA-2022-001](./advisory/pdsa-2022-001_cn.md) | OOB read in gather_tree | < 2.4 | Wang Xuan(王旋) of Qihoo 360 AIVul Team |     |
+| [PDSA-2022-002](./advisory/pdsa-2022-002_cn.md) | Code injection in paddle.audio.functional.get_window | = 2.4.0-rc0 | Tong Liu of ShanghaiTech University |     |

security/advisory/pdsa-2022-002.md

@@ -0,0 +1,33 @@
+## PDSA-2022-002: Code injection in paddle.audio.functional.get_window
+
+### Impact
+
+`paddle.audio.functional.get_windowis` vulnerable to a code injection as it calls `eval` on user supplied `winstr`. This may lead to arbitrary code execution.
+
+```python
+def get_window(
+    window: Union[str, Tuple[str, float]],
+    win_length: int,
+    fftbins: bool = True,
+    dtype: str = 'float64',
+) -> Tensor:
+    ...
+    try:
+        winfunc = eval('_' + winstr)
+    except NameError as e:
+        raise ValueError("Unknown window type.") from e
+```
+
+### Patches
+
+We have patched the issue in commit [26c419ca386aeae3c461faf2b828d00b48e908eb](https://github.com/PaddlePaddle/Paddle/commit/26c419ca386aeae3c461faf2b828d00b48e908eb).
+
+The fix will be included in PaddlePaddle 2.4.
+
+### For more information
+
+Please consult [our security guide](../../SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.
+
+### Attribution
+
+This vulnerability has been reported by Tong Liu of ShanghaiTech University.

security/advisory/pdsa-2022-002_cn.md

@@ -0,0 +1,33 @@
+## PDSA-2022-002: Code injection in paddle.audio.functional.get_window
+
+### 影响
+
+`paddle.audio.functional.get_window`由于使用`eval`用户提供的参数`winstr`而存在代码注入漏洞，将导致任意代码执行。
+
+```python
+def get_window(
+    window: Union[str, Tuple[str, float]],
+    win_length: int,
+    fftbins: bool = True,
+    dtype: str = 'float64',
+) -> Tensor:
+    ...
+    try:
+        winfunc = eval('_' + winstr)
+    except NameError as e:
+        raise ValueError("Unknown window type.") from e
+```
+
+### 补丁
+
+我们在commit [26c419ca386aeae3c461faf2b828d00b48e908eb](https://github.com/PaddlePaddle/Paddle/commit/26c419ca386aeae3c461faf2b828d00b48e908eb)中对此问题进行了补丁。
+
+修复将包含在飞桨2.4版本当中。
+
+### 更多信息
+
+请参考我们的[安全指南](../../SECURITY_cn.md)以获得更多关于安全的信息，以及如何与我们联系问题。
+
+### 贡献者
+
+此漏洞由 Tong Liu of ShanghaiTech University 提交。