Skip to content

Commit 0ef4891

Browse files
lukehindslukehinds
committed
Add more example unsafe patterns
1 parent 8c4b8a0 commit 0ef4891

File tree

1 file changed

+17
-6
lines changed

1 file changed

+17
-6
lines changed

bandit/plugins/huggingface_unsafe_download.py

Lines changed: 17 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -18,10 +18,22 @@
1818
1. Pin to specific revisions/commits when downloading models, files or datasets
1919
2020
Common unsafe patterns:
21-
- ``AutoModel.from_pretrained("model-name")`` without revision
22-
- ``load_dataset("dataset-name")`` without revision
23-
- ``hf_hub_download()`` without revision parameter
24-
- ``snapshot_download()`` without revision parameter
21+
- ``AutoModel.from_pretrained("org/model-name")``
22+
- ``AutoModel.from_pretrained("org/model-name", revision="main")``
23+
- ``AutoModel.from_pretrained("org/model-name", revision="v1.0.0")``
24+
- ``load_dataset("org/dataset-name")`` without revision
25+
- ``load_dataset("org/dataset-name", revision="main")``
26+
- ``load_dataset("org/dataset-name", revision="v1.0")``
27+
- ``AutoTokenizer.from_pretrained("org/model-name")``
28+
- ``AutoTokenizer.from_pretrained("org/model-name", revision="main")``
29+
- ``AutoTokenizer.from_pretrained("org/model-name", revision="v3.3.0")``
30+
- ``hf_hub_download(repo_id="org/model_name", filename="file_name")``
31+
- ``hf_hub_download(repo_id="org/model_name", filename="file_name", revision="main")``
32+
- ``hf_hub_download(repo_id="org/model_name", filename="file_name", revision="v2.0.0")``
33+
- ``snapshot_download(repo_id="org/model_name")``
34+
- ``snapshot_download(repo_id="org/model_name", revision="main")``
35+
- ``snapshot_download(repo_id="org/model_name", revision="refs/pr/1")``
36+
2537
2638
:Example:
2739
@@ -39,7 +51,6 @@
3951
4052
- https://cwe.mitre.org/data/definitions/494.html
4153
- https://huggingface.co/docs/huggingface_hub/en/guides/download#from-specific-version
42-
- https://huggingface.co/docs/huggingface_hub/guides/download
4354
4455
.. versionadded:: 1.9.0
4556
@@ -99,7 +110,7 @@ def huggingface_unsafe_download(context):
99110
# Check for revision parameter (the key security control)
100111
revision_value = context.get_call_arg_value("revision")
101112
commit_id_value = context.get_call_arg_value("commit_id")
102-
113+
103114
# Check if a revision or commit_id is specified
104115
revision_to_check = revision_value or commit_id_value
105116

0 commit comments

Comments
 (0)