Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Move scripttagextractor to AI #538

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Move scripttagextractor to AI #538

wants to merge 1 commit into from

Conversation

thypon
Copy link
Member

@thypon thypon commented Mar 8, 2024
edited
Loading

I moved the script tag extractor to AI. AI production environments require pickle to be fast enough.

All the tests should pass, as they were passing before.

I feel the tradeoff is ok. /s

github-actions[bot]
github-actions bot reviewed Mar 8, 2024
View reviewed changes
assets/scripttagextractor.py
for f in files:
main(f, args.suffix, args.add_suffix_to_original, args.dry_run)
with open(localdir + "/scripttagextractor.pkl", 'rb') as f:
data = pickle.load(f)
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

reported by reviewdog 🐶
[semgrep] Avoid using pickle, which is known to lead to code execution vulnerabilities. When unpickling, the serialized data could be manipulated to run arbitrary code. Instead, consider serializing the relevant data as JSON or a similar text-based serialization format.

Source: https://semgrep.dev/r/python.lang.security.deserialization.pickle.avoid-pickle


Cc @thypon @bcaller

@thypon thypon requested a review from a team as a code owner May 13, 2024 15:50
diracdeltas
diracdeltas reviewed May 13, 2024
View reviewed changes
assets/scripttagextractor.py

for f in files:
main(f, args.suffix, args.add_suffix_to_original, args.dry_run)
with open(localdir + "/scripttagextractor.pkl", 'rb') as f:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

how did you create this file?

@bcaller
Copy link
Contributor

bcaller commented May 13, 2024

I don't get it. What on Earth is this?

@bcaller bcaller closed this May 13, 2024
@thypon thypon reopened this May 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@github-actions github-actions[bot] github-actions[bot] left review comments

@diracdeltas diracdeltas diracdeltas left review comments

Assignees

@thypon thypon

@bcaller bcaller

Labels
needs-security-review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@thypon @bcaller @diracdeltas