Fix critical/high security vulnerabilities + comprehensive test coverage#12
Merged
Fix critical/high security vulnerabilities + comprehensive test coverage#12
Conversation
- Remove numpy.load(allow_pickle=True) in compress_octree.py and training_pipeline.py to prevent arbitrary code execution via crafted .npy/.npz files. Metadata now saved as JSON sidecar; optimizer variables saved as individual .npy files with numeric dtypes. - Add path validation in training_pipeline.py (traversal guard) and evaluation_pipeline.py (existence check) for checkpoint loading. - Replace model.save() with model.save_weights() in cli_train.py to avoid full SavedModel format vulnerable to Keras deserialization RCE. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…age analysis Bug fixes in source: - compress_octree: _save_debug_info no longer pickles dicts (only saves ndarrays) - compress_octree: save_compressed converts NaN/Inf scalars to None for valid JSON - training_pipeline: path validation uses Path.relative_to() to prevent prefix collision bypass (e.g. checkpoints_evil matching checkpoints prefix) New tests (26 total, 213 → 239): - test_compress_octree (13): NaN/Inf metadata, empty grid, no-normals roundtrip, missing sidecar/grid files, debug pickle prevention, metadata value fidelity, numpy scalar types, dtype change documentation, E2E quality check - test_training_pipeline (9): path traversal/absolute/prefix-collision rejection, NaN in optimizer vars, save before training, missing weights, partial optimizer files, old pickle format ignored, optimizer state value fidelity - test_evaluation_pipeline (3): no checkpoint configured, empty string checkpoint, missing checkpoint raises FileNotFoundError - test_integration (1): checkpoint resume preserves eval loss Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
numpy.load(allow_pickle=True)incompress_octree.pyandtraining_pipeline.py— prevents arbitrary code execution via crafted.npy/.npzfiles. Metadata now saved as JSON sidecar; optimizer variables saved as individual.npyfiles with numeric dtypes.training_pipeline.py(traversal guard viaPath.relative_to()) andevaluation_pipeline.py(existence check) for checkpoint loading.model.save()withmodel.save_weights()incli_train.pyto avoid full SavedModel format vulnerable to Keras deserialization RCE.Nonefor valid JSON, path validation usesrelative_to()to prevent prefix collision bypass.Test plan
ruff check src/ tests/— lint cleanpytest tests/ -v— all 239 tests pass, 0 regressions../../, absolute paths, prefix collisions)🤖 Generated with Claude Code