Update clang-format linux hash and yaml import calls (#53932)

Summary: Fixing Bandit security issues. - yaml_load: Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load(). Test ID: B506 Severity: MEDIUM Confidence: HIGH File: ./caffe2/contrib/aten/gen_op.py More info: https://bandit.readthedocs.io/en/latest/plugins/b506_yaml_load.html 235 if __name__ == '__main__': 236 decls = yaml.load(read(os.path.join(args.yaml_dir, 'Declarations.yaml')), Loader=Loader) 237 factory_methods = find_factory_methods(decls) - Blacklist: Use of insecure MD2 (6149a26adb), MD4 (fc7f026980), MD5 (7ea9d9af4e), or SHA1 hash function. Test ID: B303 Severity: MEDIUM Confidence: HIGH File: ./tools/clang_format_utils.py More info: https://bandit.readthedocs.io/en/latest/blacklists/blacklist_calls.html#b303-md5 36 37 hash = hashlib.sha1() 38 Pull Request resolved: https://github.com/pytorch/pytorch/pull/53932 Reviewed By: jbschlosser Differential Revision: D27072017 Pulled By: malfet fbshipit-source-id: 2fef0119388797aee3cacdc880fc345bd2ba68ce
2025-12-06 12:20:52 +01:00 · 2021-03-18 17:10:04 -07:00 · 2021-03-18 17:10:04 -07:00 · 53d8778b4d
commit 53d8778b4d
parent 04e0cbf5a9
11 changed files with 21 additions and 21 deletions
--- a/caffe2/contrib/aten/gen_op.py
+++ b/caffe2/contrib/aten/gen_op.py
@ -47,9 +47,9 @@ OP_TEMPLATE = CT.from_file(

 try:
    # use faster C loader if available
-    from yaml import CLoader as Loader
+    from yaml import CSafeLoader as Loader
 except ImportError:
-    from yaml import Loader  # type: ignore[misc]
+    from yaml import SafeLoader as Loader  # type: ignore[misc]


 def write(filename, s):
--- a/test/test_namedtuple_return_api.py
+++ b/test/test_namedtuple_return_api.py
@ -26,7 +26,7 @@ class TestNamedTupleAPI(TestCase):
        operators_found = set()
        regex = re.compile(r"^(\w*)(\(|\.)")
        file = open(aten_native_yaml, 'r')
-        for f in yaml.load(file.read()):
+        for f in yaml.safe_load(file.read()):
            f = f['func']
            ret = f.split('->')[1].strip()
            name = regex.findall(f)[0][0]
--- a/tools/autograd/gen_python_functions.py
+++ b/tools/autograd/gen_python_functions.py
@ -50,9 +50,9 @@ from typing import Dict, Optional, List, Tuple, Set, Sequence, Callable

 try:
    # use faster C loader if available
-    from yaml import CLoader as Loader
+    from yaml import CSafeLoader as Loader
 except ImportError:
-    from yaml import Loader  # type: ignore
+    from yaml import SafeLoader as Loader  # type: ignore

 #
 # declarations blocklist
--- a/tools/autograd/load_derivatives.py
+++ b/tools/autograd/load_derivatives.py
@ -17,9 +17,9 @@ from tools.codegen.utils import *

 try:
    # use faster C loader if available
-    from yaml import CLoader as Loader
+    from yaml import CSafeLoader as Loader
 except ImportError:
-    from yaml import Loader  # type: ignore
+    from yaml import SafeLoader as Loader  # type: ignore

 def load_derivatives(derivatives_yaml_path: str, native_yaml_path: str) -> Sequence[DifferentiabilityInfo]:
    with open(derivatives_yaml_path, 'r') as f:
--- a/tools/clang_format_hash/linux64/clang-format-linux64
+++ b/tools/clang_format_hash/linux64/clang-format-linux64
@ -1 +1 @@
-9073602de1c4e1748f2feea5a0782417b20e3043
+21ca53c291a88b53dac85751b7a0203ca610ac94b7adaff3c092cf30df4168f2
--- a/tools/clang_format_hash/mac/clang-format-mojave
+++ b/tools/clang_format_hash/mac/clang-format-mojave
@ -1 +1 @@
-b24cc8972344c4e01afbbae78d6a414f7638ff6f
+5fde7bccf65032da297dfb1f18e4a95e96e278fa397e9dcaf364dfe23ec46353
--- a/tools/clang_format_utils.py
+++ b/tools/clang_format_utils.py
@ -28,13 +28,13 @@ PLATFORM_TO_HASH = {
 CLANG_FORMAT_DIR = os.path.join(PYTORCH_ROOT, ".clang-format-bin")
 CLANG_FORMAT_PATH = os.path.join(CLANG_FORMAT_DIR, "clang-format")

-def compute_file_sha1(path: str) -> str:
-    """Compute the SHA1 hash of a file and return it as a hex string."""
+def compute_file_sha256(path: str) -> str:
+    """Compute the SHA256 hash of a file and return it as a hex string."""
    # If the file doesn't exist, return an empty string.
    if not os.path.exists(path):
        return ""

-    hash = hashlib.sha1()
+    hash = hashlib.sha256()

    # Open the file in binary mode and hash it.
    with open(path, "rb") as f:
@ -84,7 +84,7 @@ def download_clang_format(path):
 def get_and_check_clang_format(verbose=False):
    """
    Download a platform-appropriate clang-format binary if one doesn't already exist at the expected location and verify
-    that it is the right binary by checking its SHA1 hash against the expected hash.
+    that it is the right binary by checking its SHA256 hash against the expected hash.
    """
    if not os.path.exists(CLANG_FORMAT_DIR):
        # If the directory doesn't exist, try to create it.
@ -114,7 +114,7 @@ def get_and_check_clang_format(verbose=False):
                print("Found pre-existing clang-format binary, skipping download")

    # Now that the binary is where it should be, hash it.
-    actual_bin_hash = compute_file_sha1(CLANG_FORMAT_PATH)
+    actual_bin_hash = compute_file_sha256(CLANG_FORMAT_PATH)

    # If the host platform is not in PLATFORM_TO_HASH, it is unsupported.
    if HOST_PLATFORM not in PLATFORM_TO_HASH:
--- a/tools/clang_tidy.py
+++ b/tools/clang_tidy.py
@ -173,7 +173,7 @@ def run_clang_tidy(options, line_filters, files):

        with open(options.config_file) as config:
            # Here we convert the YAML config file to a JSON blob.
-            command += ["-config", json.dumps(yaml.load(config, Loader=yaml.FullLoader))]
+            command += ["-config", json.dumps(yaml.load(config, Loader=yaml.SafeLoader))]
    command += options.extra_args

    if line_filters:
--- a/tools/codegen/gen.py
+++ b/tools/codegen/gen.py
@ -25,9 +25,9 @@ import tools.codegen.dest as dest

 try:
    # use faster C loader if available
-    from yaml import CLoader as Loader
+    from yaml import CSafeLoader as Loader
 except ImportError:
-    from yaml import Loader  # type: ignore
+    from yaml import SafeLoader as Loader  # type: ignore

 # Welcome to the ATen code generator v2!  The ATen code generator is
 # responsible for parsing native_functions.yaml and then generating
--- a/tools/codegen/selective_build/selector.py
+++ b/tools/codegen/selective_build/selector.py
@ -95,13 +95,13 @@ class SelectiveBuilder:

    @staticmethod
    def from_yaml_str(config_contents: str) -> 'SelectiveBuilder':
-        contents = yaml.load(config_contents)
+        contents = yaml.safe_load(config_contents)
        return SelectiveBuilder.from_yaml_dict(contents)

    @staticmethod
    def from_yaml_path(config_path: str) -> 'SelectiveBuilder':
        with open(config_path, 'r') as f:
-            contents = yaml.load(f)
+            contents = yaml.safe_load(f)
            return SelectiveBuilder.from_yaml_dict(contents)

    @staticmethod
--- a/tools/setup_helpers/generate_code.py
+++ b/tools/setup_helpers/generate_code.py
@ -5,9 +5,9 @@ import yaml

 try:
    # use faster C loader if available
-    from yaml import CLoader as YamlLoader
+    from yaml import CSafeLoader as YamlLoader
 except ImportError:
-    from yaml import Loader as YamlLoader
+    from yaml import SafeLoader as YamlLoader

 source_files = {'.py', '.cpp', '.h'}