Skip to content

Promote generic utils/constants from gigl.src.common to gigl.common#705

Draft
kmontemayor2-sc wants to merge 1 commit into
mainfrom
promote-src-common-to-common
Draft

Promote generic utils/constants from gigl.src.common to gigl.common#705
kmontemayor2-sc wants to merge 1 commit into
mainfrom
promote-src-common-to-common

Conversation

@kmontemayor2-sc

Copy link
Copy Markdown
Collaborator

Promote the reusable, application-agnostic helpers out of the pipeline source tree into the top-level gigl.common package:

  • gigl/common/utils/{timeout,file_loader,model,time,bq}.py
  • datetime format constants merged into gigl/common/constants.py

Each old gigl.src.common path is left as a re-export shim that logs a deprecation warning, so external imports keep working. All internal call sites (gigl, examples, scripts, tests) are repointed to the new gigl.common locations; the dedicated bq tests move into the common test tree.

Application/task logic (pb_wrappers, task types, launchers, pipeline path constants, translators, graph_builder, modeling_task_specs) stays in gigl.src by design.

Scope of work done

Where is the documentation for this feature?: N/A

Did you add automated tests or write a test plan?

Updated Changelog.md? NO

Ready for code review?: NO

Promote the reusable, application-agnostic helpers out of the pipeline
source tree into the top-level gigl.common package:

  - gigl/common/utils/{timeout,file_loader,model,time,bq}.py
  - datetime format constants merged into gigl/common/constants.py

Each old gigl.src.common path is left as a re-export shim that logs a
deprecation warning, so external imports keep working. All internal
call sites (gigl, examples, scripts, tests) are repointed to the new
gigl.common locations; the dedicated bq tests move into the common
test tree.

Application/task logic (pb_wrappers, task types, launchers, pipeline
path constants, translators, graph_builder, modeling_task_specs) stays
in gigl.src by design.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@kmontemayor2-sc

Copy link
Copy Markdown
Collaborator Author

/all_test

@github-actions

Copy link
Copy Markdown
Contributor

GiGL Automation

@ 18:09:22UTC : 🔄 Integration Test started.

@github-actions

github-actions Bot commented Jul 15, 2026

Copy link
Copy Markdown
Contributor

GiGL Automation

@ 18:09:22UTC : 🔄 Scala Unit Test started.

@ 18:18:35UTC : ✅ Workflow completed successfully.

@github-actions

github-actions Bot commented Jul 15, 2026

Copy link
Copy Markdown
Contributor

GiGL Automation

@ 18:09:23UTC : 🔄 Python Unit Test started.

@ 19:16:31UTC : ✅ Workflow completed successfully.

@github-actions

github-actions Bot commented Jul 15, 2026

Copy link
Copy Markdown
Contributor

GiGL Automation

@ 18:09:24UTC : 🔄 C++ Unit Test started.

@ 18:11:18UTC : ✅ Workflow completed successfully.

@github-actions

github-actions Bot commented Jul 15, 2026

Copy link
Copy Markdown
Contributor

GiGL Automation

@ 18:09:25UTC : 🔄 Lint Test started.

@ 18:17:47UTC : ✅ Workflow completed successfully.

@github-actions

github-actions Bot commented Jul 15, 2026

Copy link
Copy Markdown
Contributor

GiGL Automation

@ 18:09:32UTC : 🔄 E2E Test started.

@ 19:58:59UTC : ✅ Workflow completed successfully.

file_loader = FileLoader()
tmp_file = file_loader.load_to_temp_file(load_from_uri)

state_dict = torch.load(tmp_file.name, map_location=device)

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Semgrep identified an issue in your code:

Using torch.load() to deserialize model files enables arbitrary code execution via pickle. Attackers can embed malicious Python code in model files that executes when loaded.

More details about this

The torch.load() call on tmp_file.name deserializes a PyTorch model file using pickle, which can execute arbitrary Python code embedded in the serialized data.

Exploit scenario:

  1. An attacker crafts a malicious PyTorch model file containing embedded Python code (e.g., code to exfiltrate data, install backdoors, or launch ransomware).
  2. This file is uploaded or placed where your application loads it via load_from_uri.
  3. When torch.load(tmp_file.name, map_location=device) executes, pickle deserializes the malicious payload and automatically executes the attacker's code with the full privileges of your application.
  4. The attacker now has arbitrary code execution on your system.

This is particularly dangerous if load_from_uri accepts untrusted sources (e.g., user uploads, external URLs, or any input not under your strict control).

To resolve this comment:

✨ Commit fix suggestion
  1. Change the torch.load call to load weights only: replace torch.load(tmp_file.name, map_location=device) with torch.load(tmp_file.name, map_location=device, weights_only=True).
  2. Keep this function limited to files created by save_state_dict(...), because that path writes model.state_dict() instead of a full pickled model object. This prevents PyTorch from deserializing arbitrary Python objects from the file.
  3. Add a type check after loading and reject anything that is not a state dict, for example by verifying the result is a dict or OrderedDict and that the values are tensors.
  4. Leave load_scripted_model_from_uri(...) separate from this path, and do not reuse load_state_dict_from_uri(...) to load full models or other serialized objects.

Alternatively, if weights_only=True is not available in your PyTorch version, upgrade PyTorch and use weights_only=True rather than loading the file with plain torch.load(...).

💬 Ignore this finding

Reply with Semgrep commands to ignore this finding.

  • /fp <comment> for false positive
  • /ar <comment> for acceptable risk
  • /other <comment> for all other reasons

Alternatively, triage in Semgrep AppSec Platform to ignore the finding created by pickles-in-pytorch.

You can view more details about this finding in the Semgrep AppSec Platform.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants