Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

guard 3rd party package installation path #2687

Merged
merged 4 commits into from
Oct 9, 2023
Merged

guard 3rd party package installation path #2687

merged 4 commits into from
Oct 9, 2023

Conversation

lxning
Copy link
Collaborator

@lxning lxning commented Oct 6, 2023

Description

Please read our CONTRIBUTING.md prior to creating your first pull request.

Please include a summary of the feature or issue being fixed. Please also include relevant motivation and context. List any dependencies that are required for this change.

Make sure

  • the process of pip installation runs under tmp dir
  • the 3rd party package is installed under tmp dir

Fixes #(issue)
#2664

Type of change

Please delete options that are not relevant.

  • Bug fix (non-breaking change which fixes an issue)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • New feature (non-breaking change which adds functionality)
  • This change requires a documentation update

Feature/Issue validation/testing

Please describe the Unit or Integration tests that you ran to verify your changes and relevant result summary. Provide instructions so it can be reproduced.
Please also list any relevant details for your test configuration.

  • Test A
    Logs for Test A

  • Test B
    Logs for Test B

Checklist:

  • Did you have fun?
  • Have you added tests that prove your fix is effective or that this feature works?
  • Has code been commented, particularly in hard-to-understand areas?
  • Have you made corresponding changes to the documentation?

@lxning lxning requested a review from msaroufim October 6, 2023 00:24
@codecov
Copy link

codecov bot commented Oct 6, 2023
edited
Loading

Codecov Report

Merging #2687 (851c2d2) into master (726dad2) will not change coverage.
Report is 1 commits behind head on master.
The diff coverage is n/a.

❗ Current head 851c2d2 differs from pull request most recent head eae1ff8. Consider uploading reports for the commit eae1ff8 to get more accurate results

@@           Coverage Diff           @@
##           master    #2687   +/-   ##
=======================================
  Coverage   72.39%   72.39%           
=======================================
  Files          85       85           
  Lines        3956     3956           
  Branches       58       58           
=======================================
  Hits         2864     2864           
  Misses       1088     1088           
  Partials        4        4

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

@lxning lxning self-assigned this Oct 6, 2023
@msaroufim
Copy link
Member

msaroufim commented Oct 6, 2023
edited
Loading

In case it's too annoying to keep retriggering the workflow feel free to run it on pushes here https://github.com/pytorch/serve/blob/master/.github/workflows/codeql.yml#L15

I didn't realize github code scanning would nicely render things as comments feels like a good behavior to have by default on

github-advanced-security[bot]
github-advanced-security bot found potential problems Oct 6, 2023
View reviewed changes
frontend/server/src/main/java/org/pytorch/serve/wlm/ModelManager.java
.toPath()
.normalize()
.startsWith(FileUtils.getTempDirectory().toPath().normalize())) {
processBuilder.directory(dependencyPath);

Check failure

Code scanning / CodeQL

Uncontrolled command line Critical

This command line depends on a
user-provided value
Loading
.
@lxning lxning added this pull request to the merge queue Oct 9, 2023
Merged via the queue into master with commit ec22e98 Oct 9, 2023
15 of 16 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@msaroufim msaroufim msaroufim approved these changes

Assignees

@lxning lxning

Labels
None yet
Projects
v0.9.0 lifecycle
Awaiting triage
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@lxning @msaroufim