frozenleaves/transformers
1
0
Fork 0
mirror of https://github.com/huggingface/transformers.git synced 2025-10-20 17:13:56 +08:00
Code Issues Packages Projects Releases Wiki Activity

path validation for security reason (#41256)

Browse Source 
fix

Co-authored-by: ydshieh <ydshieh@users.noreply.github.com>
This commit is contained in:
Yih-Dar
2025-10-17 12:36:04 +02:00
committed by GitHub
parent 151d6adc86
commit 7370a1babd
1 changed files with 10 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/transformers/convert_slow_tokenizers_checkpoints_to_fast.py
View File

@ -15,6 +15,7 @@
import argparse import argparse
import os import os
from pathlib import Path
import transformers import transformers
@ -69,6 +70,15 @@ def convert_slow_checkpoint_to_fast(tokenizer_name, checkpoint_name, dump_path,
if "/" in checkpoint: if "/" in checkpoint:
checkpoint_directory, checkpoint_prefix_name = checkpoint.split("/") checkpoint_directory, checkpoint_prefix_name = checkpoint.split("/")
dump_path_full = os.path.join(dump_path, checkpoint_directory) dump_path_full = os.path.join(dump_path, checkpoint_directory)
# Security check
try:
Path(dump_path_full).resolve().relative_to(Path(dump_path).resolve())
except ValueError:
raise ValueError(
f"Invalid checkpoint path: '{checkpoint}' attempts to escape `dump_path`: {dump_path}"
)
elif add_prefix: elif add_prefix:
checkpoint_prefix_name = checkpoint checkpoint_prefix_name = checkpoint
dump_path_full = dump_path dump_path_full = dump_path