Force torch>=2.6 with torch.load to avoid vulnerability issue (#37785)
* fix all main files * fix test files * oups forgot modular * add link * update message
This commit is contained in:
@@ -21,6 +21,7 @@ from huggingface_hub import hf_hub_download
|
||||
|
||||
from transformers import is_torch_available
|
||||
from transformers.testing_utils import is_flaky, require_torch, slow, torch_device
|
||||
from transformers.utils import check_torch_load_is_safe
|
||||
|
||||
from ...test_configuration_common import ConfigTester
|
||||
from ...test_modeling_common import ModelTesterMixin, floats_tensor, ids_tensor
|
||||
@@ -414,6 +415,7 @@ class AutoformerModelTest(ModelTesterMixin, PipelineTesterMixin, unittest.TestCa
|
||||
|
||||
def prepare_batch(filename="train-batch.pt"):
|
||||
file = hf_hub_download(repo_id="hf-internal-testing/tourism-monthly-batch", filename=filename, repo_type="dataset")
|
||||
check_torch_load_is_safe()
|
||||
batch = torch.load(file, map_location=torch_device, weights_only=True)
|
||||
return batch
|
||||
|
||||
|
||||
@@ -22,6 +22,7 @@ from huggingface_hub import hf_hub_download
|
||||
|
||||
from transformers import is_torch_available
|
||||
from transformers.testing_utils import is_flaky, require_torch, slow, torch_device
|
||||
from transformers.utils import check_torch_load_is_safe
|
||||
|
||||
from ...test_configuration_common import ConfigTester
|
||||
from ...test_modeling_common import ModelTesterMixin, floats_tensor, ids_tensor
|
||||
@@ -475,6 +476,7 @@ class InformerModelTest(ModelTesterMixin, PipelineTesterMixin, unittest.TestCase
|
||||
|
||||
def prepare_batch(filename="train-batch.pt"):
|
||||
file = hf_hub_download(repo_id="hf-internal-testing/tourism-monthly-batch", filename=filename, repo_type="dataset")
|
||||
check_torch_load_is_safe()
|
||||
batch = torch.load(file, map_location=torch_device, weights_only=True)
|
||||
return batch
|
||||
|
||||
|
||||
@@ -33,6 +33,7 @@ from transformers.testing_utils import (
|
||||
slow,
|
||||
torch_device,
|
||||
)
|
||||
from transformers.utils import check_torch_load_is_safe
|
||||
|
||||
from ...generation.test_utils import GenerationTesterMixin
|
||||
from ...test_configuration_common import ConfigTester
|
||||
@@ -366,6 +367,7 @@ class LlavaNextForConditionalGenerationIntegrationTest(unittest.TestCase):
|
||||
filename="llava_1_6_input_ids.pt",
|
||||
repo_type="dataset",
|
||||
)
|
||||
check_torch_load_is_safe()
|
||||
original_input_ids = torch.load(filepath, map_location="cpu", weights_only=True)
|
||||
# replace -200 by image_token_index (since we use token ID = 32000 for the image token)
|
||||
# remove image token indices because HF impl expands image tokens `image_seq_length` times
|
||||
@@ -378,6 +380,7 @@ class LlavaNextForConditionalGenerationIntegrationTest(unittest.TestCase):
|
||||
filename="llava_1_6_pixel_values.pt",
|
||||
repo_type="dataset",
|
||||
)
|
||||
check_torch_load_is_safe()
|
||||
original_pixel_values = torch.load(filepath, map_location="cpu", weights_only=True)
|
||||
assert torch.allclose(original_pixel_values, inputs.pixel_values.half())
|
||||
|
||||
|
||||
@@ -412,7 +412,6 @@ class OPTEmbeddingsTest(unittest.TestCase):
|
||||
# verify that prompt without BOS token is identical to Metaseq -> add_special_tokens=False
|
||||
inputs = tokenizer(prompts, return_tensors="pt", padding=True, add_special_tokens=False)
|
||||
logits = model(inputs.input_ids, attention_mask=inputs.attention_mask)[0].mean(dim=-1)
|
||||
# logits_meta = torch.load(self.path_logits_meta)
|
||||
logits_meta = torch.Tensor(
|
||||
[
|
||||
[1.3851, -13.8923, -10.5229, -10.7533, -0.2309, -10.2384, -0.5365, -9.0947, -5.1670],
|
||||
|
||||
@@ -27,6 +27,7 @@ from parameterized import parameterized
|
||||
from transformers import is_torch_available
|
||||
from transformers.models.auto import get_values
|
||||
from transformers.testing_utils import is_flaky, require_torch, slow, torch_device
|
||||
from transformers.utils import check_torch_load_is_safe
|
||||
|
||||
from ...test_configuration_common import ConfigTester
|
||||
from ...test_modeling_common import ModelTesterMixin, floats_tensor, ids_tensor
|
||||
@@ -451,6 +452,7 @@ class PatchTSMixerModelTest(ModelTesterMixin, PipelineTesterMixin, unittest.Test
|
||||
def prepare_batch(repo_id="ibm/patchtsmixer-etth1-test-data", file="pretrain_batch.pt"):
|
||||
# TODO: Make repo public
|
||||
file = hf_hub_download(repo_id=repo_id, filename=file, repo_type="dataset")
|
||||
check_torch_load_is_safe()
|
||||
batch = torch.load(file, map_location=torch_device, weights_only=True)
|
||||
return batch
|
||||
|
||||
|
||||
@@ -23,6 +23,7 @@ from huggingface_hub import hf_hub_download
|
||||
from transformers import is_torch_available
|
||||
from transformers.models.auto import get_values
|
||||
from transformers.testing_utils import is_flaky, require_torch, slow, torch_device
|
||||
from transformers.utils import check_torch_load_is_safe
|
||||
|
||||
from ...test_configuration_common import ConfigTester
|
||||
from ...test_modeling_common import ModelTesterMixin, floats_tensor, ids_tensor
|
||||
@@ -302,6 +303,7 @@ class PatchTSTModelTest(ModelTesterMixin, PipelineTesterMixin, unittest.TestCase
|
||||
|
||||
def prepare_batch(repo_id="hf-internal-testing/etth1-hourly-batch", file="train-batch.pt"):
|
||||
file = hf_hub_download(repo_id=repo_id, filename=file, repo_type="dataset")
|
||||
check_torch_load_is_safe()
|
||||
batch = torch.load(file, map_location=torch_device, weights_only=True)
|
||||
return batch
|
||||
|
||||
|
||||
@@ -22,6 +22,7 @@ from parameterized import parameterized
|
||||
|
||||
from transformers import is_torch_available
|
||||
from transformers.testing_utils import is_flaky, require_torch, slow, torch_device
|
||||
from transformers.utils import check_torch_load_is_safe
|
||||
|
||||
from ...test_configuration_common import ConfigTester
|
||||
from ...test_modeling_common import ModelTesterMixin, floats_tensor, ids_tensor
|
||||
@@ -480,6 +481,7 @@ class TimeSeriesTransformerModelTest(ModelTesterMixin, PipelineTesterMixin, unit
|
||||
|
||||
def prepare_batch(filename="train-batch.pt"):
|
||||
file = hf_hub_download(repo_id="hf-internal-testing/tourism-monthly-batch", filename=filename, repo_type="dataset")
|
||||
check_torch_load_is_safe()
|
||||
batch = torch.load(file, map_location=torch_device, weights_only=True)
|
||||
return batch
|
||||
|
||||
|
||||
@@ -32,7 +32,7 @@ from transformers.testing_utils import (
|
||||
slow,
|
||||
torch_device,
|
||||
)
|
||||
from transformers.utils import cached_property, is_torch_available, is_vision_available
|
||||
from transformers.utils import cached_property, check_torch_load_is_safe, is_torch_available, is_vision_available
|
||||
|
||||
from ...test_configuration_common import ConfigTester
|
||||
from ...test_modeling_common import ModelTesterMixin, floats_tensor, ids_tensor
|
||||
@@ -455,6 +455,7 @@ class VideoMAEModelIntegrationTest(unittest.TestCase):
|
||||
|
||||
# add boolean mask, indicating which patches to mask
|
||||
local_path = hf_hub_download(repo_id="hf-internal-testing/bool-masked-pos", filename="bool_masked_pos.pt")
|
||||
check_torch_load_is_safe()
|
||||
inputs["bool_masked_pos"] = torch.load(local_path, weights_only=True)
|
||||
|
||||
# forward pass
|
||||
|
||||
@@ -38,7 +38,7 @@ from transformers.testing_utils import (
|
||||
slow,
|
||||
torch_device,
|
||||
)
|
||||
from transformers.utils import is_torch_available
|
||||
from transformers.utils import check_torch_load_is_safe, is_torch_available
|
||||
|
||||
|
||||
if is_torch_available():
|
||||
@@ -552,6 +552,7 @@ class PeftIntegrationTester(unittest.TestCase, PeftTesterMixin):
|
||||
|
||||
state_dict_path = hf_hub_download(peft_model_id, "adapter_model.bin")
|
||||
|
||||
check_torch_load_is_safe()
|
||||
dummy_state_dict = torch.load(state_dict_path, weights_only=True)
|
||||
|
||||
model.load_adapter(adapter_state_dict=dummy_state_dict, peft_config=peft_config)
|
||||
@@ -577,6 +578,7 @@ class PeftIntegrationTester(unittest.TestCase, PeftTesterMixin):
|
||||
|
||||
peft_config = LoraConfig()
|
||||
state_dict_path = hf_hub_download(peft_model_id, "adapter_model.bin")
|
||||
check_torch_load_is_safe()
|
||||
dummy_state_dict = torch.load(state_dict_path, weights_only=True)
|
||||
|
||||
# this should always work
|
||||
@@ -645,6 +647,7 @@ class PeftIntegrationTester(unittest.TestCase, PeftTesterMixin):
|
||||
|
||||
peft_config = LoraConfig()
|
||||
state_dict_path = hf_hub_download(peft_model_id, "adapter_model.bin")
|
||||
check_torch_load_is_safe()
|
||||
dummy_state_dict = torch.load(state_dict_path, weights_only=True)
|
||||
|
||||
# add unexpected key
|
||||
@@ -672,6 +675,7 @@ class PeftIntegrationTester(unittest.TestCase, PeftTesterMixin):
|
||||
|
||||
peft_config = LoraConfig()
|
||||
state_dict_path = hf_hub_download(peft_model_id, "adapter_model.bin")
|
||||
check_torch_load_is_safe()
|
||||
dummy_state_dict = torch.load(state_dict_path, weights_only=True)
|
||||
|
||||
# remove a key so that we have missing keys
|
||||
|
||||
@@ -113,6 +113,7 @@ from transformers.utils import (
|
||||
SAFE_WEIGHTS_NAME,
|
||||
WEIGHTS_INDEX_NAME,
|
||||
WEIGHTS_NAME,
|
||||
check_torch_load_is_safe,
|
||||
is_accelerate_available,
|
||||
is_apex_available,
|
||||
is_bitsandbytes_available,
|
||||
@@ -646,6 +647,7 @@ class TrainerIntegrationCommon:
|
||||
else:
|
||||
best_model = RegressionModel()
|
||||
if not safe_weights:
|
||||
check_torch_load_is_safe()
|
||||
state_dict = torch.load(os.path.join(checkpoint, WEIGHTS_NAME), weights_only=True)
|
||||
else:
|
||||
state_dict = safetensors.torch.load_file(os.path.join(checkpoint, SAFE_WEIGHTS_NAME))
|
||||
@@ -678,6 +680,7 @@ class TrainerIntegrationCommon:
|
||||
loader = safetensors.torch.load_file
|
||||
weights_file = os.path.join(folder, SAFE_WEIGHTS_NAME)
|
||||
else:
|
||||
check_torch_load_is_safe()
|
||||
loader = torch.load
|
||||
weights_file = os.path.join(folder, WEIGHTS_NAME)
|
||||
|
||||
|
||||
@@ -74,6 +74,7 @@ from transformers.utils import (
|
||||
SAFE_WEIGHTS_NAME,
|
||||
WEIGHTS_INDEX_NAME,
|
||||
WEIGHTS_NAME,
|
||||
check_torch_load_is_safe,
|
||||
)
|
||||
from transformers.utils.import_utils import (
|
||||
is_flash_attn_2_available,
|
||||
@@ -739,6 +740,7 @@ class ModelUtilsTest(TestCasePlus):
|
||||
# Note: pickle adds some junk so the weight of the file can end up being slightly bigger than
|
||||
# the size asked for (since we count parameters)
|
||||
if size >= max_size_int + 50000:
|
||||
check_torch_load_is_safe()
|
||||
state_dict = torch.load(shard_file, weights_only=True)
|
||||
self.assertEqual(len(state_dict), 1)
|
||||
|
||||
|
||||
Reference in New Issue
Block a user