Better handling of embeddings with two rare, but not unusual, files in them

I have encountered pickled embeddings with a short byteorder file at the top-level, as well as a .data/serialization_id file. Both load fine after allowing these files in the dataset. I do not think it is likely adding them to the safe unpickle regular expression would be a security risk, but that's for the maintainers to decide.

Better handling of embeddings with two rare, but not unusual, files in them
I have encountered pickled embeddings with a short byteorder file at the top-level, as well as a .data/serialization_id file. Both load fine after allowing these files in the dataset. I do not think it is likely adding them to the safe unpickle regular expression would be a security risk, but that's for the maintainers to decide.
c5ae2254 · Brendan Hoar · GitHub · c5b75598 · c5ae2254
Commit c5ae2254 authored Apr 26, 2024 by Brendan Hoar Committed by GitHub Apr 26, 2024
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

modules/safe.py modules/safe.py +1 -1

No files found.
--- a/modules/safe.py
+++ b/modules/safe.py
@@ -65,7 +65,7 @@ class RestrictedUnpickler(pickle.Unpickler):
 # Regular expression that accepts 'dirname/version', 'dirname/data.pkl', and 'dirname/data/<number>'
-allowed_zip_names_re = re.compile(r"^([^/]+)/((data/\d+)|version|(data\.pkl))$")
+allowed_zip_names_re = re.compile(r"^([^/]+)/((data/\d+)|byteorder|(\.data\/serialization_id)|version|(data\.pkl))$")
 data_pkl_re = re.compile(r"^([^/]+)/data\.pkl$")
 def check_zip_filenames(filename, names):