Files
wehub-resource-sync e93507a09c
Lockfile supply-chain audit / lockfile supply-chain audit (push) Has been cancelled
Windows Studio GGUF CI / GPU prebuilt resolves without Visual Studio (push) Has been cancelled
Windows Studio GGUF CI / setup.ps1 unit tests (VS 2026 / CMake guard) (push) Has been cancelled
Windows Studio GGUF CI / real-VS detection (VS 2022) (push) Has been cancelled
Windows Studio GGUF CI / real-VS detection (VS 2026) (push) Has been cancelled
Windows Studio GGUF CI / VC++ runtime detect + install round-trip (windows-2025-vs2026) (push) Has been cancelled
Windows Studio GGUF CI / VC++ runtime detect + install round-trip (windows-latest) (push) Has been cancelled
Windows Studio Update CI / Studio Updating Tests (push) Has been cancelled
Wheel CI / Wheel build + content sanity + import smoke (push) Has been cancelled
Lint CI / Source lint (Python + shell + YAML + JSON + safety nets) (push) Has been cancelled
MLX CI on Mac M1 / dispatch (push) Has been cancelled
Security audit / advisory audit (pip + npm + cargo) (push) Has been cancelled
Security audit / pip scan-packages :: extras (push) Has been cancelled
Security audit / pip scan-packages :: studio (push) Has been cancelled
Security audit / pip scan-packages :: hf-stack (push) Has been cancelled
Security audit / npm scan-packages (Studio frontend tarballs) (push) Has been cancelled
Security audit / workflow-trigger lint (pull_request_target / cache-poisoning) (push) Has been cancelled
Security audit / pytest tests/security (push) Has been cancelled
Security audit / npm provenance + new install-script diff (push) Has been cancelled
Studio API CI / Studio API & Auth Tests (push) Has been cancelled
Backend CI / (Python 3.10) (push) Has been cancelled
Backend CI / (Python 3.11) (push) Has been cancelled
Backend CI / (Python 3.12) (push) Has been cancelled
Backend CI / (Python 3.13) (push) Has been cancelled
Backend CI / Repo tests (CPU) (push) Has been cancelled
Frontend CI / Frontend build + bundle sanity (push) Has been cancelled
Studio GGUF CI / OpenAI, Anthropic API tests (push) Has been cancelled
Studio GGUF CI / Tool calling Tests (push) Has been cancelled
Studio GGUF CI / JSON, images (push) Has been cancelled
Mac Studio GGUF CI / OpenAI, Anthropic API tests (push) Has been cancelled
Mac Studio GGUF CI / Tool calling Tests (push) Has been cancelled
Mac Studio GGUF CI / JSON, images (push) Has been cancelled
Mac Studio Install Matrix CI / Install + load (macos-14) (push) Has been cancelled
Mac Studio Install Matrix CI / Install + load (macos-15) (push) Has been cancelled
Mac Studio Install Matrix CI / Install + load (macos-26) (push) Has been cancelled
Mac Studio Install Matrix CI / Install + load (macos-15-intel) (push) Has been cancelled
Mac Studio API CI / Studio API & Auth Tests (push) Has been cancelled
Mac Studio Install Matrix CI / Install + load (macos-26-intel) (push) Has been cancelled
Mac Studio UI CI / Chat UI Tests (push) Has been cancelled
Studio Tauri CI / Tauri Linux debug build (no codesign) (push) Has been cancelled
Mac Studio Update CI / Studio Updating Tests (push) Has been cancelled
Studio UI CI / Chat UI Tests (push) Has been cancelled
Windows Studio API CI / Studio API & Auth Tests (push) Has been cancelled
Windows Studio UI CI / Chat UI Tests (push) Has been cancelled
Studio Update CI / Studio Updating Tests (push) Has been cancelled
Core / Core (HF=default + TRL=default) (push) Has been cancelled
Core / Core (HF=4.57.6 + TRL<1) (push) Has been cancelled
Core / Core (HF=latest + TRL=latest) (push) Has been cancelled
Core / llama.cpp build + smoke (push) Has been cancelled
Windows Studio GGUF CI / OpenAI, Anthropic API tests (push) Has been cancelled
Windows Studio GGUF CI / Tool calling Tests (push) Has been cancelled
Windows Studio GGUF CI / JSON, images (push) Has been cancelled
Windows Studio GGUF CI / Studio install + inference without Visual Studio (push) Has been cancelled
Studio export capability / capability (macos-latest) (push) Has been cancelled
Studio export capability / capability (ubuntu-latest) (push) Has been cancelled
Studio export capability / capability (windows-latest) (push) Has been cancelled
Cross-platform parity / parity (macos-latest) (push) Has been cancelled
Cross-platform parity / parity (windows-latest) (push) Has been cancelled
Scorecard supply-chain security / Scorecard analysis (push) Has been cancelled
Studio load-orchestrator CI / test (push) Has been cancelled
chore: import upstream snapshot with attribution
2026-07-13 12:59:56 +08:00

112 lines
3.6 KiB
Python

# SPDX-License-Identifier: AGPL-3.0-only
# Copyright 2026-present the Unsloth AI Inc. team. All rights reserved. See /studio/LICENSE.AGPL-3.0
"""Security helpers for the ``trust_remote_code`` boundary.
Two orthogonal questions: ``trusted_org.is_trusted_org_repo`` (may we AUTO-enable
remote code for this name?) and ``remote_code_scan`` (WHAT would run if the user
opts in?). The load paths try ``trust_remote_code=False`` first and, on the
transformers "requires trust_remote_code" error, scan the repo's ``auto_map``,
surface findings + a pinning fingerprint, and require explicit consent before
retrying with it enabled. Detection (is-vision / version / size) reads raw
``config.json`` and never enters this flow.
"""
from utils.security.consent import ( # noqa: F401
RemoteCodeDecision,
evaluate_remote_code_consent,
evaluate_remote_code_consent_for_targets,
)
from utils.security.file_security import ( # noqa: F401
FileSecurityDecision,
evaluate_file_security,
security_load_subdirs,
)
from utils.security.remote_code_scan import ( # noqa: F401
CRITICAL,
HIGH,
MEDIUM,
Finding,
RemoteCodeUnscannable,
ScanResult,
remote_code_fingerprint,
repo_remote_code_files,
scan_remote_code_files,
)
from utils.security.trusted_org import is_trusted_org_repo # noqa: F401
__all__ = [
"is_trusted_org_repo",
"scan_remote_code_files",
"repo_remote_code_files",
"RemoteCodeUnscannable",
"remote_code_fingerprint",
"should_block_remote_code",
"evaluate_remote_code_consent",
"evaluate_remote_code_consent_for_targets",
"preflight_remote_code_consent",
"preflight_remote_code_consent_for_targets",
"evaluate_file_security",
"security_load_subdirs",
"FileSecurityDecision",
"RemoteCodeDecision",
"ScanResult",
"Finding",
"CRITICAL",
"HIGH",
"MEDIUM",
]
def preflight_remote_code_consent(
model_name: str,
hf_token = None,
*,
trust_remote_code: bool = True,
approved_fingerprint = None,
trusted_org = None,
subject = None,
) -> "RemoteCodeDecision":
"""Scan a model's ``auto_map`` for the consent dialog. Thin wrapper over
``evaluate_remote_code_consent`` defaulting ``trust_remote_code=True`` so the scan
runs whenever the repo declares custom code; the start routes pass the user's real
value + approved fingerprint to enforce consent before any state mutation.
"""
return evaluate_remote_code_consent(
model_name,
hf_token,
trust_remote_code = trust_remote_code,
approved_fingerprint = approved_fingerprint,
trusted_org = trusted_org,
subject = subject,
)
def preflight_remote_code_consent_for_targets(
targets,
hf_token = None,
*,
trust_remote_code: bool = True,
approved_fingerprint = None,
subject = None,
) -> "RemoteCodeDecision":
"""Preflight consent over multiple repos (a LoRA adapter plus its base) scanned as
one combined unit with a single pinning fingerprint. Wrapper defaulting
``trust_remote_code=True``; the load passes the user's real value + fingerprint.
"""
return evaluate_remote_code_consent_for_targets(
targets,
hf_token,
trust_remote_code = trust_remote_code,
approved_fingerprint = approved_fingerprint,
subject = subject,
)
def should_block_remote_code(result: "ScanResult") -> bool:
"""Recommend blocking by default on CRITICAL/HIGH findings. Advisory only: the
caller still surfaces findings and takes explicit consent.
"""
sev = result.max_severity
return sev in (CRITICAL, HIGH)