Extract get_safe_config helper and apply to all overriding_architecture_config callsites#6415
Draft
Extract get_safe_config helper and apply to all overriding_architecture_config callsites#6415
get_safe_config helper and apply to all overriding_architecture_config callsites#6415Conversation
… in HuggingFaceTransformersDecoder Agent-Logs-Url: https://github.com/espnet/espnet/sessions/41994baa-ca08-4d74-b899-01054066330a Co-authored-by: sw005320 <11741550+sw005320@users.noreply.github.com>
…-place deletion Agent-Logs-Url: https://github.com/espnet/espnet/sessions/41994baa-ca08-4d74-b899-01054066330a Co-authored-by: sw005320 <11741550+sw005320@users.noreply.github.com>
… defaulting to False Agent-Logs-Url: https://github.com/espnet/espnet/sessions/621907ec-4d77-43f1-8967-3ed0ecb605a5 Co-authored-by: sw005320 <11741550+sw005320@users.noreply.github.com>
…t (False) Agent-Logs-Url: https://github.com/espnet/espnet/sessions/29509e56-1ee5-4122-9f15-f00a447013da Co-authored-by: sw005320 <11741550+sw005320@users.noreply.github.com>
…classes Agent-Logs-Url: https://github.com/espnet/espnet/sessions/357693ef-00b6-4354-8e58-f298fc0bc2e5 Co-authored-by: sw005320 <11741550+sw005320@users.noreply.github.com>
…re_config callsites Agent-Logs-Url: https://github.com/espnet/espnet/sessions/aa30dc76-c700-4552-a229-d950dc70d982 Co-authored-by: sw005320 <11741550+sw005320@users.noreply.github.com>
Agent-Logs-Url: https://github.com/espnet/espnet/sessions/aa30dc76-c700-4552-a229-d950dc70d982 Co-authored-by: sw005320 <11741550+sw005320@users.noreply.github.com>
Copilot created this pull request from a session on behalf of
sw005320
April 8, 2026 13:58
View session
Contributor
|
This pull request is now in conflict :( |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Closes the security concern raised in the issue: an attacker-controlled
overriding_architecture_config(inline dict or JSON file) could inject{"trust_remote_code": true}, which would be splatted directly intoAutoModelForCausalLM.from_pretrained()/AutoModelForSeq2SeqLM.from_pretrained(), enabling arbitrary remote code execution.Previously the fix was an inline
_BLOCKED_KEYSblock insideHuggingFaceTransformersDecoder.__init__. This PR extracts that logic into a reusableget_safe_config()helper and applies it everywhereoverriding_architecture_configreachesfrom_pretrained.Changes
espnet2/asr/decoder/hugging_face_transformers_decoder.py_BLOCKED_KEYS/ dict-comprehension logic from__init___BLOCKED_CONFIG_KEYS = {"trust_remote_code"}constantget_safe_config(config: dict) -> dictpublic helper that strips blocked keys and logs a warning for each one removed; handlesNone/non-dict inputs gracefullyself.overriding_architecture_config = get_safe_config(...)espnet2/bin/asr_inference.pyget_safe_configfrom the decoder moduledecoder.overriding_architecture_configwithget_safe_config()at bothAutoModelForCausalLM.from_pretrainedandAutoModelForSeq2SeqLM.from_pretrainedcallsites (defense-in-depth)