Skip to content

Extract get_safe_config helper and apply to all overriding_architecture_config callsites#6415

Draft
Copilot wants to merge 7 commits intomasterfrom
copilot/fix-issue-6414
Draft

Extract get_safe_config helper and apply to all overriding_architecture_config callsites#6415
Copilot wants to merge 7 commits intomasterfrom
copilot/fix-issue-6414

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented Apr 8, 2026

Summary

Closes the security concern raised in the issue: an attacker-controlled overriding_architecture_config (inline dict or JSON file) could inject {"trust_remote_code": true}, which would be splatted directly into AutoModelForCausalLM.from_pretrained() / AutoModelForSeq2SeqLM.from_pretrained(), enabling arbitrary remote code execution.

Previously the fix was an inline _BLOCKED_KEYS block inside HuggingFaceTransformersDecoder.__init__. This PR extracts that logic into a reusable get_safe_config() helper and applies it everywhere overriding_architecture_config reaches from_pretrained.

Changes

espnet2/asr/decoder/hugging_face_transformers_decoder.py

  • Removes inline _BLOCKED_KEYS / dict-comprehension logic from __init__
  • Adds module-level _BLOCKED_CONFIG_KEYS = {"trust_remote_code"} constant
  • Adds get_safe_config(config: dict) -> dict public helper that strips blocked keys and logs a warning for each one removed; handles None/non-dict inputs gracefully
  • Replaces the inline block with self.overriding_architecture_config = get_safe_config(...)

espnet2/bin/asr_inference.py

  • Imports get_safe_config from the decoder module
  • Wraps decoder.overriding_architecture_config with get_safe_config() at both AutoModelForCausalLM.from_pretrained and AutoModelForSeq2SeqLM.from_pretrained callsites (defense-in-depth)

Copilot AI and others added 7 commits April 8, 2026 11:15
… in HuggingFaceTransformersDecoder

Agent-Logs-Url: https://github.com/espnet/espnet/sessions/41994baa-ca08-4d74-b899-01054066330a

Co-authored-by: sw005320 <11741550+sw005320@users.noreply.github.com>
…-place deletion

Agent-Logs-Url: https://github.com/espnet/espnet/sessions/41994baa-ca08-4d74-b899-01054066330a

Co-authored-by: sw005320 <11741550+sw005320@users.noreply.github.com>
… defaulting to False

Agent-Logs-Url: https://github.com/espnet/espnet/sessions/621907ec-4d77-43f1-8967-3ed0ecb605a5

Co-authored-by: sw005320 <11741550+sw005320@users.noreply.github.com>
…re_config callsites

Agent-Logs-Url: https://github.com/espnet/espnet/sessions/aa30dc76-c700-4552-a229-d950dc70d982

Co-authored-by: sw005320 <11741550+sw005320@users.noreply.github.com>
@mergify
Copy link
Copy Markdown
Contributor

mergify Bot commented Apr 8, 2026

This pull request is now in conflict :(

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants