Update clang-format linux hash and yaml import calls (#53932)
Summary:
Fixing Bandit security issues.
- yaml_load: Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
Test ID: B506
Severity: MEDIUM
Confidence: HIGH
File: ./caffe2/contrib/aten/gen_op.py
More info: https://bandit.readthedocs.io/en/latest/plugins/b506_yaml_load.html
235 if __name__ == '__main__':
236 decls = yaml.load(read(os.path.join(args.yaml_dir, 'Declarations.yaml')), Loader=Loader)
237 factory_methods = find_factory_methods(decls)
- Blacklist: Use of insecure MD2 (https://github.com/pytorch/pytorch/commit/6149a26adb9bcbee2965ea6cc2d1d47fe0569c95), MD4 (https://github.com/pytorch/pytorch/commit/fc7f0269808581499571c5db8af87311c943cd4e), MD5 (https://github.com/pytorch/pytorch/commit/7ea9d9af4e82d20c7c6cee5edd3c52f9bcb42821), or SHA1 hash function.
Test ID: B303
Severity: MEDIUM
Confidence: HIGH
File: ./tools/clang_format_utils.py
More info: https://bandit.readthedocs.io/en/latest/blacklists/blacklist_calls.html#b303-md5
36
37 hash = hashlib.sha1()
38
Pull Request resolved: https://github.com/pytorch/pytorch/pull/53932
Reviewed By: jbschlosser
Differential Revision: D27072017
Pulled By: malfet
fbshipit-source-id: 2fef0119388797aee3cacdc880fc345bd2ba68ce
