Medium
Showing all detectors for the Python language with medium severity.
Allocated resources are not released properly.
Detects if Softmax is explicitly computed.
Using the spawn
or forkserver
start method without importing the main module might lead to unexpected behavior (for example, it might cause a RuntimeError
).
Public method parameters should be validated for nullness, unexpected values, and malicious values.
An integer overflow might might cause security issues when it is used for resource management or execution control.
Not setting seeds for the random number generators in Pytorch can lead to reproducibility issues.
Improper multiprocessing API usage with wrong parameters might lead to deadlocks.
Improper filtering of Amazon Machine Images (AMIs) can result in loading an untrusted image, a potential security vulnerability.
Notebook has uninitialized variable usage given the execution order
The computation of the bceloss using sigmoid values as inputs can be replaced by a single BCEWithLogitsLoss which is numerically more stable.
Using DataLoader with num_workers
greater than 0
can cause increased memory consumption over time when iterating over native Python objects such as list
or dict
.
Checks if Softmax
is used with NLLLoss
function.
Zero out the gradients before doing a backward pass
Sequence modification while iterating over it might cause unexpected bugs.
A variable is re-defined in multiple cells with different types.
APIs with nondeterministic algorithm are used
Non-deterministic ops might return different outputs when run with the same inputs.
Improper input validation can enable attacks and lead to unwanted behavior.
Missing pagination on a paginated call can lead to inaccurate results.
When you process and remove an item from the JoinableQueue
without calling JoinableQueue.task_done()
, a semaphore overflow exception might be thrown.
Insecure ways of creating temporary files and directories can lead to race conditions, privilege escalation, and other security vulnerabilities.
Not setting the connection timeout parameter can cause a blocking socket connection.
Failure to end a child process that doesn't terminate before its timeout expires can result in leaked resources.
Checks if gradient calculation is disabled during evaluation.
The Debug feature should not be enabled or overridden.
Detects if nondeterministic tensorflow APIs are used.
Checks if eval() is called before validating or testing a model.
Obsolete, broken, or weak hashing algorithms can lead to security vulnerabilities.
Encryption that is dependent on conditional logic, such as an if...then
clause, might cause unencrypted sensitive data to be stored.
Detects if Softmax is used with CrossEntropyLoss.
Hardcoding an IP address can cause security problems.
Cross-Origin Resource Sharing policies that are too permissive may lead to security vulnerabilities.
Detects if a random seed is set before random number generation.
Passing a parent process object in a child process can prevent its garbage collection.
Response metadata was not checked to verify that it is not None
.
Creating PyTorch tensors on the CPU and then moving them to the device is inefficient.
Passing an unsanitized user argument to a function call makes your code insecure.
Inefficient regular expression patterns can lead to catastrophic backtracking.