You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@submarine.apache.org by "cdmikechen (via GitHub)" <gi...@apache.org> on 2023/03/05 09:46:10 UTC
[GitHub] [submarine] cdmikechen opened a new pull request, #1054: SUBMARINE-1371. fix unsafe deserialization via SnakeYaml in YamlEntityProvider
cdmikechen opened a new pull request, #1054:
URL: https://github.com/apache/submarine/pull/1054
### What is this PR for?
Use SnakeYaml's SafeConstructor to replace default Yaml no arguments constructor to void unsafe deserialization.
Link url: https://nvd.nist.gov/vuln/detail/CVE-2022-1471
### What type of PR is it?
Bug Fix
### Todos
* [x] - Add SafeConstructor
### What is the Jira issue?
https://issues.apache.org/jira/browse/SUBMARINE-1371
### How should this be tested?
NA
### Screenshots (if appropriate)
### Questions:
* Do the license files need updating? Yes
* Are there breaking changes for older versions? No
* Does this need new documentation? No
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@submarine.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [submarine] codecov[bot] commented on pull request #1054: SUBMARINE-1371. fix unsafe deserialization via SnakeYaml in YamlEntityProvider
Posted by "codecov[bot] (via GitHub)" <gi...@apache.org>.
codecov[bot] commented on PR #1054:
URL: https://github.com/apache/submarine/pull/1054#issuecomment-1455041018
# [Codecov](https://codecov.io/gh/apache/submarine/pull/1054?src=pr&el=h1&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) Report
> Merging [#1054](https://codecov.io/gh/apache/submarine/pull/1054?src=pr&el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) (615e768) into [master](https://codecov.io/gh/apache/submarine/commit/8360aec09b8640dc55d22a913cf7f8280f93b180?el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) (8360aec) will **decrease** coverage by `23.50%`.
> The diff coverage is `n/a`.
```diff
@@ Coverage Diff @@
## master #1054 +/- ##
===========================================
- Coverage 75.98% 52.48% -23.51%
===========================================
Files 119 119
Lines 5000 5000
===========================================
- Hits 3799 2624 -1175
- Misses 1201 2376 +1175
```
| Flag | Coverage Δ | |
|---|---|---|
| python-integration | `?` | |
| python-unit | `52.48% <ø> (ø)` | |
Flags with carried forward coverage won't be shown. [Click here](https://docs.codecov.io/docs/carryforward-flags?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#carryforward-flags-in-the-pull-request-comment) to find out more.
| [Impacted Files](https://codecov.io/gh/apache/submarine/pull/1054?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) | Coverage Δ | |
|---|---|---|
| [...ine-sdk/pysubmarine/submarine/models/tensorflow.py](https://codecov.io/gh/apache/submarine/pull/1054?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c3VibWFyaW5lLXNkay9weXN1Ym1hcmluZS9zdWJtYXJpbmUvbW9kZWxzL3RlbnNvcmZsb3cucHk=) | `0.00% <0.00%> (-100.00%)` | :arrow_down: |
| [...submarine/store/model\_registry/sqlalchemy\_store.py](https://codecov.io/gh/apache/submarine/pull/1054?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c3VibWFyaW5lLXNkay9weXN1Ym1hcmluZS9zdWJtYXJpbmUvc3RvcmUvbW9kZWxfcmVnaXN0cnkvc3FsYWxjaGVteV9zdG9yZS5weQ==) | `21.57% <0.00%> (-75.52%)` | :arrow_down: |
| [...k/pysubmarine/submarine/client/api/notebook\_api.py](https://codecov.io/gh/apache/submarine/pull/1054?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c3VibWFyaW5lLXNkay9weXN1Ym1hcmluZS9zdWJtYXJpbmUvY2xpZW50L2FwaS9ub3RlYm9va19hcGkucHk=) | `12.97% <0.00%> (-66.42%)` | :arrow_down: |
| [...ysubmarine/submarine/client/api/environment\_api.py](https://codecov.io/gh/apache/submarine/pull/1054?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c3VibWFyaW5lLXNkay9weXN1Ym1hcmluZS9zdWJtYXJpbmUvY2xpZW50L2FwaS9lbnZpcm9ubWVudF9hcGkucHk=) | `12.31% <0.00%> (-62.32%)` | :arrow_down: |
| [...arine-sdk/pysubmarine/submarine/tracking/client.py](https://codecov.io/gh/apache/submarine/pull/1054?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c3VibWFyaW5lLXNkay9weXN1Ym1hcmluZS9zdWJtYXJpbmUvdHJhY2tpbmcvY2xpZW50LnB5) | `27.27% <0.00%> (-56.82%)` | :arrow_down: |
| [...-sdk/pysubmarine/submarine/cli/notebook/command.py](https://codecov.io/gh/apache/submarine/pull/1054?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c3VibWFyaW5lLXNkay9weXN1Ym1hcmluZS9zdWJtYXJpbmUvY2xpL25vdGVib29rL2NvbW1hbmQucHk=) | `26.19% <0.00%> (-53.58%)` | :arrow_down: |
| [...k/pysubmarine/submarine/cli/environment/command.py](https://codecov.io/gh/apache/submarine/pull/1054?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c3VibWFyaW5lLXNkay9weXN1Ym1hcmluZS9zdWJtYXJpbmUvY2xpL2Vudmlyb25tZW50L2NvbW1hbmQucHk=) | `26.19% <0.00%> (-53.58%)` | :arrow_down: |
| [...dk/pysubmarine/submarine/cli/experiment/command.py](https://codecov.io/gh/apache/submarine/pull/1054?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c3VibWFyaW5lLXNkay9weXN1Ym1hcmluZS9zdWJtYXJpbmUvY2xpL2V4cGVyaW1lbnQvY29tbWFuZC5weQ==) | `25.55% <0.00%> (-52.23%)` | :arrow_down: |
| [...ine-sdk/pysubmarine/submarine/client/api\_client.py](https://codecov.io/gh/apache/submarine/pull/1054?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c3VibWFyaW5lLXNkay9weXN1Ym1hcmluZS9zdWJtYXJpbmUvY2xpZW50L2FwaV9jbGllbnQucHk=) | `20.14% <0.00%> (-42.41%)` | :arrow_down: |
| [...pysubmarine/submarine/client/api/experiment\_api.py](https://codecov.io/gh/apache/submarine/pull/1054?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c3VibWFyaW5lLXNkay9weXN1Ym1hcmluZS9zdWJtYXJpbmUvY2xpZW50L2FwaS9leHBlcmltZW50X2FwaS5weQ==) | `10.34% <0.00%> (-41.38%)` | :arrow_down: |
| ... and [23 more](https://codecov.io/gh/apache/submarine/pull/1054?src=pr&el=tree-more&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) | |
:mega: We’re building smart automated test selection to slash your CI/CD build times. [Learn more](https://about.codecov.io/iterative-testing/?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@submarine.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [submarine] asfgit closed pull request #1054: SUBMARINE-1371. fix unsafe deserialization via SnakeYaml in YamlEntityProvider
Posted by "asfgit (via GitHub)" <gi...@apache.org>.
asfgit closed pull request #1054: SUBMARINE-1371. fix unsafe deserialization via SnakeYaml in YamlEntityProvider
URL: https://github.com/apache/submarine/pull/1054
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@submarine.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org