animetix-brain / tests /security /test_no_raw_trust_remote_code.py
MissawB's picture
Upload folder using huggingface_hub (part 2)
246a2d8 verified
Raw
History Blame Contribute Delete
1.85 kB
"""
Regression-guard: no literal `trust_remote_code=True` is allowed anywhere
under backend/adapters/, backend/pipeline/, or backend/scripts/.
`trust_remote_code=True` executes arbitrary Python from a HuggingFace repo
at load-time. Any use that must exist should be gated behind an explicit
allow-list env-var so it is off by default in CI and production.
If this test fails, remove the literal and use the project-approved
env-gated helper instead.
"""
import pathlib
import re
BACKEND_ROOT = pathlib.Path(__file__).parent.parent.parent / "backend"
SCAN_ROOTS = [
BACKEND_ROOT / "adapters",
BACKEND_ROOT / "pipeline",
BACKEND_ROOT / "scripts",
]
PATTERN = re.compile(r"trust_remote_code\s*=\s*True")
def _py_files(root: pathlib.Path):
return sorted(root.rglob("*.py"))
def test_no_literal_trust_remote_code():
"""
Scan every .py file under backend/adapters/, backend/pipeline/, and
backend/scripts/ and fail if any line contains the literal assignment
trust_remote_code=True (with optional whitespace around '=').
"""
missing = [str(r) for r in SCAN_ROOTS if not r.is_dir()]
assert not missing, f"Expected scan roots not found: {missing}"
violations: list[str] = []
for root in SCAN_ROOTS:
for py_file in _py_files(root):
for lineno, line in enumerate(
py_file.read_text(encoding="utf-8").splitlines(), start=1
):
if PATTERN.search(line):
rel = py_file.relative_to(BACKEND_ROOT.parent)
violations.append(f"{rel}:{lineno}: {line.rstrip()}")
assert not violations, (
"Forbidden literal trust_remote_code=True found in backend/.\n"
"Use resolve_trust_remote_code() from core.utils.model_registry instead.\n\n"
"Violations:\n" + "\n".join(violations)
)