Skip to content

[WIP] Harden _is_target_allowed by adding runtime class validation on top of prefix checks to prevent unsafe target resolution #14540

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

[WIP] Harden _is_target_allowed by adding runtime class validation on top of prefix checks to prevent unsafe target resolution #14540

wants to merge 5 commits into from

Conversation

KunalDhawan
Copy link
Collaborator

Important

The Update branch button must only be pressed in very rare occassions.
An outdated branch is never blocking the merge of a PR.
Please reach out to the automation team before pressing that button.

What does this PR do ?

Previously, _is_target_allowed only checked whether the _target_ string in a config started with an allowed prefix (e.g., torch.nn). This was insufficient, since Python allows nested/indirect module resolution (e.g., torch.nn.utils.rnn.torch.os.system), which could be abused to execute arbitrary code at model load time.

In the updated implementation, we:

  • Resolve the target at runtime using hydra.utils.get_class
  • Validate the resolved object to ensure it is a class (not a function)
  • Require the class to inherit from known safe bases (torch.nn.Module or nemo.core.ModelPT)
  • Reject any target that fails these checks

Collection: core

Changelog

  • _is_target_allowed function in nemo/core/classes/common.py has been updated

GitHub Actions CI

The Jenkins CI system has been replaced by GitHub Actions self-hosted runners.

The GitHub Actions CI will run automatically when the "Run CICD" label is added to the PR.
To re-run CI remove and add the label again.
To run CI on an untrusted fork, a NeMo user with write access must first click "Approve and run".

Before your PR is "Ready for review"

Pre checks:

  • Make sure you read and followed Contributor guidelines
  • Did you write any new necessary tests?
  • Did you add or update any necessary documentation?
  • Does the PR affect components that are optional to install? (Ex: Numba, Pynini, Apex etc)
    • Reviewer: Does the PR have correct import guards for all optional libraries?

PR Type:

  • New Feature
  • Bugfix
  • Documentation

If you haven't finished some of the above items you can still open "Draft" PR.

Who can review?

Anyone in the community is free to review the PR once the checks have passed.
Contributor guidelines contains specific people who can review PRs to various areas.

Additional Information

  • Related to # (issue)

@KunalDhawan
Harden _is_target_allowed by adding runtime class validation on top o…
c2f061d 
…f prefix checks to prevent unsafe target resolution

Signed-off-by: Kunal Dhawan <[email protected]>
@github-actions github-actions bot added the core Changes to NeMo Core label Aug 20, 2025
@KunalDhawan
Fix circular import in _is_target_allowed by importing ModelPT direct…
07ad6a7 
…ly from nemo.core.classes.modelPT

Signed-off-by: Kunal Dhawan <[email protected]>
@ko3n1g ko3n1g added Run CICD and removed Run CICD labels Aug 20, 2025
@ko3n1g ko3n1g added Run CICD and removed Run CICD labels Aug 20, 2025
github-advanced-security[bot]
github-advanced-security bot found potential problems Aug 20, 2025
View reviewed changes
@ko3n1g ko3n1g added Run CICD and removed Run CICD labels Aug 20, 2025
@ko3n1g ko3n1g added Run CICD and removed Run CICD labels Aug 20, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nithinraok nithinraok Awaiting requested review from nithinraok

@jbalam-nv jbalam-nv Awaiting requested review from jbalam-nv

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
core Changes to NeMo Core Run CICD
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@KunalDhawan @ko3n1g