Skip to content

fix: Add input validation to model load #404

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 10 commits into
base: main
Choose a base branch
from
Open

fix: Add input validation to model load #404

wants to merge 10 commits into from

Conversation

mattwittwer
Copy link

@mattwittwer mattwittwer commented Jun 30, 2025
edited
Loading

What does the PR do?

Simplify the model load command by invoking the python backend stub without shell interpretation. Additionally add checks for invalid characters in provided model names

Checklist

  • PR title reflects the change and is of format <commit_type>: <Title>
  • Changes are described in the pull request.
  • Related issues are referenced.
  • Populated github labels field
  • Added test plan and verified test passes.
  • Verified that the PR passes existing CI.
  • Verified copyright is correct on all changed files.
  • Added succinct git squash message before merging ref.
  • All template sections are filled out.
  • Optional: Additional screenshots for behavior/output changes with before/after.

Commit Type:

Check the conventional commit type
box here and add the label to the github PR.

  • build
  • ci
  • docs
  • feat
  • fix
  • perf
  • refactor
  • revert
  • style
  • test

Related PRs:

Tests for these changes have been added here: triton-inference-server/server#8276

Where should the reviewer start?

The majority of the changes are in the src/stub_launcher.cc
Review the updated flow for building the model load command.

Test plan:

Added testing to: triton-inference-server/server#8276

  • CI Pipeline ID:

31707450

Caveats:

Background

Related Issues: (use one of the action keywords Closes / Fixes / Resolves / Relates to)

  • closes GitHub issue: #xxx

@mattwittwer mattwittwer added the PR: fix A bug fix label Jun 30, 2025
@mattwittwer mattwittwer self-assigned this Jun 30, 2025
@mattwittwer mattwittwer added bug Something isn't working and removed PR: fix A bug fix labels Jul 1, 2025
@mattwittwer mattwittwer mentioned this pull request Jul 16, 2025
Open
20 tasks
@mattwittwer mattwittwer changed the title draft: add input validation to model load fix: add input validation to model load Jul 16, 2025
@mattwittwer mattwittwer changed the title fix: add input validation to model load fix: Add input validation to model load Jul 16, 2025
@mattwittwer mattwittwer requested review from yinggeh and pskiran1 July 16, 2025 18:50
yinggeh
yinggeh reviewed Jul 18, 2025
View reviewed changes
@mattwittwer mattwittwer requested a review from yinggeh July 21, 2025 17:32
@statiraju statiraju requested a review from kthui August 11, 2025 18:06
@kthui kthui requested a review from Copilot August 12, 2025 03:37
Copilot
Copilot AI reviewed Aug 12, 2025
View reviewed changes
Copy link

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR improves the security and reliability of the Python backend stub launcher by replacing shell-based command execution with direct process execution and adding input validation. The changes eliminate shell injection vulnerabilities and add safeguards against malicious input.

  • Replaces bash -c shell execution with direct execv/execve calls
  • Adds input validation for model names and shared memory region names
  • Implements custom environment handling for Python virtual environments

Reviewed Changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 6 comments.

File Description
src/stub_launcher.cc Refactored stub process launching to use direct execution instead of shell commands, added input validation
src/pb_utils.h Added utility function declarations for input validation and environment handling
src/pb_utils.cc Implemented input validation and environment parsing utilities

kthui
kthui approved these changes Aug 12, 2025
View reviewed changes
Copy link
Contributor

@kthui kthui left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice work preventing injection into stub launch command!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

@kthui kthui kthui approved these changes

@yinggeh yinggeh yinggeh approved these changes

@pskiran1 pskiran1 Awaiting requested review from pskiran1

Assignees

@mattwittwer mattwittwer

Labels
bug Something isn't working
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mattwittwer @kthui @yinggeh