>/iSrSSKrSSKrSSKJr SSKJr \R"S5\R"S5S55r g)a ================================================ B615: Test for unsafe Hugging Face Hub downloads ================================================ This plugin checks for unsafe downloads from Hugging Face Hub without proper integrity verification. Downloading models, datasets, or files without specifying a revision based on an immmutable revision (commit) can lead to supply chain attacks where malicious actors could replace model files and use an existing tag or branch name to serve malicious content. The secure approach is to: 1. Pin to specific revisions/commits when downloading models, files or datasets Common unsafe patterns: - ``AutoModel.from_pretrained("org/model-name")`` - ``AutoModel.from_pretrained("org/model-name", revision="main")`` - ``AutoModel.from_pretrained("org/model-name", revision="v1.0.0")`` - ``load_dataset("org/dataset-name")`` without revision - ``load_dataset("org/dataset-name", revision="main")`` - ``load_dataset("org/dataset-name", revision="v1.0")`` - ``AutoTokenizer.from_pretrained("org/model-name")`` - ``AutoTokenizer.from_pretrained("org/model-name", revision="main")`` - ``AutoTokenizer.from_pretrained("org/model-name", revision="v3.3.0")`` - ``hf_hub_download(repo_id="org/model_name", filename="file_name")`` - ``hf_hub_download(repo_id="org/model_name", filename="file_name", revision="main" )`` - ``hf_hub_download(repo_id="org/model_name", filename="file_name", revision="v2.0.0" )`` - ``snapshot_download(repo_id="org/model_name")`` - ``snapshot_download(repo_id="org/model_name", revision="main")`` - ``snapshot_download(repo_id="org/model_name", revision="refs/pr/1")`` :Example: .. code-block:: none >> Issue: Unsafe Hugging Face Hub download without revision pinning Severity: Medium Confidence: High CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html) Location: examples/huggingface_unsafe_download.py:8 7 # Unsafe: no revision specified 8 model = AutoModel.from_pretrained("org/model_name") 9 .. seealso:: - https://cwe.mitre.org/data/definitions/494.html - https://huggingface.co/docs/huggingface_hub/en/guides/download .. versionadded:: 1.8.6 N)issue)test_propertiesCallB615c r^^ /SQn[U4SjU55nU(dgTRn[U[5(dgS/S/S/S/S/S.nUR S5m T S nXT;agXEn[U 4S jU55(dgTR S 5nTR S 5nU=(d Un U bX[U [5(aC[U 5R S 5n [SU 55n [U 5S:aU (agTRS5n U (a,[U [5(aU RS5(ag[R"[R[RSUS3[R R"TR%U5S9$)zx This plugin checks for unsafe artifact download from Hugging Face Hub without immutable/reproducible revision pinning. ) transformersdatasetshuggingface_hubc3F># UHnTRU5v M g7fN)is_module_imported_like).0modulecontexts d/home/james-whalen/.local/lib/python3.13/site-packages/bandit/plugins/huggingface_unsafe_download.py .huggingface_unsafe_download..Ts">HF''//js!Nrr r )from_pretrained load_datasethf_hub_downloadsnapshot_download repository_id.c3,># UH oT;v M g7fr )rrqualname_partss rrrqsG6FF'6Fsrevision commit_idz"'c3F# UHo[R;v M g7fr )string hexdigits)rcs rrrsE 1f... s!r)z.//z../z=Unsafe Hugging Face Hub download without revision pinning in z())severity confidencetextcwelineno)anycall_function_name_qual isinstancestrsplitget_call_arg_valuestripalllenget_call_arg_at_position startswithbanditIssueMEDIUMHIGHrCwe(DOWNLOAD_OF_CODE_WITHOUT_INTEGRITY_CHECKget_lineno_for_call_arg)r hf_modules hf_importedqualnameunsafe_patterns func_namerequired_modulesrevision_valuecommit_id_valuerevision_to_check revision_stris_hex first_argrs` @rhuggingface_unsafe_downloadrIEsJ>HK ..H h $ $++# -./0+, O^^C(Nr"I'&1 G6FG G G// ;N00=O'9/$ ' - -0177>LE EEF< A%&003IZ 3//    2 3 3  <<;;B  II > >..y9  ) __doc__r!r6 bandit.corerrtestcheckstest_idrIrrJrrPsI;x /VfRRrJ