Skip to content

Address security issue of loading arbitrary files as external data#26776

Merged
yuslepukhin merged 2 commits into
mainfrom
yuslepukhin/external_path_validation
Dec 15, 2025
Merged

Address security issue of loading arbitrary files as external data#26776
yuslepukhin merged 2 commits into
mainfrom
yuslepukhin/external_path_validation

Address review comments

2f69c6d
Select commit
Loading
Failed to load commit list.
GitHub Advanced Security / CodeQL completed Dec 12, 2025 in 2s

1 configuration not found

Warning: Code scanning may not have found all the alerts introduced by this pull request, because 1 configuration present on refs/heads/main was not found:

API upload

  • ❓  <default>

New alerts in code changed by this pull request

  • 1 note

See annotations below for details.

View all branch alerts.

Annotations

Check notice on line 1 in onnxruntime/test/testdata/test_arbitrary_external_file.py

See this annotation in the file changed.

Code scanning / CodeQL

Module is imported with 'import' and 'import from' Note test

Module 'onnx' is imported with both 'import' and 'import from'.
Module 'onnxruntime.test.onnx' is imported with both 'import' and 'import from'.