From 39db6a963a7eed09bc6f82eee5821cc799984c3d Mon Sep 17 00:00:00 2001 From: d3m0n-r00t Date: Wed, 27 Jan 2021 12:44:10 +0530 Subject: [PATCH 1/2] possible fix for rce in eval() --- tensorlayer/files/utils.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tensorlayer/files/utils.py b/tensorlayer/files/utils.py index ff3c84cb9..38f6568d7 100644 --- a/tensorlayer/files/utils.py +++ b/tensorlayer/files/utils.py @@ -10,7 +10,7 @@ import pickle import re import shutil -# import ast +import ast import sys import tarfile import time @@ -231,7 +231,7 @@ def eval_layer(layer_kwargs): layer_type = args.pop('layer_type') if layer_type == "normal": generate_func(args) - return eval('tl.layers.' + layer_class)(**args) + return ast.literal_eval('tl.layers.' + layer_class)(**args) elif layer_type == "layerlist": ret_layer = [] layers = args["layers"] From 0707e187d51bbba2999b15985c6be1c73e88acf8 Mon Sep 17 00:00:00 2001 From: d3m0n-r00t Date: Wed, 27 Jan 2021 12:45:17 +0530 Subject: [PATCH 2/2] possible fix for rce in eval() --- tensorlayer/files/utils.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tensorlayer/files/utils.py b/tensorlayer/files/utils.py index 38f6568d7..c035618c9 100644 --- a/tensorlayer/files/utils.py +++ b/tensorlayer/files/utils.py @@ -238,18 +238,18 @@ def eval_layer(layer_kwargs): for layer_graph in layers: ret_layer.append(eval_layer(layer_graph)) args['layers'] = ret_layer - return eval('tl.layers.' + layer_class)(**args) + return ast.literal_eval('tl.layers.' + layer_class)(**args) elif layer_type == "modellayer": M = static_graph2net(args['model']) args['model'] = M - return eval('tl.layers.' + layer_class)(**args) + return ast.literal_eval('tl.layers.' + layer_class)(**args) elif layer_type == "keraslayer": M = load_keras_model(args['fn']) input_shape = args.pop('keras_input_shape') _ = M(np.random.random(input_shape).astype(np.float32)) args['fn'] = M args['fn_weights'] = M.trainable_variables - return eval('tl.layers.' + layer_class)(**args) + return ast.literal_eval('tl.layers.' + layer_class)(**args) else: raise RuntimeError("Unknown layer type.")