From 46a4345d4b14e7e532d010c61ac0f4d2e4866e5c Mon Sep 17 00:00:00 2001 From: Leon Derczynski Date: Mon, 11 Nov 2024 15:12:52 +0100 Subject: [PATCH] strengthen protections around trust_remote_code --- garak/buffs/paraphrase.py | 4 +++- garak/generators/huggingface.py | 6 +----- garak/resources/api/huggingface.py | 8 +++++++- 3 files changed, 11 insertions(+), 7 deletions(-) diff --git a/garak/buffs/paraphrase.py b/garak/buffs/paraphrase.py index 42d1a8a62..663febec5 100644 --- a/garak/buffs/paraphrase.py +++ b/garak/buffs/paraphrase.py @@ -39,7 +39,9 @@ def _load_model(self): self.para_model = PegasusForConditionalGeneration.from_pretrained( self.para_model_name ).to(self.device) - self.tokenizer = PegasusTokenizer.from_pretrained(self.para_model_name) + self.tokenizer = PegasusTokenizer.from_pretrained( + self.para_model_name, trust_remote_code=False + ) def _get_response(self, input_text): if self.para_model is None: diff --git a/garak/generators/huggingface.py b/garak/generators/huggingface.py index 81c7742b4..b589fc3ac 100644 --- a/garak/generators/huggingface.py +++ b/garak/generators/huggingface.py @@ -436,15 +436,11 @@ def _load_client(self): if _config.run.seed is not None: transformers.set_seed(_config.run.seed) - trust_remote_code = self.name.startswith("mosaicml/mpt-") - model_kwargs = self._gather_hf_params( hf_constructor=transformers.AutoConfig.from_pretrained ) # will defer to device_map if device map was `auto` may not match self.device - self.config = transformers.AutoConfig.from_pretrained( - self.name, trust_remote_code=trust_remote_code, **model_kwargs - ) + self.config = transformers.AutoConfig.from_pretrained(self.name, **model_kwargs) self._set_hf_context_len(self.config) self.config.init_device = self.device # determined by Pipeline `__init__`` diff --git a/garak/resources/api/huggingface.py b/garak/resources/api/huggingface.py index 6af14a834..67802c217 100644 --- a/garak/resources/api/huggingface.py +++ b/garak/resources/api/huggingface.py @@ -9,7 +9,6 @@ class HFCompatible: - """Mixin class providing private utility methods for using Huggingface transformers within garak""" @@ -79,6 +78,13 @@ def _gather_hf_params(self, hf_constructor: Callable): del args["device"] args["device_map"] = self.device + # trust_remote_code reset to default disabled unless unlocked in garak HF item config + if ( + "trust_remote_code" in params_to_process + and "trust_remote_code" not in params + ): + args["trust_remote_code"] = False + return args def _select_hf_device(self):