Spaces:

onnx-community
/

convert-to-onnx

Running

App Files Files Community

Remove env variables subprocess call

by pdufour - opened Oct 16

base: refs/heads/main

←

from: refs/pr/4

Discussion Files changed

+38

-12

pdufour

Oct 16

•

edited Oct 16

Given that the parent process includes variables like HF_TOKEN, it's safer to not pass in any env variables to the subprocess because there is always the chance that the script could get maliciously modified for instance to extract HF tokens.

Test plan
I tested these changes in my private space and converted a model and saw that it was correctly created.

Remove env variables subprocess callb84549b7

Update app.pyb46b2077

Felladrin

ONNX Community org 6 days ago

Nice catch!

I've updated the app.py to contain the changes from the previous PR. I don't see a rebase on main or merge main option for this PR-branch. So I hope that merging it will just work. Let's see!

Felladrin changed pull request status to merged 6 days ago

Upload images, audio, and videos by dragging in the text input, pasting, or clicking here.

Tap or paste here to upload images

· Sign up or log in to comment