InvokeAI

mirror of https://github.com/invoke-ai/InvokeAI synced 2024-08-30 20:32:17 +00:00

History

jeremy e0e01f6c50 Reduced Pickle ACE attack surface Prior to this commit, all models would be loaded with the extremely unsafe `torch.load` method, except those with the exact extension `.safetensors`. Even a change in casing (eg. `saFetensors`, `Safetensors`, etc) would cause the file to be loaded with torch.load instead of the much safer `safetensors.toch.load_file`. If a malicious actor renamed an infected `.ckpt` to something like `.SafeTensors` or `.SAFETENSORS` an unsuspecting user would think they are loading a safe .safetensor, but would in fact be parsing an unsafe pickle file, and executing an attacker's payload. This commit fixes this vulnerability by reversing the loading-method decision logic to only use the unsafe `torch.load` when the file extension is exactly `.ckpt`.		2023-03-13 16:16:30 -04:00
..
app	[nodes] Fixes calls into image to image and inpaint from nodes	2023-03-12 22:12:42 -07:00
assets	Various fixes	2023-01-30 18:42:17 -05:00
backend	Reduced Pickle ACE attack surface	2023-03-13 16:16:30 -04:00
configs	support both epsilon and v-prediction v2 inference	2023-03-05 22:51:40 -05:00
frontend	Merge branch 'main' into pr/2904	2023-03-14 03:14:35 +13:00
version	fix issue with invokeai.version	2023-03-03 01:34:38 -05:00
__init__.py	Various fixes	2023-01-30 18:42:17 -05:00
README	CODEOWNERS coarse draft	2023-03-03 14:36:43 -05:00

README

Organization of the source tree:

app -- Home of nodes invocations and services
assets -- Images and other data files used by InvokeAI
backend -- Non-user facing libraries, including the rendering
	core.
configs -- Configuration files used at install and run times
frontend -- User-facing scripts, including the CLI and the WebUI
version -- Current InvokeAI version string, stored
	in version/invokeai_version.py