jeremy e0e01f6c50 Reduced Pickle ACE attack surface ... Prior to this commit, all models would be loaded with the extremely unsafe `torch.load` method, except those with the exact extension `.safetensors`. Even a change in casing (eg. `saFetensors`, `Safetensors`, etc) would cause the file to be loaded with torch.load instead of the much safer `safetensors.toch.load_file`. If a malicious actor renamed an infected `.ckpt` to something like `.SafeTensors` or `.SAFETENSORS` an unsuspecting user would think they are loading a safe .safetensor, but would in fact be parsing an unsafe pickle file, and executing an attacker's payload. This commit fixes this vulnerability by reversing the loading-method decision logic to only use the unsafe `torch.load` when the file extension is exactly `.ckpt`.		2023-03-13 16:16:30 -04:00
..
config	during migration do not overwrite symlinks	2023-03-05 08:40:12 -05:00
generator	Removed seed from get_make_image.	2023-03-13 08:15:46 -05:00
image_util	all vestiges of ldm.invoke removed	2023-03-03 01:02:00 -05:00
model_management	Reduced Pickle ACE attack surface	2023-03-13 16:16:30 -04:00
prompting	backend..conditioning: remove code for legacy model	2023-03-09 18:15:12 -08:00
restoration	remove legacy ldm code	2023-03-04 18:16:59 -08:00
stable_diffusion	Fix bug #2931	2023-03-13 08:11:09 -05:00
training	migrate to new HF diffusers cache location	2023-03-05 08:20:24 -05:00
util	all vestiges of ldm.invoke removed	2023-03-03 01:02:00 -05:00
web	backend..conditioning: remove code for legacy model	2023-03-09 18:15:12 -08:00
__init__.py	restore NSFW checker	2023-03-11 16:16:44 -05:00
args.py	all vestiges of ldm.invoke removed	2023-03-03 01:02:00 -05:00
generate.py	add restoration services to nodes	2023-03-11 17:00:00 -05:00
globals.py	Unified spelling of Hugging Face	2023-03-05 07:30:35 -06:00
safety_checker.py	restore NSFW checker	2023-03-11 16:16:44 -05:00