jeremy e0e01f6c50 Reduced Pickle ACE attack surface ...

Prior to this commit, all models would be loaded with the extremely unsafe `torch.load` method, except those with the exact extension `.safetensors`. Even a change in casing (eg. `saFetensors`, `Safetensors`, etc) would cause the file to be loaded with torch.load instead of the much safer `safetensors.toch.load_file`.
If a malicious actor renamed an infected `.ckpt` to something like `.SafeTensors` or `.SAFETENSORS` an unsuspecting user would think they are loading a safe .safetensor, but would in fact be parsing an unsafe pickle file, and executing an attacker's payload. This commit fixes this vulnerability by reversing the loading-method decision logic to only use the unsafe `torch.load` when the file extension is exactly `.ckpt`.

2023-03-13 16:16:30 -04:00

..

config

during migration do not overwrite symlinks

2023-03-05 08:40:12 -05:00

generator

Removed seed from get_make_image.

2023-03-13 08:15:46 -05:00

image_util

all vestiges of ldm.invoke removed

2023-03-03 01:02:00 -05:00

model_management

Reduced Pickle ACE attack surface

2023-03-13 16:16:30 -04:00

prompting

backend..conditioning: remove code for legacy model

2023-03-09 18:15:12 -08:00

restoration

remove legacy ldm code

2023-03-04 18:16:59 -08:00

stable_diffusion

Fix bug #2931

2023-03-13 08:11:09 -05:00

training

migrate to new HF diffusers cache location

2023-03-05 08:20:24 -05:00

util

all vestiges of ldm.invoke removed

2023-03-03 01:02:00 -05:00

web

backend..conditioning: remove code for legacy model

2023-03-09 18:15:12 -08:00

__init__.py

restore NSFW checker

2023-03-11 16:16:44 -05:00

args.py

all vestiges of ldm.invoke removed

2023-03-03 01:02:00 -05:00

generate.py

add restoration services to nodes

2023-03-11 17:00:00 -05:00

globals.py

Unified spelling of Hugging Face

2023-03-05 07:30:35 -06:00

safety_checker.py

restore NSFW checker

2023-03-11 16:16:44 -05:00