E2E FPS benchmark tests #203
Open
Annotations
6 errors and 1 warning
|
Add PR Annotations for Semgrep Findings:
modelconverter/utils/subprocess.py#L175
the `encoding` argument to Popen is only available on Python 3.6+
|
|
Add PR Annotations for Semgrep Findings:
modelconverter/utils/subprocess.py#L175
the `errors` argument to Popen is only available on Python 3.6+
|
|
Add PR Annotations for Semgrep Findings:
modelconverter/utils/docker_utils.py#L264
Detected a dynamic value being used with urllib. urllib supports 'file://' schemes, so a dynamic value controlled by a malicious actor may allow them to read arbitrary files. Audit uses of urllib calls to ensure user data cannot control the URLs, or consider using the 'requests' library instead.
|
|
Add PR Annotations for Semgrep Findings:
modelconverter/packages/multistage_exporter.py#L116
Detected the use of exec(). exec() can be dangerous if used to evaluate dynamic content. If this content can be input from outside the program, this may be a code injection vulnerability. Ensure evaluated content is not definable by external sources.
|
|
Add PR Annotations for Semgrep Findings:
.github/workflows/bom-test.yaml#L40
Using variable interpolation `${{...}}` with `github` context data in a `run:` step could allow an attacker to inject their own code into the runner. This would allow them to steal secrets and code. `github` context data can have arbitrary user input and should be treated as untrusted. Instead, use an intermediate environment variable with `env:` to store the data and use the environment variable in the `run:` script. Be sure to use double-quotes the environment variable, like this: "$ENVVAR".
|
|
Add PR Annotations for Semgrep Findings:
.github/workflows/bom-test.yaml#L32
Using variable interpolation `${{...}}` with `github` context data in a `run:` step could allow an attacker to inject their own code into the runner. This would allow them to steal secrets and code. `github` context data can have arbitrary user input and should be treated as untrusted. Instead, use an intermediate environment variable with `env:` to store the data and use the environment variable in the `run:` script. Be sure to use double-quotes the environment variable, like this: "$ENVVAR".
|
|
Complete job
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: actions/checkout@v4. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
|
Loading