From 8cdfc71cbde799be2a64564091ad7fb53025c277 Mon Sep 17 00:00:00 2001 From: HaTiWinter Date: Thu, 13 Jun 2024 01:44:15 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BD=BF=E7=94=A8=E6=9B=B4=E5=AE=89=E5=85=A8?= =?UTF-8?q?=E7=9A=84=E9=80=BB=E8=BE=91=E5=88=A4=E6=96=AD=E4=BB=A3=E6=9B=BF?= =?UTF-8?q?eval()?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 直接使用eval()函数执行用户输入或命令行参数是非常不安全的,因为它可以执行任意代码,可能导致安全漏洞,如代码注入攻击。 参数只会是"True"或"False",可以使用更安全的逻辑判断代替eval()。 --- GPT_SoVITS/inference_webui.py | 3 +-- GPT_SoVITS/prepare_datasets/1-get-text.py | 2 +- GPT_SoVITS/prepare_datasets/2-get-hubert-wav32k.py | 2 +- GPT_SoVITS/prepare_datasets/3-get-semantic.py | 2 +- tools/subfix_webui.py | 2 +- tools/uvr5/webui.py | 4 ++-- 6 files changed, 7 insertions(+), 8 deletions(-) diff --git a/GPT_SoVITS/inference_webui.py b/GPT_SoVITS/inference_webui.py index 03440a39..db79d586 100644 --- a/GPT_SoVITS/inference_webui.py +++ b/GPT_SoVITS/inference_webui.py @@ -45,8 +45,7 @@ bert_path = os.environ.get( ) infer_ttswebui = os.environ.get("infer_ttswebui", 9872) infer_ttswebui = int(infer_ttswebui) -is_share = os.environ.get("is_share", "False") -is_share = eval(is_share) +is_share = os.environ.get("is_share", "False").lower() == "true" if "_CUDA_VISIBLE_DEVICES" in os.environ: os.environ["CUDA_VISIBLE_DEVICES"] = os.environ["_CUDA_VISIBLE_DEVICES"] is_half = eval(os.environ.get("is_half", "True")) and torch.cuda.is_available() diff --git a/GPT_SoVITS/prepare_datasets/1-get-text.py b/GPT_SoVITS/prepare_datasets/1-get-text.py index e01a63b9..6a266dd8 100644 --- a/GPT_SoVITS/prepare_datasets/1-get-text.py +++ b/GPT_SoVITS/prepare_datasets/1-get-text.py @@ -10,7 +10,7 @@ all_parts = os.environ.get("all_parts") os.environ["CUDA_VISIBLE_DEVICES"] = os.environ.get("_CUDA_VISIBLE_DEVICES") opt_dir = os.environ.get("opt_dir") bert_pretrained_dir = os.environ.get("bert_pretrained_dir") -is_half = eval(os.environ.get("is_half", "True")) +is_half = os.environ.get("is_half", "True").lower() == "true" import sys, numpy as np, traceback, pdb import os.path from glob import glob diff --git a/GPT_SoVITS/prepare_datasets/2-get-hubert-wav32k.py b/GPT_SoVITS/prepare_datasets/2-get-hubert-wav32k.py index 61c933a4..01a6d131 100644 --- a/GPT_SoVITS/prepare_datasets/2-get-hubert-wav32k.py +++ b/GPT_SoVITS/prepare_datasets/2-get-hubert-wav32k.py @@ -10,7 +10,7 @@ os.environ["CUDA_VISIBLE_DEVICES"]= os.environ.get("_CUDA_VISIBLE_DEVICES") from feature_extractor import cnhubert opt_dir= os.environ.get("opt_dir") cnhubert.cnhubert_base_path= os.environ.get("cnhubert_base_dir") -is_half=eval(os.environ.get("is_half","True")) +is_half=os.environ.get("is_half","True").lower()=="true" import pdb,traceback,numpy as np,logging from scipy.io import wavfile diff --git a/GPT_SoVITS/prepare_datasets/3-get-semantic.py b/GPT_SoVITS/prepare_datasets/3-get-semantic.py index 3448a580..43778ebc 100644 --- a/GPT_SoVITS/prepare_datasets/3-get-semantic.py +++ b/GPT_SoVITS/prepare_datasets/3-get-semantic.py @@ -8,7 +8,7 @@ os.environ["CUDA_VISIBLE_DEVICES"] = os.environ.get("_CUDA_VISIBLE_DEVICES") opt_dir = os.environ.get("opt_dir") pretrained_s2G = os.environ.get("pretrained_s2G") s2config_path = os.environ.get("s2config_path") -is_half = eval(os.environ.get("is_half", "True")) +is_half = os.environ.get("is_half", "True").lower() == "true" import math, traceback import multiprocessing import sys, pdb diff --git a/tools/subfix_webui.py b/tools/subfix_webui.py index d6624d03..ba1092fe 100644 --- a/tools/subfix_webui.py +++ b/tools/subfix_webui.py @@ -493,6 +493,6 @@ if __name__ == "__main__": server_name="0.0.0.0", inbrowser=True, quiet=True, - share=eval(args.is_share), + share=args.is_share.lower() == "true", server_port=int(args.webui_port_subfix) ) \ No newline at end of file diff --git a/tools/uvr5/webui.py b/tools/uvr5/webui.py index a690a686..ff1d6aff 100644 --- a/tools/uvr5/webui.py +++ b/tools/uvr5/webui.py @@ -19,9 +19,9 @@ for name in os.listdir(weight_uvr5_root): uvr5_names.append(name.replace(".pth", "")) device=sys.argv[1] -is_half=eval(sys.argv[2]) +is_half=sys.argv[2].lower() == "true" webui_port_uvr5=int(sys.argv[3]) -is_share=eval(sys.argv[4]) +is_share=sys.argv[4].lower() == "true" def uvr(model_name, inp_root, save_root_vocal, paths, save_root_ins, agg, format0): infos = []