https://github.com/karpathy/nanoGPT.git ·
lang: python ·
LOC: ·
source: user_submitted
| Rule | Severity | Count |
|---|---|---|
SEC011 Unsafe PyTorch Model Loading |
medium | 2 |
SEC007 Unsafe Deserialization |
medium | 2 |
SEC013 Path Traversal — User Input in File Path |
high | 2 |
SEC020 Secret Printed to Logs |
high | 1 |
SEC013
Path Traversal — User Input in File Path
data/shakespeare_char/prepare.py:13
· conf 0.80
[SEC013] Path Traversal — User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files.SEC013
Path Traversal — User Input in File Path
data/shakespeare/prepare.py:7
· conf 0.80
[SEC013] Path Traversal — User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files.SEC020
Secret Printed to Logs
train.py:102
· conf 0.85
[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for tro…SEC007
Unsafe Deserialization
sample.py:64
· conf 1.00
[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.SEC007
Unsafe Deserialization
train.py:142
· conf 1.00
[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.SEC011
Unsafe PyTorch Model Loading
sample.py:38
· conf 1.00
[SEC011] Unsafe PyTorch Model Loading: torch.load() uses pickle internally and can execute arbitrary code from untrusted model files.SEC011
Unsafe PyTorch Model Loading
train.py:162
· conf 1.00
[SEC011] Unsafe PyTorch Model Loading: torch.load() uses pickle internally and can execute arbitrary code from untrusted model files.Reading from rp.scan + rp.finding + rp.rule (unified schema, R78 series). Legacy data path unchanged. Compare with /scan/1fb3d71a-fce0-4d5e-a586-e047fbb6ac8c/.