← Legacy view v2 (rp.*)

linkedin/liger-kernel

https://github.com/linkedin/Liger-Kernel · lang: python · LOC: · source: both

Quality
78.9
Grade B+
Security
86.0
Findings
12
0 critical · 3 high
Status
completed
May 15, 2026 18:26
info: 6 high: 3 medium: 2 low: 1
Top rules by occurrence
RuleSeverityCount
SEC020 Secret Printed to Logs high 4
SEC013 Path Traversal — User Input in File Path high 4
SEC005 Command Injection Risk high 3
SEC015 Insecure Randomness for Security medium 1
First 12 findings (severity-sorted)
high SEC013 Path Traversal — User Input in File Path
src/liger_kernel/transformers/model/llava.py:63 · conf 0.80 
[SEC013] Path Traversal — User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files.
high SEC013 Path Traversal — User Input in File Path
src/liger_kernel/transformers/model/qwen2_5_vl.py:95 · conf 0.80 
[SEC013] Path Traversal — User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files.
high SEC013 Path Traversal — User Input in File Path
src/liger_kernel/transformers/model/qwen2_vl.py:92 · conf 0.80 
[SEC013] Path Traversal — User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files.
medium SEC005 Command Injection Risk
dev/modal/benchmarks.py:22 · conf 0.50 
[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input.
medium SEC005 Command Injection Risk
dev/modal/tests.py:23 · conf 0.50 
[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input.
low SEC005 Command Injection Risk
setup.py:65 · conf 0.30 
[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input.
info SEC013 Path Traversal — User Input in File Path
· conf 0.20 
[SEC013] Path Traversal — User Input in File Path (and 2 more): Same pattern found in 2 additional files. Review if needed.
info SEC015 Insecure Randomness for Security
src/liger_kernel/triton/monkey_patch.py:17 · conf 0.25 
[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.
info SEC020 Secret Printed to Logs
· conf 0.20 
[SEC020] Secret Printed to Logs (and 2 more): Same pattern found in 2 additional files. Review if needed.
info SEC020 Secret Printed to Logs
benchmark/scripts/benchmark_grpo_loss.py:126 · conf 0.15 
[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for tro…
info SEC020 Secret Printed to Logs
examples/medusa/train.py:307 · conf 0.15 
[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for tro…
info SEC020 Secret Printed to Logs
src/liger_kernel/transformers/model/internvl.py:70 · conf 0.15 
[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for tro…

Reading from rp.scan + rp.finding + rp.rule (unified schema, R78 series). Legacy data path unchanged. Compare with /scan/fedca033-f0ab-4858-8e75-ec394950c9b6/.