fix: Add input validation to model load#404
Merged
mattwittwer merged 10 commits intomainfrom Aug 13, 2025
Merged
Conversation
20 tasks
mattwittwer
changed the title
mattwittwer
changed the title
yinggeh
reviewed
Jul 18, 2025
yinggeh
approved these changes
Jul 21, 2025
There was a problem hiding this comment.
Pull Request Overview
This PR improves the security and reliability of the Python backend stub launcher by replacing shell-based command execution with direct process execution and adding input validation. The changes eliminate shell injection vulnerabilities and add safeguards against malicious input.
- Replaces
bash -cshell execution with directexecv/execvecalls - Adds input validation for model names and shared memory region names
- Implements custom environment handling for Python virtual environments
Reviewed Changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 6 comments.
| File | Description |
|---|---|
| src/stub_launcher.cc | Refactored stub process launching to use direct execution instead of shell commands, added input validation |
| src/pb_utils.h | Added utility function declarations for input validation and environment handling |
| src/pb_utils.cc | Implemented input validation and environment parsing utilities |
kthui
approved these changes
Aug 12, 2025
Contributor
kthui
left a comment
kthui
left a comment
There was a problem hiding this comment.
Nice work preventing injection into stub launch command!
mattwittwer
added a commit
that referenced
this pull request
Aug 13, 2025
Validate input parameters used within python_backend model load
This was referenced Aug 13, 2025
mc-nv
pushed a commit
that referenced
this pull request
Aug 13, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What does the PR do?
Simplify the model load command by invoking the python backend stub without shell interpretation. Additionally add checks for invalid characters in provided model names
Checklist
<commit_type>: <Title>Commit Type:
Check the conventional commit type
box here and add the label to the github PR.
Related PRs:
Tests for these changes have been added here: triton-inference-server/server#8276
Where should the reviewer start?
The majority of the changes are in the src/stub_launcher.cc
Review the updated flow for building the model load command.
Test plan:
Added testing to: triton-inference-server/server#8276
31707450
Caveats:
Background
Related Issues: (use one of the action keywords Closes / Fixes / Resolves / Relates to)