gemini-code-assist[bot] commented on code in PR #18925:
URL: https://github.com/apache/tvm/pull/18925#discussion_r2978191082
##########
python/tvm/contrib/pickle_memoize.py:
##########
@@ -71,6 +71,14 @@ def cache(self):
if self.path.exists():
with self.path.open("rb") as cache_file:
try:
+ import warnings
Review Comment:
To adhere to PEP 8 guidelines, import statements should be placed at the top
of the file. Please move `import warnings` to the top of the module.
<details>
<summary>References</summary>
1. PEP 8, the style guide for Python code, specifies that imports should be
at the top of the file. This improves readability and makes dependencies
explicit.
<sup>([link](https://github.com/apache/tvm/blob/main/.gemini/styleguide.md))</sup>
</details>
##########
python/tvm/contrib/pickle_memoize.py:
##########
@@ -71,6 +71,14 @@ def cache(self):
if self.path.exists():
with self.path.open("rb") as cache_file:
try:
+ import warnings
+ warnings.warn(
+ f"Loading cached pickle file from {self.path}. "
+ "Pickle files can execute arbitrary code. "
+ "Only load cache files you trust.",
+ UserWarning,
+ stacklevel=2,
+ )
Review Comment:
This change introduces a user warning, which is great for security
awareness. However, there is no test to verify that this warning is actually
triggered when loading from a cached pickle file. Please consider adding a test
case to `tests/python/contrib/test_memoize.py` that uses `pytest.warns` to
assert that the `UserWarning` is raised.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
