Uploaded image for project: 'AI Platform Core Components'
  1. AI Platform Core Components
  2. AIPCC-9926

[BOT][Security] CWE-78 in compile_command.py:143,153

XMLWordPrintable

    • False
    • Hide

      None

      Show
      None
    • False

      Vulnerability Details

      CWE Type(s): CWE-78
      Severity: HIGH
      Team: PyTorch Compile

      Location

      • File: torch/_inductor/codegen/rocm/compile_command.py
      • Lines: 143, 153

      Description

      Command Injection via Unquoted File Paths in ROCm Compilation. File paths concatenated into command strings without proper quoting using shlex.quote(), allowing shell metacharacter injection through malicious file names.

      Two related vulnerabilities:
      1. Line 143: Unquoted src_files in command string
      2. Line 153: Unquoted compiler and dst_file in command string

      Impact

      • Arbitrary command execution through shell metacharacters in file paths
      • Compilation failures with paths containing spaces
      • Potential for malicious code injection during ROCm compilation
      • CI/CD pipeline compromise if attacker controls file names

      Root Cause

      File paths concatenated into command strings without proper shell escaping. String formatting without shlex.quote() allows injection via malicious filenames containing shell metacharacters.

      Fix Status

      MR Link: https://gitlab.com/redhat/rhel-ai/team-pytorch/pytorch/-/merge_requests/153
      Fix Branch: security-fix-Command_Injection-cwe78_rocm_compile_command_path_injection
      Status: IMPLEMENTED

      Fix Implementation

      • Added shlex import to module
      • Applied shlex.quote() to all file paths (src_files, dst_file, compiler)
      • Modified line 143: src_file equals join of quoted files
      • Modified line 153: Applied shlex.quote() to compiler and dst_file paths

      Security benefits:

      • Shell metacharacters are properly escaped
      • Paths with spaces are handled correctly
      • Command injection attacks are prevented

      Related Exploit Files

      • test_cwe78_codecache_rocm.py

      Exploit Code Sample

      # VULNERABLE CODE (before fix):
# src_file equals join of src_files without quoting
# return f-string with compiler options and files

# ATTACK SCENARIO:
# malicious_file equals file with shell metacharacters
# Result: command execution possible

# FIXED CODE:
# import shlex
# src_file equals join of quoted src_files
# return f-string with quoted compiler and dst_file

      Testing

      Comprehensive test suite added: test/inductor/test_command_injection_fixes.py

      • test_rocm_compile_command_quotes_paths_with_spaces
      • test_rocm_compile_command_handles_special_characters
      • test_command_injection_prevented_by_quoting

      References

      Generated by CI Security Bot on 2026-02-03

        1. test_cwe78_codecache_rocm.py
          13 kB

              Unassigned Unassigned
              pytorch-engineering PyTorch Engineering
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: