fix ecr ecan

aws · Dec 2, 2022 · fab3200 · fab3200
1 parent 2365d65
commit fab3200
Show file tree

Hide file tree

Showing 3 changed files with 67 additions and 1 deletion.
diff --git a/...rch/training/docker/1.12/py3/cu113/Dockerfile.sagemaker.trcomp.gpu.os_scan_allowlist.json b/...rch/training/docker/1.12/py3/cu113/Dockerfile.sagemaker.trcomp.gpu.os_scan_allowlist.json
@@ -0,0 +1,58 @@
+{
+    "torch": [
+        {
+        "description": "[torch](https://pypi.org/project/torch) is a Tensors and Dynamic neural networks in Python with strong GPU acceleration\n\nAffected versions of this package are vulnerable to Command Injection in `torch.jit.annotations.parse_type_line` which can cause arbitrary code execution because `eval` is used unsafely.",
+        "vulnerability_id": "SNYK-PYTHON-TORCH-3149871",
+        "name": "SNYK-PYTHON-TORCH-3149871",
+        "package_name": "torch",
+        "package_details": {
+            "file_path": "opt/conda/lib/python3.8/site-packages/torch-1.12.0+cu113.dist-info/METADATA",
+            "name": "torch",
+            "package_manager": "PYTHONPKG",
+            "version": "1.12.0+cu113",
+            "release": null
+        },
+        "remediation": {
+            "recommendation": {
+                "text": "None Provided"
+            }
+        },
+        "cvss_v3_score": 9.8,
+        "cvss_v30_score": 0.0,
+        "cvss_v31_score": 9.8,
+        "cvss_v2_score": 0.0,
+        "cvss_v3_severity": "CRITICAL",
+        "source_url": "https://snyk.io/vuln/SNYK-PYTHON-TORCH-3149871",
+        "source": "SNYK",
+        "severity": "CRITICAL",
+        "status": "ACTIVE",
+        "title": "IN1-PYTHON-TORCH-3149871 - torch"
+    }, {
+        "description": " In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is used unsafely.",
+        "vulnerability_id": "CVE-2022-45907",
+        "name": "CVE-2022-45907",
+        "package_name": "torch",
+        "package_details": {
+            "file_path": "opt/conda/lib/python3.8/site-packages/torch-1.12.0+cu113.dist-info/METADATA",
+            "name": "torch",
+            "package_manager": "PYTHONPKG",
+            "version": "1.12.0+cu113",
+            "release": null
+        },
+        "remediation": {
+            "recommendation": {
+                "text": "None Provided"
+            }
+        },
+        "cvss_v3_score": 9.8,
+        "cvss_v30_score": 0.0,
+        "cvss_v31_score": 9.8,
+        "cvss_v2_score": 0.0,
+        "cvss_v3_severity": "CRITICAL",
+        "source_url": "https://people.canonical.com/~ubuntu-security/cve/2022/CVE-2022-45907.html",
+        "source": "UBUNTU_CVE",
+        "severity": "MEDIUM",
+        "status": "ACTIVE",
+        "title": "CVE-2022-45907 - torch"
+    }]
+}
diff --git a/test/dlc_tests/sanity/test_pre_release.py b/test/dlc_tests/sanity/test_pre_release.py
@@ -441,6 +441,9 @@ def _run_dependency_check_test(image, ec2_connection):
             "1.12": ["cpu", "gpu", "hpu"],
             "1.13": ["cpu", "gpu", "hpu"],
         },
+        "pytorch_trcomp": {
+            "1.12": ["gpu"],
+        },
         "huggingface_pytorch": {"1.8": ["cpu", "gpu"], "1.9": ["cpu", "gpu"]},
         "huggingface_tensorflow": {"2.4": ["cpu", "gpu"], "2.5": ["cpu", "gpu"], "2.6": ["cpu", "gpu"]},
         "huggingface_tensorflow_trcomp": {"2.6": ["gpu"]},

diff --git a/test/test_utils/__init__.py b/test/test_utils/__init__.py
@@ -287,7 +287,10 @@ def get_expected_dockerfile_filename(device_type, image_uri):
         if "graviton" in image_uri:
             return f"Dockerfile.graviton.{device_type}"
         elif is_ec2_sm_in_same_dockerfile(image_uri):
-            return f"Dockerfile.{device_type}"
+            if "pytorch-trcomp-training" in image_uri:
+                return f"Dockerfile.trcomp.{device_type}"
+            else:
+                return f"Dockerfile.{device_type}"
         elif is_ec2_image(image_uri):
             return f"Dockerfile.ec2.{device_type}"
         else:
@@ -464,6 +467,7 @@ def is_covered_by_ec2_sm_split(image_uri):
     ec2_sm_split_images = {
         "pytorch": SpecifierSet(">=1.10.0"),
         "tensorflow": SpecifierSet(">=2.7.0"),
+        "pytorch_trcomp": SpecifierSet(">=1.12.0"),
     }
     framework, version = get_framework_and_version_from_tag(image_uri)
     return framework in ec2_sm_split_images and Version(version) in ec2_sm_split_images[framework]
@@ -473,6 +477,7 @@ def is_ec2_sm_in_same_dockerfile(image_uri):
     same_sm_ec2_dockerfile_record = {
         "pytorch": SpecifierSet(">=1.11.0"),
         "tensorflow": SpecifierSet(">=2.8.0"),
+        "pytorch_trcomp": SpecifierSet(">=1.12.0"),
     }
     framework, version = get_framework_and_version_from_tag(image_uri)
     return framework in same_sm_ec2_dockerfile_record and Version(version) in same_sm_ec2_dockerfile_record[framework]