From 40eb5b2d5da4955786ce532d6f91582c03aded30 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 3 Jul 2025 03:56:38 +0000 Subject: [PATCH 1/4] Bump the pip group across 1 directory with 2 updates Bumps the pip group with 2 updates in the / directory: [pillow](https://github.com/python-pillow/Pillow) and [torch](https://github.com/pytorch/pytorch). Updates `pillow` from 11.2.1 to 11.3.0 - [Release notes](https://github.com/python-pillow/Pillow/releases) - [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst) - [Commits](https://github.com/python-pillow/Pillow/compare/11.2.1...11.3.0) Updates `torch` from 2.2.2 to 2.7.1 - [Release notes](https://github.com/pytorch/pytorch/releases) - [Changelog](https://github.com/pytorch/pytorch/blob/main/RELEASE.md) - [Commits](https://github.com/pytorch/pytorch/compare/v2.2.2...v2.7.1) --- updated-dependencies: - dependency-name: pillow dependency-version: 11.3.0 dependency-type: direct:production dependency-group: pip - dependency-name: torch dependency-version: 2.7.1 dependency-type: direct:production dependency-group: pip ... Signed-off-by: dependabot[bot] --- requirements.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/requirements.txt b/requirements.txt index 2d06bfb..75098ec 100644 --- a/requirements.txt +++ b/requirements.txt @@ -70,7 +70,7 @@ openai==1.88.0 orjson==3.10.18 packaging==24.2 penaltymodel==1.2.0 -pillow==11.2.1 +pillow==11.3.0 plucky==0.4.3 posthog==5.3.0 propcache==0.3.2 @@ -100,7 +100,7 @@ starlette==0.46.2 sympy==1.14.0 tenacity==9.1.2 tokenizers==0.21.1 -torch==2.2.2 +torch==2.7.1 tqdm==4.67.1 transformers==4.52.4 typing-inspect==0.9.0 From ac000c1a494cc5cf70e920acd640cbda3fc4f08d Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 7 Jul 2025 15:40:59 +0000 Subject: [PATCH 2/4] Initial plan From eb23e26a541c8f97bea968b5c099325a59d3bcab Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 7 Jul 2025 15:53:08 +0000 Subject: [PATCH 3/4] Merge dependency updates and documentation, fix datetime deprecation warning Co-authored-by: groupthinking <154503486+groupthinking@users.noreply.github.com> --- connectors/mcp_base.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/connectors/mcp_base.py b/connectors/mcp_base.py index 54e4a46..f478e49 100644 --- a/connectors/mcp_base.py +++ b/connectors/mcp_base.py @@ -5,7 +5,7 @@ from typing import Dict, List, Any, Optional import json import asyncio -from datetime import datetime +from datetime import datetime, timezone class MCPContext: @@ -19,7 +19,7 @@ def __init__(self): self.code_state = {} self.history = [] self.metadata = { - "created_at": datetime.utcnow().isoformat(), + "created_at": datetime.now(timezone.utc).isoformat(), "version": "1.0", "protocol": "MCP", } From 0ae4748c5e6c75c2889f599959b28ec3992e0521 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 7 Jul 2025 16:08:39 +0000 Subject: [PATCH 4/4] Apply critical security fixes: replace pickle with JSON, MD5 with SHA-256, remove hardcoded credentials, secure subprocess calls Co-authored-by: groupthinking <154503486+groupthinking@users.noreply.github.com> --- agents/unified_transport_layer.py | 8 ++--- connectors/mcp_debug_tool.py | 8 +++-- llm/continuous_learning_system.py | 24 +++++++-------- protocols/multimodal_llm_analyzer.py | 45 +++++++++++++++++++--------- 4 files changed, 52 insertions(+), 33 deletions(-) diff --git a/agents/unified_transport_layer.py b/agents/unified_transport_layer.py index cd24556..ac86e75 100644 --- a/agents/unified_transport_layer.py +++ b/agents/unified_transport_layer.py @@ -6,7 +6,7 @@ from abc import ABC, abstractmethod import time import mmap -import pickle +import json from dataclasses import dataclass # Import our existing components @@ -166,8 +166,8 @@ async def _shared_memory_transfer( self, pipe: MojoMessagePipe, payload: Dict ) -> Dict: """Shared memory transfer for large payloads""" - # Serialize to shared memory - serialized = pickle.dumps(payload) + # Serialize to shared memory using JSON (secure) + serialized = json.dumps(payload, default=str).encode('utf-8') if pipe.shared_memory: # Write to shared memory @@ -198,7 +198,7 @@ async def _pipe_transfer(self, pipe: MojoMessagePipe, payload: Dict) -> Dict: return { "status": "delivered", "method": "pipe", - "serialized_size": len(pickle.dumps(payload)), + "serialized_size": len(json.dumps(payload, default=str).encode('utf-8')), } async def _handle_passing_transfer( diff --git a/connectors/mcp_debug_tool.py b/connectors/mcp_debug_tool.py index 929284a..219657a 100644 --- a/connectors/mcp_debug_tool.py +++ b/connectors/mcp_debug_tool.py @@ -6,6 +6,7 @@ import json import asyncio import traceback +import os from datetime import datetime, timezone from typing import Dict, Any, Optional, List from dataclasses import dataclass, asdict @@ -606,7 +607,7 @@ def _estimate_quantum_efficiency(self, code: str) -> str: "tools": [ { "name": "DebugTool", - "endpoint": "https://your-gcp-api/v1/reason", + "endpoint": "https://api.example.com/v1/reason", "type": "debug", "schema": { "code": { @@ -657,7 +658,7 @@ def _estimate_quantum_efficiency(self, code: str) -> str: "version": "1.0.0", "authentication": { "type": "oauth2", - "token_url": "https://your-gcp-api/oauth2/token", + "token_url": "https://api.example.com/oauth2/token", "scopes": ["https://www.googleapis.com/auth/cloud-platform"], }, "timeout": 30000, @@ -675,7 +676,8 @@ def _estimate_quantum_efficiency(self, code: str) -> str: async def example_usage(): """Example usage of the MCP Debug Tool""" async with MCPDebugTool( - gcp_endpoint="https://your-gcp-api", auth_token="your-oauth-token" + gcp_endpoint=os.getenv("GCP_API_ENDPOINT", "https://api.example.com"), + auth_token=os.getenv("GCP_AUTH_TOKEN", "development-token") ) as debug_tool: # Debug quantum code diff --git a/llm/continuous_learning_system.py b/llm/continuous_learning_system.py index 80f5ee0..c501c18 100644 --- a/llm/continuous_learning_system.py +++ b/llm/continuous_learning_system.py @@ -25,7 +25,7 @@ from datetime import datetime import numpy as np import hashlib -import pickle +import json from pathlib import Path # Import existing components @@ -250,7 +250,7 @@ async def rollback_model(self, version_id: str) -> Dict[str, Any]: """ try: # Find version in history - version_path = self.model_dir / f"{version_id}.pkl" + version_path = self.model_dir / f"{version_id}.json" if not version_path.exists(): return { @@ -259,8 +259,8 @@ async def rollback_model(self, version_id: str) -> Dict[str, Any]: } # Load the version - with open(version_path, "rb") as f: - model_data = pickle.load(f) + with open(version_path, "r") as f: + model_data = json.load(f) # Set as current model self.current_model_version = model_data["version_info"] @@ -536,8 +536,8 @@ async def _create_model_version( }, training_data_size=self.training_stats["total_samples_processed"], quantum_optimized=self.quantum_connector.connected, - file_path=str(self.model_dir / f"{version_id}.pkl"), - checksum=hashlib.md5(version_id.encode()).hexdigest(), + file_path=str(self.model_dir / f"{version_id}.json"), + checksum=hashlib.sha256(version_id.encode()).hexdigest(), ) # Save model version @@ -547,8 +547,8 @@ async def _create_model_version( "model_state": "simulated_model_state", } - with open(version.file_path, "wb") as f: - pickle.dump(model_data, f) + with open(version.file_path, "w") as f: + json.dump(model_data, f, indent=2, default=str) # Update current version self.current_model_version = version @@ -590,14 +590,14 @@ async def _load_or_create_model(self): """Load existing model or create new one""" try: # Look for existing model versions - model_files = list(self.model_dir.glob("*.pkl")) + model_files = list(self.model_dir.glob("*.json")) if model_files: # Load latest version latest_file = max(model_files, key=lambda f: f.stat().st_mtime) - with open(latest_file, "rb") as f: - model_data = pickle.load(f) + with open(latest_file, "r") as f: + model_data = json.load(f) self.current_model_version = model_data["version_info"] logger.info( @@ -611,7 +611,7 @@ async def _load_or_create_model(self): performance_metrics={"accuracy": 0.8, "loss": 0.2}, training_data_size=0, quantum_optimized=False, - file_path=str(self.model_dir / "v1_initial.pkl"), + file_path=str(self.model_dir / "v1_initial.json"), checksum="initial", ) diff --git a/protocols/multimodal_llm_analyzer.py b/protocols/multimodal_llm_analyzer.py index 97e9238..c290dd1 100644 --- a/protocols/multimodal_llm_analyzer.py +++ b/protocols/multimodal_llm_analyzer.py @@ -6,7 +6,6 @@ from datetime import datetime from typing import Dict, List, Any import numpy as np -import random def task(): @@ -75,19 +74,35 @@ def _analyze_massive_user_collection() -> Dict[str, Any]: folder_name = os.path.basename(base_path) analysis["folders_scanned"].append(folder_name) - # Get total file count for this directory + # Get total file count for this directory using secure subprocess try: import subprocess - - result = subprocess.run( - ["find", base_path, "-type", "f"], - capture_output=True, - text=True, - ) - all_files = ( - result.stdout.strip().split("\n") if result.stdout.strip() else [] - ) - folder_file_count = len(all_files) + import shutil + + # Use absolute path for find command for security + find_path = shutil.which("find") + if not find_path: + # Fallback to Python implementation if find is not available + all_files = [] + for root, dirs, files in os.walk(base_path): + for file in files: + all_files.append(os.path.join(root, file)) + folder_file_count = len(all_files) + else: + # Validate and sanitize the base_path to prevent command injection + if not os.path.exists(base_path) or not os.path.isdir(base_path): + raise ValueError(f"Invalid directory path: {base_path}") + + result = subprocess.run( + [find_path, os.path.abspath(base_path), "-type", "f"], + capture_output=True, + text=True, + timeout=30, # Add timeout for security + ) + all_files = ( + result.stdout.strip().split("\n") if result.stdout.strip() else [] + ) + folder_file_count = len(all_files) analysis["directory_stats"][folder_name] = { "total_files": folder_file_count, @@ -95,11 +110,13 @@ def _analyze_massive_user_collection() -> Dict[str, Any]: } analysis["total_files"] += folder_file_count - # Use statistical sampling for massive datasets + # Use systematic sampling for massive datasets (deterministic) if folder_file_count > 1000: # Sample 5% or max 2000 files, whichever is smaller sample_size = min(int(folder_file_count * 0.05), 2000) - sampled_files = random.sample(all_files, sample_size) + # Systematic sampling - take every nth file for reproducible results + step = max(1, len(all_files) // sample_size) + sampled_files = all_files[::step][:sample_size] analysis["directory_stats"][folder_name][ "sample_analyzed" ] = sample_size