Sprint merge from lucastargett fork into upstream main by lucastargett · Pull Request #118 · Redback-Operations/redback-orion

lucastargett · 2026-04-07T01:23:16Z

This PR includes the latest sprint work from the lucastargett fork:

Backend API routes implementation
Auth and health schemas (FastAPI + Pydantic)
Player tracking pipeline execution
General project structure and subgroup contributions

This merge represents the end of the current bi-weekly sprint and is ready for integration into the upstream repository.

…back-orion into Player-Tracking

…file and add init file

…thresholds with recommendations matching SCHEMA.md

Crowd Allocation Risk Zone

…SP1-new implement baseline crowd behaviour analysis

feat: implement video processing and update gitignore and add config and merged with corwd-monitoring branch

crowd detection implementation

…nfig file

update ignore file to allow shared config and add vidoe processing co…

…argett/redback-orion into CM/density-zoning-SP1-new

Cm/density zoning sp1 new

YOLO Model file

Sprint 1: Implement initial heatmap generation

Backend API Gateway - Sprint 1 Complete (Weeks 1-4)

Front-end

Add initial modelling files (Sri)

Player tracking

Crowd monitoring

github-actions · 2026-04-07T01:24:12Z

🔒 Security Scan Results

🔒 Security Scan Results
=========================

Bandit Scan Results:
-------------------
Run started:2026-04-07 01:24:11.589320+00:00

Test results:
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/LISA_gradio_interface.py:55:25
54	        # Create tokenizer
55	        self.tokenizer = AutoTokenizer.from_pretrained(
56	            self.args.version,
57	            cache_dir=None,
58	            model_max_length=self.args.model_max_length,
59	            padding_side="right",
60	            use_fast=False,
61	        )
62	        self.tokenizer.pad_token = self.tokenizer.unk_token

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/LISA_gradio_interface.py:139:36
138	        # Initialize processors
139	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(self.model.config.vision_tower)
140	        self.transform = ResizeLongestSide(self.args.image_size)

--------------------------------------------------
>> Issue: [B104:hardcoded_bind_all_interfaces] Possible binding to all interfaces.
   Severity: Medium   Confidence: Medium
   CWE: CWE-605 (https://cwe.mitre.org/data/definitions/605.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b104_hardcoded_bind_all_interfaces.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/LISA_gradio_interface.py:412:20
411	    demo.launch(
412	        server_name="0.0.0.0",
413	        server_port=7860,

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/chat.py:71:16
70	    # Create model
71	    tokenizer = AutoTokenizer.from_pretrained(
72	        args.version,
73	        cache_dir=None,
74	        model_max_length=args.model_max_length,
75	        padding_side="right",
76	        use_fast=False,
77	    )
78	    tokenizer.pad_token = tokenizer.unk_token

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/chat.py:149:27
148	
149	    clip_image_processor = CLIPImageProcessor.from_pretrained(model.config.vision_tower)
150	    transform = ResizeLongestSide(args.image_size)

--------------------------------------------------
>> Issue: [B614:pytorch_load] Use of unsafe PyTorch load
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b614_pytorch_load.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/csrnet/run.py:23:13
22	
23	checkpoint = torch.load('weights.pth', map_location="cpu")
24	model.load_state_dict(checkpoint)

--------------------------------------------------
>> Issue: [B614:pytorch_load] Use of unsafe PyTorch load
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b614_pytorch_load.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/csrnet_service.py:22:21
21	        self.model = CSRNet().to(self.device)
22	        checkpoint = torch.load(weights_path, map_location=self.device)
23	        self.model.load_state_dict(checkpoint)

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/lisa_segmentor.py:55:25
54	        # Tokenizer
55	        self.tokenizer = AutoTokenizer.from_pretrained(
56	            self.args.version,
57	            cache_dir=None,
58	            model_max_length=self.args.model_max_length,
59	            padding_side="right",
60	            use_fast=False,
61	        )
62	        self.tokenizer.pad_token = self.tokenizer.unk_token

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/lisa_segmentor.py:147:36
146	
147	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(self.model.config.vision_tower)
148	        self.transform = ResizeLongestSide(self.args.image_size)

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/apply_delta.py:15:11
14	    print("Loading base model")
15	    base = AutoModelForCausalLM.from_pretrained(
16	        base_model_path, torch_dtype=torch.float16, low_cpu_mem_usage=True
17	    )
18	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/apply_delta.py:23:22
22	    )
23	    delta_tokenizer = AutoTokenizer.from_pretrained(delta_path)
24	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/consolidate.py:16:16
15	    auto_upgrade(src_path)
16	    src_model = AutoModelForCausalLM.from_pretrained(
17	        src_path, torch_dtype=torch.float16, low_cpu_mem_usage=True
18	    )
19	    src_tokenizer = AutoTokenizer.from_pretrained(src_path, use_fast=False)

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/consolidate.py:19:20
18	    )
19	    src_tokenizer = AutoTokenizer.from_pretrained(src_path, use_fast=False)
20	    src_model.save_pretrained(dst_path)

--------------------------------------------------
>> Issue: [B614:pytorch_load] Use of unsafe PyTorch load
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b614_pytorch_load.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/llava_arch.py:69:35
68	        if pretrain_mm_mlp_adapter is not None:
69	            mm_projector_weights = torch.load(
70	                pretrain_mm_mlp_adapter, map_location="cpu"
71	            )
72	

--------------------------------------------------
>> Issue: [B614:pytorch_load] Use of unsafe PyTorch load
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b614_pytorch_load.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/llava_arch.py:378:39
377	            if model_args.pretrain_mm_mlp_adapter:
378	                mm_projector_weights = torch.load(
379	                    model_args.pretrain_mm_mlp_adapter, map_location="cpu"
380	                )
381	                embed_tokens_weight = mm_projector_weights["model.embed_tokens.weight"]

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/make_delta.py:15:11
14	    print("Loading base model")
15	    base = AutoModelForCausalLM.from_pretrained(
16	        base_model_path, torch_dtype=torch.float16, low_cpu_mem_usage=True
17	    )
18	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/make_delta.py:21:13
20	    auto_upgrade(target_model_path)
21	    target = AutoModelForCausalLM.from_pretrained(
22	        target_model_path, torch_dtype=torch.float16, low_cpu_mem_usage=True
23	    )
24	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/make_delta.py:49:23
48	    target.save_pretrained(delta_path, **kwargs)
49	    target_tokenizer = AutoTokenizer.from_pretrained(target_model_path)
50	    target_tokenizer.save_pretrained(delta_path, **kwargs)

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/multimodal_encoder/clip_encoder.py:19:28
18	        else:
19	            self.cfg_only = CLIPVisionConfig.from_pretrained(self.vision_tower_name)
20	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/multimodal_encoder/clip_encoder.py:22:31
21	    def load_model(self):
22	        self.image_processor = CLIPImageProcessor.from_pretrained(
23	            self.vision_tower_name
24	        )
25	        self.vision_tower = CLIPVisionModel.from_pretrained(

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/multimodal_encoder/clip_encoder.py:25:28
24	        )
25	        self.vision_tower = CLIPVisionModel.from_pretrained(
26	            self.vision_tower_name, low_cpu_mem_usage=True
27	        )
28	        self.vision_tower.requires_grad_(False)

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/utils.py:5:10
4	def auto_upgrade(config):
5	    cfg = AutoConfig.from_pretrained(config)
6	    if "llava" in config and "llava" not in cfg.model_type:

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/train/train.py:847:21
846	        if "mpt" in model_args.model_name_or_path:
847	            config = transformers.AutoConfig.from_pretrained(
848	                model_args.model_name_or_path, trust_remote_code=True
849	            )
850	            config.attn_config["attn_impl"] = training_args.mpt_attn_impl

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/train/train.py:864:16
863	    else:
864	        model = transformers.LlamaForCausalLM.from_pretrained(
865	            model_args.model_name_or_path,
866	            cache_dir=training_args.cache_dir,
867	            **bnb_model_from_pretrained_args,
868	        )
869	    model.config.use_cache = False

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/train/train.py:916:20
915	    if "mpt" in model_args.model_name_or_path:
916	        tokenizer = transformers.AutoTokenizer.from_pretrained(
917	            model_args.model_name_or_path,
918	            cache_dir=training_args.cache_dir,
919	            model_max_length=training_args.model_max_length,
920	            padding_side="right",
921	        )
922	    else:

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/train/train.py:923:20
922	    else:
923	        tokenizer = transformers.AutoTokenizer.from_pretrained(
924	            model_args.model_name_or_path,
925	            cache_dir=training_args.cache_dir,
926	            model_max_length=training_args.model_max_length,
927	            padding_side="right",
928	            use_fast=False,
929	        )
930	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/utils/dataset.py:333:36
332	        self.transform = ResizeLongestSide(image_size)
333	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(vision_tower)
334	

--------------------------------------------------
>> Issue: [B301:blacklist] Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b301-pickle
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/utils/grefer.py:55:32
54	        if osp.exists(ref_file):
55	            self.data["refs"] = pickle.load(open(ref_file, "rb"), fix_imports=True)
56	        else:

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/utils/reason_seg_dataset.py:51:36
50	        self.transform = ResizeLongestSide(image_size)
51	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(vision_tower)
52	

--------------------------------------------------
>> Issue: [B301:blacklist] Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b301-pickle
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/utils/refer.py:68:28
67	        self.data["dataset"] = dataset
68	        self.data["refs"] = pickle.load(open(ref_file, "rb"))
69	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/utils/refer_seg_dataset.py:46:36
45	        self.transform = ResizeLongestSide(image_size)
46	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(vision_tower)
47	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/utils/sem_seg_dataset.py:154:36
153	        self.transform = ResizeLongestSide(image_size)
154	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(vision_tower)
155	

--------------------------------------------------
>> Issue: [B307:blacklist] Use of possibly insecure function - consider using safer ast.literal_eval.
   Severity: Medium   Confidence: High
   CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b307-eval
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/utils/sem_seg_dataset.py:164:38
163	        for ds in self.sem_seg_datas:
164	            classes, images, labels = eval("init_{}".format(ds))(base_image_dir)
165	            self.data2list[ds] = (images, labels)

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/utils/vqa_dataset.py:58:36
57	        self.transform = ResizeLongestSide(image_size)
58	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(vision_tower)
59	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/LISA_gradio_interface.py:55:25
54	        # Create tokenizer
55	        self.tokenizer = AutoTokenizer.from_pretrained(
56	            self.args.version,
57	            cache_dir=None,
58	            model_max_length=self.args.model_max_length,
59	            padding_side="right",
60	            use_fast=False,
61	        )
62	        self.tokenizer.pad_token = self.tokenizer.unk_token

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/LISA_gradio_interface.py:139:36
138	        # Initialize processors
139	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(self.model.config.vision_tower)
140	        self.transform = ResizeLongestSide(self.args.image_size)

--------------------------------------------------
>> Issue: [B104:hardcoded_bind_all_interfaces] Possible binding to all interfaces.
   Severity: Medium   Confidence: Medium
   CWE: CWE-605 (https://cwe.mitre.org/data/definitions/605.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b104_hardcoded_bind_all_interfaces.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/LISA_gradio_interface.py:412:20
411	    demo.launch(
412	        server_name="0.0.0.0",
413	        server_port=7860,

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/chat.py:71:16
70	    # Create model
71	    tokenizer = AutoTokenizer.from_pretrained(
72	        args.version,
73	        cache_dir=None,
74	        model_max_length=args.model_max_length,
75	        padding_side="right",
76	        use_fast=False,
77	    )
78	    tokenizer.pad_token = tokenizer.unk_token

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/chat.py:149:27
148	
149	    clip_image_processor = CLIPImageProcessor.from_pretrained(model.config.vision_tower)
150	    transform = ResizeLongestSide(args.image_size)

--------------------------------------------------
>> Issue: [B614:pytorch_load] Use of unsafe PyTorch load
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b614_pytorch_load.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/csrnet/run.py:23:13
22	
23	checkpoint = torch.load('weights.pth', map_location="cpu")
24	model.load_state_dict(checkpoint)

--------------------------------------------------
>> Issue: [B614:pytorch_load] Use of unsafe PyTorch load
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b614_pytorch_load.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/csrnet_service.py:22:21
21	        self.model = CSRNet().to(self.device)
22	        checkpoint = torch.load(weights_path, map_location=self.device)
23	        self.model.load_state_dict(checkpoint)

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/lisa_segmentor.py:55:25
54	        # Tokenizer
55	        self.tokenizer = AutoTokenizer.from_pretrained(
56	            self.args.version,
57	            cache_dir=None,
58	            model_max_length=self.args.model_max_length,
59	            padding_side="right",
60	            use_fast=False,
61	        )
62	        self.tokenizer.pad_token = self.tokenizer.unk_token

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/lisa_segmentor.py:147:36
146	
147	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(self.model.config.vision_tower)
148	        self.transform = ResizeLongestSide(self.args.image_size)

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/apply_delta.py:15:11
14	    print("Loading base model")
15	    base = AutoModelForCausalLM.from_pretrained(
16	        base_model_path, torch_dtype=torch.float16, low_cpu_mem_usage=True
17	    )
18	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/apply_delta.py:23:22
22	    )
23	    delta_tokenizer = AutoTokenizer.from_pretrained(delta_path)
24	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/consolidate.py:16:16
15	    auto_upgrade(src_path)
16	    src_model = AutoModelForCausalLM.from_pretrained(
17	        src_path, torch_dtype=torch.float16, low_cpu_mem_usage=True
18	    )
19	    src_tokenizer = AutoTokenizer.from_pretrained(src_path, use_fast=False)

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/consolidate.py:19:20
18	    )
19	    src_tokenizer = AutoTokenizer.from_pretrained(src_path, use_fast=False)
20	    src_model.save_pretrained(dst_path)

--------------------------------------------------
>> Issue: [B614:pytorch_load] Use of unsafe PyTorch load
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b614_pytorch_load.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/llava_arch.py:69:35
68	        if pretrain_mm_mlp_adapter is not None:
69	            mm_projector_weights = torch.load(
70	                pretrain_mm_mlp_adapter, map_location="cpu"
71	            )
72	

--------------------------------------------------
>> Issue: [B614:pytorch_load] Use of unsafe PyTorch load
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b614_pytorch_load.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/llava_arch.py:378:39
377	            if model_args.pretrain_mm_mlp_adapter:
378	                mm_projector_weights = torch.load(
379	                    model_args.pretrain_mm_mlp_adapter, map_location="cpu"
380	                )
381	                embed_tokens_weight = mm_projector_weights["model.embed_tokens.weight"]

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/make_delta.py:15:11
14	    print("Loading base model")
15	    base = AutoModelForCausalLM.from_pretrained(
16	        base_model_path, torch_dtype=torch.float16, low_cpu_mem_usage=True
17	    )
18	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/make_delta.py:21:13
20	    auto_upgrade(target_model_path)
21	    target = AutoModelForCausalLM.from_pretrained(
22	        target_model_path, torch_dtype=torch.float16, low_cpu_mem_usage=True
23	    )
24	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/make_delta.py:49:23
48	    target.save_pretrained(delta_path, **kwargs)
49	    target_tokenizer = AutoTokenizer.from_pretrained(target_model_path)
50	    target_tokenizer.save_pretrained(delta_path, **kwargs)

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/multimodal_encoder/clip_encoder.py:19:28
18	        else:
19	            self.cfg_only = CLIPVisionConfig.from_pretrained(self.vision_tower_name)
20	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/multimodal_encoder/clip_encoder.py:22:31
21	    def load_model(self):
22	        self.image_processor = CLIPImageProcessor.from_pretrained(
23	            self.vision_tower_name
24	        )
25	        self.vision_tower = CLIPVisionModel.from_pretrained(

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/multimodal_encoder/clip_encoder.py:25:28
24	        )
25	        self.vision_tower = CLIPVisionModel.from_pretrained(
26	            self.vision_tower_name, low_cpu_mem_usage=True
27	        )
28	        self.vision_tower.requires_grad_(False)

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/utils.py:5:10
4	def auto_upgrade(config):
5	    cfg = AutoConfig.from_pretrained(config)
6	    if "llava" in config and "llava" not in cfg.model_type:

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/train/train.py:847:21
846	        if "mpt" in model_args.model_name_or_path:
847	            config = transformers.AutoConfig.from_pretrained(
848	                model_args.model_name_or_path, trust_remote_code=True
849	            )
850	            config.attn_config["attn_impl"] = training_args.mpt_attn_impl

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/train/train.py:864:16
863	    else:
864	        model = transformers.LlamaForCausalLM.from_pretrained(
865	            model_args.model_name_or_path,
866	            cache_dir=training_args.cache_dir,
867	            **bnb_model_from_pretrained_args,
868	        )
869	    model.config.use_cache = False

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/train/train.py:916:20
915	    if "mpt" in model_args.model_name_or_path:
916	        tokenizer = transformers.AutoTokenizer.from_pretrained(
917	            model_args.model_name_or_path,
918	            cache_dir=training_args.cache_dir,
919	            model_max_length=training_args.model_max_length,
920	            padding_side="right",
921	        )
922	    else:

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/train/train.py:923:20
922	    else:
923	        tokenizer = transformers.AutoTokenizer.from_pretrained(
924	            model_args.model_name_or_path,
925	            cache_dir=training_args.cache_dir,
926	            model_max_length=training_args.model_max_length,
927	            padding_side="right",
928	            use_fast=False,
929	        )
930	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/utils/dataset.py:333:36
332	        self.transform = ResizeLongestSide(image_size)
333	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(vision_tower)
334	

--------------------------------------------------
>> Issue: [B301:blacklist] Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b301-pickle
   Location: ./Crowd_Monitoring/LISA_Heatmap/utils/grefer.py:55:32
54	        if osp.exists(ref_file):
55	            self.data["refs"] = pickle.load(open(ref_file, "rb"), fix_imports=True)
56	        else:

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/utils/reason_seg_dataset.py:51:36
50	        self.transform = ResizeLongestSide(image_size)
51	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(vision_tower)
52	

--------------------------------------------------
>> Issue: [B301:blacklist] Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b301-pickle
   Location: ./Crowd_Monitoring/LISA_Heatmap/utils/refer.py:68:28
67	        self.data["dataset"] = dataset
68	        self.data["refs"] = pickle.load(open(ref_file, "rb"))
69	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/utils/refer_seg_dataset.py:46:36
45	        self.transform = ResizeLongestSide(image_size)
46	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(vision_tower)
47	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/utils/sem_seg_dataset.py:154:36
153	        self.transform = ResizeLongestSide(image_size)
154	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(vision_tower)
155	

--------------------------------------------------
>> Issue: [B307:blacklist] Use of possibly insecure function - consider using safer ast.literal_eval.
   Severity: Medium   Confidence: High
   CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b307-eval
   Location: ./Crowd_Monitoring/LISA_Heatmap/utils/sem_seg_dataset.py:164:38
163	        for ds in self.sem_seg_datas:
164	            classes, images, labels = eval("init_{}".format(ds))(base_image_dir)
165	            self.data2list[ds] = (images, labels)

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/utils/vqa_dataset.py:58:36
57	        self.transform = ResizeLongestSide(image_size)
58	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(vision_tower)
59	

--------------------------------------------------
>> Issue: [B614:pytorch_load] Use of unsafe PyTorch load
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b614_pytorch_load.html
   Location: ./Player_Tracking/YOLOV3_Model/YOLOV3/utils/utils.py:468:8
467	    # Strip optimizer from *.pt files for lighter files (reduced by 2/3 size)
468	    a = torch.load(filename, map_location='cpu')
469	    a['optimizer'] = []

--------------------------------------------------
>> Issue: [B614:pytorch_load] Use of unsafe PyTorch load
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b614_pytorch_load.html
   Location: ./Player_Tracking/tennis_tracking/court_line_detector/court_line_detector.py:10:35
9	        self.model.fc = torch.nn.Linear(self.model.fc.in_features,14*2)
10	        self.model.load_state_dict(torch.load(model_path,map_location='cpu'))
11	

--------------------------------------------------
>> Issue: [B301:blacklist] Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b301-pickle
   Location: ./Player_Tracking/tennis_tracking/trackers/ball_tracker.py:61:34
60	            with open(stub_path,'rb') as f:
61	                ball_detections = pickle.load(f)
62	            return ball_detections

--------------------------------------------------
>> Issue: [B301:blacklist] Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b301-pickle
   Location: ./Player_Tracking/tennis_tracking/trackers/player_tracker.py:53:36
52	            with open(stub_path,'rb') as f:
53	                player_detections = pickle.load(f)
54	            return player_detections

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b108_hardcoded_tmp_directory.html
   Location: ./data_streaming_backend/airflow/dags/heatmaps_kafka.py:44:49
43	    coco_names = os.getenv('COCO_NAMES')
44	    tmp_output_dir = os.getenv('TMP_OUTPUT_DIR', '/tmp')
45	

--------------------------------------------------
>> Issue: [B310:blacklist] Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
   Severity: Medium   Confidence: High
   CWE: CWE-22 (https://cwe.mitre.org/data/definitions/22.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b310-urllib-urlopen
   Location: ./data_streaming_backend/airflow/dags/heatmaps_kafka.py:48:12
47	        if not os.path.exists(yolo_config):
48	            urllib.request.urlretrieve("https://raw.githubusercontent.com/AlexeyAB/darknet/master/cfg/yolov4.cfg", yolo_config)
49	        if not os.path.exists(yolo_weights):

--------------------------------------------------
>> Issue: [B310:blacklist] Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
   Severity: Medium   Confidence: High
   CWE: CWE-22 (https://cwe.mitre.org/data/definitions/22.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b310-urllib-urlopen
   Location: ./data_streaming_backend/airflow/dags/heatmaps_kafka.py:50:12
49	        if not os.path.exists(yolo_weights):
50	            urllib.request.urlretrieve("https://github.com/AlexeyAB/darknet/releases/download/yolov4/yolov4.weights", yolo_weights)
51	        if not os.path.exists(coco_names):

--------------------------------------------------
>> Issue: [B310:blacklist] Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
   Severity: Medium   Confidence: High
   CWE: CWE-22 (https://cwe.mitre.org/data/definitions/22.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b310-urllib-urlopen
   Location: ./data_streaming_backend/airflow/dags/heatmaps_kafka.py:52:12
51	        if not os.path.exists(coco_names):
52	            urllib.request.urlretrieve("https://raw.githubusercontent.com/pjreddie/darknet/master/data/coco.names", coco_names)
53	    except Exception as e:

--------------------------------------------------
>> Issue: [B113:request_without_timeout] Call to requests without timeout
   Severity: Medium   Confidence: Low
   CWE: CWE-400 (https://cwe.mitre.org/data/definitions/400.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b113_request_without_timeout.html
   Location: ./data_streaming_backend/api.py:216:19
215	        validate_url(health_url)
216	        response = requests.get(health_url)
217	        if response.status_code == 200:

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b108_hardcoded_tmp_directory.html
   Location: ./data_streaming_backend/detect_faces_and_features.py:16:16
15	    'RESULTS_TOPIC': 'face_results',
16	    'YOLO_CFG': '/tmp/yolov4-face.cfg',
17	    'YOLO_WEIGHTS': '/tmp/yolov4-face.weights',
18	    'MASK_MODEL': '/tmp/mask_detector.model',
19	    'AGE_PROTO': '/tmp/age_deploy.prototxt',
20	    'AGE_MODEL': '/tmp/age_net.caffemodel',
21	    'EMOTION_MODEL': '/tmp/emotion-ferplus-8.onnx'
22	}
23	
24	def detect_faces_and_features():
25	    import os
26	    import cv2
27	    import io

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b108_hardcoded_tmp_directory.html
   Location: ./data_streaming_backend/detect_faces_and_features.py:17:20
16	    'YOLO_CFG': '/tmp/yolov4-face.cfg',
17	    'YOLO_WEIGHTS': '/tmp/yolov4-face.weights',
18	    'MASK_MODEL': '/tmp/mask_detector.model',
19	    'AGE_PROTO': '/tmp/age_deploy.prototxt',
20	    'AGE_MODEL': '/tmp/age_net.caffemodel',
21	    'EMOTION_MODEL': '/tmp/emotion-ferplus-8.onnx'
22	}
23	
24	def detect_faces_and_features():
25	    import os
26	    import cv2
27	    import io
28	    import json

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b108_hardcoded_tmp_directory.html
   Location: ./data_streaming_backend/detect_faces_and_features.py:18:18
17	    'YOLO_WEIGHTS': '/tmp/yolov4-face.weights',
18	    'MASK_MODEL': '/tmp/mask_detector.model',
19	    'AGE_PROTO': '/tmp/age_deploy.prototxt',
20	    'AGE_MODEL': '/tmp/age_net.caffemodel',
21	    'EMOTION_MODEL': '/tmp/emotion-ferplus-8.onnx'
22	}
23	
24	def detect_faces_and_features():
25	    import os
26	    import cv2
27	    import io
28	    import json
29	    import numpy as np

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b108_hardcoded_tmp_directory.html
   Location: ./data_streaming_backend/detect_faces_and_features.py:19:17
18	    'MASK_MODEL': '/tmp/mask_detector.model',
19	    'AGE_PROTO': '/tmp/age_deploy.prototxt',
20	    'AGE_MODEL': '/tmp/age_net.caffemodel',
21	    'EMOTION_MODEL': '/tmp/emotion-ferplus-8.onnx'
22	}
23	
24	def detect_faces_and_features():
25	    import os
26	    import cv2
27	    import io
28	    import json
29	    import numpy as np
30	    import urllib.request

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b108_hardcoded_tmp_directory.html
   Location: ./data_streaming_backend/detect_faces_and_features.py:20:17
19	    'AGE_PROTO': '/tmp/age_deploy.prototxt',
20	    'AGE_MODEL': '/tmp/age_net.caffemodel',
21	    'EMOTION_MODEL': '/tmp/emotion-ferplus-8.onnx'
22	}
23	
24	def detect_faces_and_features():
25	    import os
26	    import cv2
27	    import io
28	    import json
29	    import numpy as np
30	    import urllib.request
31	    from PIL import Image

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b108_hardcoded_tmp_directory.html
   Location: ./data_streaming_backend/detect_faces_and_features.py:21:21
20	    'AGE_MODEL': '/tmp/age_net.caffemodel',
21	    'EMOTION_MODEL': '/tmp/emotion-ferplus-8.onnx'
22	}
23	
24	def detect_faces_and_features():
25	    import os
26	    import cv2
27	    import io
28	    import json
29	    import numpy as np
30	    import urllib.request
31	    from PIL import Image
32	    from kafka import KafkaConsumer, KafkaProducer

--------------------------------------------------
>> Issue: [B310:blacklist] Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
   Severity: Medium   Confidence: High
   CWE: CWE-22 (https://cwe.mitre.org/data/definitions/22.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b310-urllib-urlopen
   Location: ./data_streaming_backend/detect_faces_and_features.py:36:12
35	        if not os.path.exists(path):
36	            urllib.request.urlretrieve(url, path)
37	

--------------------------------------------------

Code scanned:
	Total lines of code: 39804
	Total lines skipped (#nosec): 4
	Total potential issues skipped due to specifically being disabled (e.g., #nosec BXXX): 0

Run metrics:
	Total issues (by severity):
		Undefined: 0
		Low: 325
		Medium: 84
		High: 0
	Total issues (by confidence):
		Undefined: 0
		Low: 1
		Medium: 31
		High: 377
Files skipped (0):

✅ No critical security issues detected.

The code has passed all critical security checks.

Implemented async PostgreSQL setup and user/job models

feat: add safest zone card to crowd monitor

github-actions · 2026-04-12T23:23:08Z

🔒 Security Scan Results

🔒 Security Scan Results
=========================

Bandit Scan Results:
-------------------
Run started:2026-04-12 23:23:07.999529+00:00

Test results:
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/LISA_gradio_interface.py:55:25
54	        # Create tokenizer
55	        self.tokenizer = AutoTokenizer.from_pretrained(
56	            self.args.version,
57	            cache_dir=None,
58	            model_max_length=self.args.model_max_length,
59	            padding_side="right",
60	            use_fast=False,
61	        )
62	        self.tokenizer.pad_token = self.tokenizer.unk_token

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/LISA_gradio_interface.py:139:36
138	        # Initialize processors
139	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(self.model.config.vision_tower)
140	        self.transform = ResizeLongestSide(self.args.image_size)

--------------------------------------------------
>> Issue: [B104:hardcoded_bind_all_interfaces] Possible binding to all interfaces.
   Severity: Medium   Confidence: Medium
   CWE: CWE-605 (https://cwe.mitre.org/data/definitions/605.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b104_hardcoded_bind_all_interfaces.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/LISA_gradio_interface.py:412:20
411	    demo.launch(
412	        server_name="0.0.0.0",
413	        server_port=7860,

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/chat.py:71:16
70	    # Create model
71	    tokenizer = AutoTokenizer.from_pretrained(
72	        args.version,
73	        cache_dir=None,
74	        model_max_length=args.model_max_length,
75	        padding_side="right",
76	        use_fast=False,
77	    )
78	    tokenizer.pad_token = tokenizer.unk_token

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/chat.py:149:27
148	
149	    clip_image_processor = CLIPImageProcessor.from_pretrained(model.config.vision_tower)
150	    transform = ResizeLongestSide(args.image_size)

--------------------------------------------------
>> Issue: [B614:pytorch_load] Use of unsafe PyTorch load
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b614_pytorch_load.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/csrnet/run.py:23:13
22	
23	checkpoint = torch.load('weights.pth', map_location="cpu")
24	model.load_state_dict(checkpoint)

--------------------------------------------------
>> Issue: [B614:pytorch_load] Use of unsafe PyTorch load
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b614_pytorch_load.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/csrnet_service.py:22:21
21	        self.model = CSRNet().to(self.device)
22	        checkpoint = torch.load(weights_path, map_location=self.device)
23	        self.model.load_state_dict(checkpoint)

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/lisa_segmentor.py:55:25
54	        # Tokenizer
55	        self.tokenizer = AutoTokenizer.from_pretrained(
56	            self.args.version,
57	            cache_dir=None,
58	            model_max_length=self.args.model_max_length,
59	            padding_side="right",
60	            use_fast=False,
61	        )
62	        self.tokenizer.pad_token = self.tokenizer.unk_token

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/lisa_segmentor.py:147:36
146	
147	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(self.model.config.vision_tower)
148	        self.transform = ResizeLongestSide(self.args.image_size)

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/apply_delta.py:15:11
14	    print("Loading base model")
15	    base = AutoModelForCausalLM.from_pretrained(
16	        base_model_path, torch_dtype=torch.float16, low_cpu_mem_usage=True
17	    )
18	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/apply_delta.py:23:22
22	    )
23	    delta_tokenizer = AutoTokenizer.from_pretrained(delta_path)
24	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/consolidate.py:16:16
15	    auto_upgrade(src_path)
16	    src_model = AutoModelForCausalLM.from_pretrained(
17	        src_path, torch_dtype=torch.float16, low_cpu_mem_usage=True
18	    )
19	    src_tokenizer = AutoTokenizer.from_pretrained(src_path, use_fast=False)

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/consolidate.py:19:20
18	    )
19	    src_tokenizer = AutoTokenizer.from_pretrained(src_path, use_fast=False)
20	    src_model.save_pretrained(dst_path)

--------------------------------------------------
>> Issue: [B614:pytorch_load] Use of unsafe PyTorch load
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b614_pytorch_load.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/llava_arch.py:69:35
68	        if pretrain_mm_mlp_adapter is not None:
69	            mm_projector_weights = torch.load(
70	                pretrain_mm_mlp_adapter, map_location="cpu"
71	            )
72	

--------------------------------------------------
>> Issue: [B614:pytorch_load] Use of unsafe PyTorch load
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b614_pytorch_load.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/llava_arch.py:378:39
377	            if model_args.pretrain_mm_mlp_adapter:
378	                mm_projector_weights = torch.load(
379	                    model_args.pretrain_mm_mlp_adapter, map_location="cpu"
380	                )
381	                embed_tokens_weight = mm_projector_weights["model.embed_tokens.weight"]

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/make_delta.py:15:11
14	    print("Loading base model")
15	    base = AutoModelForCausalLM.from_pretrained(
16	        base_model_path, torch_dtype=torch.float16, low_cpu_mem_usage=True
17	    )
18	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/make_delta.py:21:13
20	    auto_upgrade(target_model_path)
21	    target = AutoModelForCausalLM.from_pretrained(
22	        target_model_path, torch_dtype=torch.float16, low_cpu_mem_usage=True
23	    )
24	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/make_delta.py:49:23
48	    target.save_pretrained(delta_path, **kwargs)
49	    target_tokenizer = AutoTokenizer.from_pretrained(target_model_path)
50	    target_tokenizer.save_pretrained(delta_path, **kwargs)

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/multimodal_encoder/clip_encoder.py:19:28
18	        else:
19	            self.cfg_only = CLIPVisionConfig.from_pretrained(self.vision_tower_name)
20	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/multimodal_encoder/clip_encoder.py:22:31
21	    def load_model(self):
22	        self.image_processor = CLIPImageProcessor.from_pretrained(
23	            self.vision_tower_name
24	        )
25	        self.vision_tower = CLIPVisionModel.from_pretrained(

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/multimodal_encoder/clip_encoder.py:25:28
24	        )
25	        self.vision_tower = CLIPVisionModel.from_pretrained(
26	            self.vision_tower_name, low_cpu_mem_usage=True
27	        )
28	        self.vision_tower.requires_grad_(False)

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/utils.py:5:10
4	def auto_upgrade(config):
5	    cfg = AutoConfig.from_pretrained(config)
6	    if "llava" in config and "llava" not in cfg.model_type:

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/train/train.py:847:21
846	        if "mpt" in model_args.model_name_or_path:
847	            config = transformers.AutoConfig.from_pretrained(
848	                model_args.model_name_or_path, trust_remote_code=True
849	            )
850	            config.attn_config["attn_impl"] = training_args.mpt_attn_impl

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/train/train.py:864:16
863	    else:
864	        model = transformers.LlamaForCausalLM.from_pretrained(
865	            model_args.model_name_or_path,
866	            cache_dir=training_args.cache_dir,
867	            **bnb_model_from_pretrained_args,
868	        )
869	    model.config.use_cache = False

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/train/train.py:916:20
915	    if "mpt" in model_args.model_name_or_path:
916	        tokenizer = transformers.AutoTokenizer.from_pretrained(
917	            model_args.model_name_or_path,
918	            cache_dir=training_args.cache_dir,
919	            model_max_length=training_args.model_max_length,
920	            padding_side="right",
921	        )
922	    else:

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/train/train.py:923:20
922	    else:
923	        tokenizer = transformers.AutoTokenizer.from_pretrained(
924	            model_args.model_name_or_path,
925	            cache_dir=training_args.cache_dir,
926	            model_max_length=training_args.model_max_length,
927	            padding_side="right",
928	            use_fast=False,
929	        )
930	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/utils/dataset.py:333:36
332	        self.transform = ResizeLongestSide(image_size)
333	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(vision_tower)
334	

--------------------------------------------------
>> Issue: [B301:blacklist] Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b301-pickle
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/utils/grefer.py:55:32
54	        if osp.exists(ref_file):
55	            self.data["refs"] = pickle.load(open(ref_file, "rb"), fix_imports=True)
56	        else:

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/utils/reason_seg_dataset.py:51:36
50	        self.transform = ResizeLongestSide(image_size)
51	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(vision_tower)
52	

--------------------------------------------------
>> Issue: [B301:blacklist] Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b301-pickle
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/utils/refer.py:68:28
67	        self.data["dataset"] = dataset
68	        self.data["refs"] = pickle.load(open(ref_file, "rb"))
69	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/utils/refer_seg_dataset.py:46:36
45	        self.transform = ResizeLongestSide(image_size)
46	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(vision_tower)
47	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/utils/sem_seg_dataset.py:154:36
153	        self.transform = ResizeLongestSide(image_size)
154	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(vision_tower)
155	

--------------------------------------------------
>> Issue: [B307:blacklist] Use of possibly insecure function - consider using safer ast.literal_eval.
   Severity: Medium   Confidence: High
   CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b307-eval
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/utils/sem_seg_dataset.py:164:38
163	        for ds in self.sem_seg_datas:
164	            classes, images, labels = eval("init_{}".format(ds))(base_image_dir)
165	            self.data2list[ds] = (images, labels)

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/utils/vqa_dataset.py:58:36
57	        self.transform = ResizeLongestSide(image_size)
58	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(vision_tower)
59	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/LISA_gradio_interface.py:55:25
54	        # Create tokenizer
55	        self.tokenizer = AutoTokenizer.from_pretrained(
56	            self.args.version,
57	            cache_dir=None,
58	            model_max_length=self.args.model_max_length,
59	            padding_side="right",
60	            use_fast=False,
61	        )
62	        self.tokenizer.pad_token = self.tokenizer.unk_token

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/LISA_gradio_interface.py:139:36
138	        # Initialize processors
139	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(self.model.config.vision_tower)
140	        self.transform = ResizeLongestSide(self.args.image_size)

--------------------------------------------------
>> Issue: [B104:hardcoded_bind_all_interfaces] Possible binding to all interfaces.
   Severity: Medium   Confidence: Medium
   CWE: CWE-605 (https://cwe.mitre.org/data/definitions/605.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b104_hardcoded_bind_all_interfaces.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/LISA_gradio_interface.py:412:20
411	    demo.launch(
412	        server_name="0.0.0.0",
413	        server_port=7860,

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/chat.py:71:16
70	    # Create model
71	    tokenizer = AutoTokenizer.from_pretrained(
72	        args.version,
73	        cache_dir=None,
74	        model_max_length=args.model_max_length,
75	        padding_side="right",
76	        use_fast=False,
77	    )
78	    tokenizer.pad_token = tokenizer.unk_token

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/chat.py:149:27
148	
149	    clip_image_processor = CLIPImageProcessor.from_pretrained(model.config.vision_tower)
150	    transform = ResizeLongestSide(args.image_size)

--------------------------------------------------
>> Issue: [B614:pytorch_load] Use of unsafe PyTorch load
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b614_pytorch_load.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/csrnet/run.py:23:13
22	
23	checkpoint = torch.load('weights.pth', map_location="cpu")
24	model.load_state_dict(checkpoint)

--------------------------------------------------
>> Issue: [B614:pytorch_load] Use of unsafe PyTorch load
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b614_pytorch_load.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/csrnet_service.py:22:21
21	        self.model = CSRNet().to(self.device)
22	        checkpoint = torch.load(weights_path, map_location=self.device)
23	        self.model.load_state_dict(checkpoint)

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/lisa_segmentor.py:55:25
54	        # Tokenizer
55	        self.tokenizer = AutoTokenizer.from_pretrained(
56	            self.args.version,
57	            cache_dir=None,
58	            model_max_length=self.args.model_max_length,
59	            padding_side="right",
60	            use_fast=False,
61	        )
62	        self.tokenizer.pad_token = self.tokenizer.unk_token

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/lisa_segmentor.py:147:36
146	
147	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(self.model.config.vision_tower)
148	        self.transform = ResizeLongestSide(self.args.image_size)

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/apply_delta.py:15:11
14	    print("Loading base model")
15	    base = AutoModelForCausalLM.from_pretrained(
16	        base_model_path, torch_dtype=torch.float16, low_cpu_mem_usage=True
17	    )
18	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/apply_delta.py:23:22
22	    )
23	    delta_tokenizer = AutoTokenizer.from_pretrained(delta_path)
24	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/consolidate.py:16:16
15	    auto_upgrade(src_path)
16	    src_model = AutoModelForCausalLM.from_pretrained(
17	        src_path, torch_dtype=torch.float16, low_cpu_mem_usage=True
18	    )
19	    src_tokenizer = AutoTokenizer.from_pretrained(src_path, use_fast=False)

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/consolidate.py:19:20
18	    )
19	    src_tokenizer = AutoTokenizer.from_pretrained(src_path, use_fast=False)
20	    src_model.save_pretrained(dst_path)

--------------------------------------------------
>> Issue: [B614:pytorch_load] Use of unsafe PyTorch load
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b614_pytorch_load.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/llava_arch.py:69:35
68	        if pretrain_mm_mlp_adapter is not None:
69	            mm_projector_weights = torch.load(
70	                pretrain_mm_mlp_adapter, map_location="cpu"
71	            )
72	

--------------------------------------------------
>> Issue: [B614:pytorch_load] Use of unsafe PyTorch load
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b614_pytorch_load.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/llava_arch.py:378:39
377	            if model_args.pretrain_mm_mlp_adapter:
378	                mm_projector_weights = torch.load(
379	                    model_args.pretrain_mm_mlp_adapter, map_location="cpu"
380	                )
381	                embed_tokens_weight = mm_projector_weights["model.embed_tokens.weight"]

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/make_delta.py:15:11
14	    print("Loading base model")
15	    base = AutoModelForCausalLM.from_pretrained(
16	        base_model_path, torch_dtype=torch.float16, low_cpu_mem_usage=True
17	    )
18	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/make_delta.py:21:13
20	    auto_upgrade(target_model_path)
21	    target = AutoModelForCausalLM.from_pretrained(
22	        target_model_path, torch_dtype=torch.float16, low_cpu_mem_usage=True
23	    )
24	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/make_delta.py:49:23
48	    target.save_pretrained(delta_path, **kwargs)
49	    target_tokenizer = AutoTokenizer.from_pretrained(target_model_path)
50	    target_tokenizer.save_pretrained(delta_path, **kwargs)

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/multimodal_encoder/clip_encoder.py:19:28
18	        else:
19	            self.cfg_only = CLIPVisionConfig.from_pretrained(self.vision_tower_name)
20	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/multimodal_encoder/clip_encoder.py:22:31
21	    def load_model(self):
22	        self.image_processor = CLIPImageProcessor.from_pretrained(
23	            self.vision_tower_name
24	        )
25	        self.vision_tower = CLIPVisionModel.from_pretrained(

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/multimodal_encoder/clip_encoder.py:25:28
24	        )
25	        self.vision_tower = CLIPVisionModel.from_pretrained(
26	            self.vision_tower_name, low_cpu_mem_usage=True
27	        )
28	        self.vision_tower.requires_grad_(False)

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/utils.py:5:10
4	def auto_upgrade(config):
5	    cfg = AutoConfig.from_pretrained(config)
6	    if "llava" in config and "llava" not in cfg.model_type:

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/train/train.py:847:21
846	        if "mpt" in model_args.model_name_or_path:
847	            config = transformers.AutoConfig.from_pretrained(
848	                model_args.model_name_or_path, trust_remote_code=True
849	            )
850	            config.attn_config["attn_impl"] = training_args.mpt_attn_impl

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/train/train.py:864:16
863	    else:
864	        model = transformers.LlamaForCausalLM.from_pretrained(
865	            model_args.model_name_or_path,
866	            cache_dir=training_args.cache_dir,
867	            **bnb_model_from_pretrained_args,
868	        )
869	    model.config.use_cache = False

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/train/train.py:916:20
915	    if "mpt" in model_args.model_name_or_path:
916	        tokenizer = transformers.AutoTokenizer.from_pretrained(
917	            model_args.model_name_or_path,
918	            cache_dir=training_args.cache_dir,
919	            model_max_length=training_args.model_max_length,
920	            padding_side="right",
921	        )
922	    else:

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/train/train.py:923:20
922	    else:
923	        tokenizer = transformers.AutoTokenizer.from_pretrained(
924	            model_args.model_name_or_path,
925	            cache_dir=training_args.cache_dir,
926	            model_max_length=training_args.model_max_length,
927	            padding_side="right",
928	            use_fast=False,
929	        )
930	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/utils/dataset.py:333:36
332	        self.transform = ResizeLongestSide(image_size)
333	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(vision_tower)
334	

--------------------------------------------------
>> Issue: [B301:blacklist] Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b301-pickle
   Location: ./Crowd_Monitoring/LISA_Heatmap/utils/grefer.py:55:32
54	        if osp.exists(ref_file):
55	            self.data["refs"] = pickle.load(open(ref_file, "rb"), fix_imports=True)
56	        else:

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/utils/reason_seg_dataset.py:51:36
50	        self.transform = ResizeLongestSide(image_size)
51	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(vision_tower)
52	

--------------------------------------------------
>> Issue: [B301:blacklist] Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b301-pickle
   Location: ./Crowd_Monitoring/LISA_Heatmap/utils/refer.py:68:28
67	        self.data["dataset"] = dataset
68	        self.data["refs"] = pickle.load(open(ref_file, "rb"))
69	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/utils/refer_seg_dataset.py:46:36
45	        self.transform = ResizeLongestSide(image_size)
46	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(vision_tower)
47	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/utils/sem_seg_dataset.py:154:36
153	        self.transform = ResizeLongestSide(image_size)
154	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(vision_tower)
155	

--------------------------------------------------
>> Issue: [B307:blacklist] Use of possibly insecure function - consider using safer ast.literal_eval.
   Severity: Medium   Confidence: High
   CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b307-eval
   Location: ./Crowd_Monitoring/LISA_Heatmap/utils/sem_seg_dataset.py:164:38
163	        for ds in self.sem_seg_datas:
164	            classes, images, labels = eval("init_{}".format(ds))(base_image_dir)
165	            self.data2list[ds] = (images, labels)

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/utils/vqa_dataset.py:58:36
57	        self.transform = ResizeLongestSide(image_size)
58	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(vision_tower)
59	

--------------------------------------------------
>> Issue: [B614:pytorch_load] Use of unsafe PyTorch load
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b614_pytorch_load.html
   Location: ./Player_Tracking/YOLOV3_Model/YOLOV3/utils/utils.py:468:8
467	    # Strip optimizer from *.pt files for lighter files (reduced by 2/3 size)
468	    a = torch.load(filename, map_location='cpu')
469	    a['optimizer'] = []

--------------------------------------------------
>> Issue: [B614:pytorch_load] Use of unsafe PyTorch load
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b614_pytorch_load.html
   Location: ./Player_Tracking/tennis_tracking/court_line_detector/court_line_detector.py:10:35
9	        self.model.fc = torch.nn.Linear(self.model.fc.in_features,14*2)
10	        self.model.load_state_dict(torch.load(model_path,map_location='cpu'))
11	

--------------------------------------------------
>> Issue: [B301:blacklist] Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b301-pickle
   Location: ./Player_Tracking/tennis_tracking/trackers/ball_tracker.py:61:34
60	            with open(stub_path,'rb') as f:
61	                ball_detections = pickle.load(f)
62	            return ball_detections

--------------------------------------------------
>> Issue: [B301:blacklist] Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b301-pickle
   Location: ./Player_Tracking/tennis_tracking/trackers/player_tracker.py:53:36
52	            with open(stub_path,'rb') as f:
53	                player_detections = pickle.load(f)
54	            return player_detections

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b108_hardcoded_tmp_directory.html
   Location: ./data_streaming_backend/airflow/dags/heatmaps_kafka.py:44:49
43	    coco_names = os.getenv('COCO_NAMES')
44	    tmp_output_dir = os.getenv('TMP_OUTPUT_DIR', '/tmp')
45	

--------------------------------------------------
>> Issue: [B310:blacklist] Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
   Severity: Medium   Confidence: High
   CWE: CWE-22 (https://cwe.mitre.org/data/definitions/22.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b310-urllib-urlopen
   Location: ./data_streaming_backend/airflow/dags/heatmaps_kafka.py:48:12
47	        if not os.path.exists(yolo_config):
48	            urllib.request.urlretrieve("https://raw.githubusercontent.com/AlexeyAB/darknet/master/cfg/yolov4.cfg", yolo_config)
49	        if not os.path.exists(yolo_weights):

--------------------------------------------------
>> Issue: [B310:blacklist] Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
   Severity: Medium   Confidence: High
   CWE: CWE-22 (https://cwe.mitre.org/data/definitions/22.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b310-urllib-urlopen
   Location: ./data_streaming_backend/airflow/dags/heatmaps_kafka.py:50:12
49	        if not os.path.exists(yolo_weights):
50	            urllib.request.urlretrieve("https://github.com/AlexeyAB/darknet/releases/download/yolov4/yolov4.weights", yolo_weights)
51	        if not os.path.exists(coco_names):

--------------------------------------------------
>> Issue: [B310:blacklist] Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
   Severity: Medium   Confidence: High
   CWE: CWE-22 (https://cwe.mitre.org/data/definitions/22.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b310-urllib-urlopen
   Location: ./data_streaming_backend/airflow/dags/heatmaps_kafka.py:52:12
51	        if not os.path.exists(coco_names):
52	            urllib.request.urlretrieve("https://raw.githubusercontent.com/pjreddie/darknet/master/data/coco.names", coco_names)
53	    except Exception as e:

--------------------------------------------------
>> Issue: [B113:request_without_timeout] Call to requests without timeout
   Severity: Medium   Confidence: Low
   CWE: CWE-400 (https://cwe.mitre.org/data/definitions/400.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b113_request_without_timeout.html
   Location: ./data_streaming_backend/api.py:216:19
215	        validate_url(health_url)
216	        response = requests.get(health_url)
217	        if response.status_code == 200:

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b108_hardcoded_tmp_directory.html
   Location: ./data_streaming_backend/detect_faces_and_features.py:16:16
15	    'RESULTS_TOPIC': 'face_results',
16	    'YOLO_CFG': '/tmp/yolov4-face.cfg',
17	    'YOLO_WEIGHTS': '/tmp/yolov4-face.weights',
18	    'MASK_MODEL': '/tmp/mask_detector.model',
19	    'AGE_PROTO': '/tmp/age_deploy.prototxt',
20	    'AGE_MODEL': '/tmp/age_net.caffemodel',
21	    'EMOTION_MODEL': '/tmp/emotion-ferplus-8.onnx'
22	}
23	
24	def detect_faces_and_features():
25	    import os
26	    import cv2
27	    import io

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b108_hardcoded_tmp_directory.html
   Location: ./data_streaming_backend/detect_faces_and_features.py:17:20
16	    'YOLO_CFG': '/tmp/yolov4-face.cfg',
17	    'YOLO_WEIGHTS': '/tmp/yolov4-face.weights',
18	    'MASK_MODEL': '/tmp/mask_detector.model',
19	    'AGE_PROTO': '/tmp/age_deploy.prototxt',
20	    'AGE_MODEL': '/tmp/age_net.caffemodel',
21	    'EMOTION_MODEL': '/tmp/emotion-ferplus-8.onnx'
22	}
23	
24	def detect_faces_and_features():
25	    import os
26	    import cv2
27	    import io
28	    import json

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b108_hardcoded_tmp_directory.html
   Location: ./data_streaming_backend/detect_faces_and_features.py:18:18
17	    'YOLO_WEIGHTS': '/tmp/yolov4-face.weights',
18	    'MASK_MODEL': '/tmp/mask_detector.model',
19	    'AGE_PROTO': '/tmp/age_deploy.prototxt',
20	    'AGE_MODEL': '/tmp/age_net.caffemodel',
21	    'EMOTION_MODEL': '/tmp/emotion-ferplus-8.onnx'
22	}
23	
24	def detect_faces_and_features():
25	    import os
26	    import cv2
27	    import io
28	    import json
29	    import numpy as np

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b108_hardcoded_tmp_directory.html
   Location: ./data_streaming_backend/detect_faces_and_features.py:19:17
18	    'MASK_MODEL': '/tmp/mask_detector.model',
19	    'AGE_PROTO': '/tmp/age_deploy.prototxt',
20	    'AGE_MODEL': '/tmp/age_net.caffemodel',
21	    'EMOTION_MODEL': '/tmp/emotion-ferplus-8.onnx'
22	}
23	
24	def detect_faces_and_features():
25	    import os
26	    import cv2
27	    import io
28	    import json
29	    import numpy as np
30	    import urllib.request

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b108_hardcoded_tmp_directory.html
   Location: ./data_streaming_backend/detect_faces_and_features.py:20:17
19	    'AGE_PROTO': '/tmp/age_deploy.prototxt',
20	    'AGE_MODEL': '/tmp/age_net.caffemodel',
21	    'EMOTION_MODEL': '/tmp/emotion-ferplus-8.onnx'
22	}
23	
24	def detect_faces_and_features():
25	    import os
26	    import cv2
27	    import io
28	    import json
29	    import numpy as np
30	    import urllib.request
31	    from PIL import Image

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b108_hardcoded_tmp_directory.html
   Location: ./data_streaming_backend/detect_faces_and_features.py:21:21
20	    'AGE_MODEL': '/tmp/age_net.caffemodel',
21	    'EMOTION_MODEL': '/tmp/emotion-ferplus-8.onnx'
22	}
23	
24	def detect_faces_and_features():
25	    import os
26	    import cv2
27	    import io
28	    import json
29	    import numpy as np
30	    import urllib.request
31	    from PIL import Image
32	    from kafka import KafkaConsumer, KafkaProducer

--------------------------------------------------
>> Issue: [B310:blacklist] Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
   Severity: Medium   Confidence: High
   CWE: CWE-22 (https://cwe.mitre.org/data/definitions/22.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b310-urllib-urlopen
   Location: ./data_streaming_backend/detect_faces_and_features.py:36:12
35	        if not os.path.exists(path):
36	            urllib.request.urlretrieve(url, path)
37	

--------------------------------------------------

Code scanned:
	Total lines of code: 39811
	Total lines skipped (#nosec): 4
	Total potential issues skipped due to specifically being disabled (e.g., #nosec BXXX): 0

Run metrics:
	Total issues (by severity):
		Undefined: 0
		Low: 325
		Medium: 84
		High: 0
	Total issues (by confidence):
		Undefined: 0
		Low: 1
		Medium: 31
		High: 377
Files skipped (0):

✅ No critical security issues detected.

The code has passed all critical security checks.

github-actions · 2026-04-12T23:24:00Z

🔒 Security Scan Results

🔒 Security Scan Results
=========================

Bandit Scan Results:
-------------------
Run started:2026-04-12 23:23:59.487942+00:00

Test results:
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/LISA_gradio_interface.py:55:25
54	        # Create tokenizer
55	        self.tokenizer = AutoTokenizer.from_pretrained(
56	            self.args.version,
57	            cache_dir=None,
58	            model_max_length=self.args.model_max_length,
59	            padding_side="right",
60	            use_fast=False,
61	        )
62	        self.tokenizer.pad_token = self.tokenizer.unk_token

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/LISA_gradio_interface.py:139:36
138	        # Initialize processors
139	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(self.model.config.vision_tower)
140	        self.transform = ResizeLongestSide(self.args.image_size)

--------------------------------------------------
>> Issue: [B104:hardcoded_bind_all_interfaces] Possible binding to all interfaces.
   Severity: Medium   Confidence: Medium
   CWE: CWE-605 (https://cwe.mitre.org/data/definitions/605.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b104_hardcoded_bind_all_interfaces.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/LISA_gradio_interface.py:412:20
411	    demo.launch(
412	        server_name="0.0.0.0",
413	        server_port=7860,

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/chat.py:71:16
70	    # Create model
71	    tokenizer = AutoTokenizer.from_pretrained(
72	        args.version,
73	        cache_dir=None,
74	        model_max_length=args.model_max_length,
75	        padding_side="right",
76	        use_fast=False,
77	    )
78	    tokenizer.pad_token = tokenizer.unk_token

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/chat.py:149:27
148	
149	    clip_image_processor = CLIPImageProcessor.from_pretrained(model.config.vision_tower)
150	    transform = ResizeLongestSide(args.image_size)

--------------------------------------------------
>> Issue: [B614:pytorch_load] Use of unsafe PyTorch load
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b614_pytorch_load.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/csrnet/run.py:23:13
22	
23	checkpoint = torch.load('weights.pth', map_location="cpu")
24	model.load_state_dict(checkpoint)

--------------------------------------------------
>> Issue: [B614:pytorch_load] Use of unsafe PyTorch load
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b614_pytorch_load.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/csrnet_service.py:22:21
21	        self.model = CSRNet().to(self.device)
22	        checkpoint = torch.load(weights_path, map_location=self.device)
23	        self.model.load_state_dict(checkpoint)

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/lisa_segmentor.py:55:25
54	        # Tokenizer
55	        self.tokenizer = AutoTokenizer.from_pretrained(
56	            self.args.version,
57	            cache_dir=None,
58	            model_max_length=self.args.model_max_length,
59	            padding_side="right",
60	            use_fast=False,
61	        )
62	        self.tokenizer.pad_token = self.tokenizer.unk_token

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/lisa_segmentor.py:147:36
146	
147	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(self.model.config.vision_tower)
148	        self.transform = ResizeLongestSide(self.args.image_size)

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/apply_delta.py:15:11
14	    print("Loading base model")
15	    base = AutoModelForCausalLM.from_pretrained(
16	        base_model_path, torch_dtype=torch.float16, low_cpu_mem_usage=True
17	    )
18	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/apply_delta.py:23:22
22	    )
23	    delta_tokenizer = AutoTokenizer.from_pretrained(delta_path)
24	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/consolidate.py:16:16
15	    auto_upgrade(src_path)
16	    src_model = AutoModelForCausalLM.from_pretrained(
17	        src_path, torch_dtype=torch.float16, low_cpu_mem_usage=True
18	    )
19	    src_tokenizer = AutoTokenizer.from_pretrained(src_path, use_fast=False)

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/consolidate.py:19:20
18	    )
19	    src_tokenizer = AutoTokenizer.from_pretrained(src_path, use_fast=False)
20	    src_model.save_pretrained(dst_path)

--------------------------------------------------
>> Issue: [B614:pytorch_load] Use of unsafe PyTorch load
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b614_pytorch_load.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/llava_arch.py:69:35
68	        if pretrain_mm_mlp_adapter is not None:
69	            mm_projector_weights = torch.load(
70	                pretrain_mm_mlp_adapter, map_location="cpu"
71	            )
72	

--------------------------------------------------
>> Issue: [B614:pytorch_load] Use of unsafe PyTorch load
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b614_pytorch_load.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/llava_arch.py:378:39
377	            if model_args.pretrain_mm_mlp_adapter:
378	                mm_projector_weights = torch.load(
379	                    model_args.pretrain_mm_mlp_adapter, map_location="cpu"
380	                )
381	                embed_tokens_weight = mm_projector_weights["model.embed_tokens.weight"]

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/make_delta.py:15:11
14	    print("Loading base model")
15	    base = AutoModelForCausalLM.from_pretrained(
16	        base_model_path, torch_dtype=torch.float16, low_cpu_mem_usage=True
17	    )
18	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/make_delta.py:21:13
20	    auto_upgrade(target_model_path)
21	    target = AutoModelForCausalLM.from_pretrained(
22	        target_model_path, torch_dtype=torch.float16, low_cpu_mem_usage=True
23	    )
24	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/make_delta.py:49:23
48	    target.save_pretrained(delta_path, **kwargs)
49	    target_tokenizer = AutoTokenizer.from_pretrained(target_model_path)
50	    target_tokenizer.save_pretrained(delta_path, **kwargs)

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/multimodal_encoder/clip_encoder.py:19:28
18	        else:
19	            self.cfg_only = CLIPVisionConfig.from_pretrained(self.vision_tower_name)
20	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/multimodal_encoder/clip_encoder.py:22:31
21	    def load_model(self):
22	        self.image_processor = CLIPImageProcessor.from_pretrained(
23	            self.vision_tower_name
24	        )
25	        self.vision_tower = CLIPVisionModel.from_pretrained(

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/multimodal_encoder/clip_encoder.py:25:28
24	        )
25	        self.vision_tower = CLIPVisionModel.from_pretrained(
26	            self.vision_tower_name, low_cpu_mem_usage=True
27	        )
28	        self.vision_tower.requires_grad_(False)

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/utils.py:5:10
4	def auto_upgrade(config):
5	    cfg = AutoConfig.from_pretrained(config)
6	    if "llava" in config and "llava" not in cfg.model_type:

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/train/train.py:847:21
846	        if "mpt" in model_args.model_name_or_path:
847	            config = transformers.AutoConfig.from_pretrained(
848	                model_args.model_name_or_path, trust_remote_code=True
849	            )
850	            config.attn_config["attn_impl"] = training_args.mpt_attn_impl

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/train/train.py:864:16
863	    else:
864	        model = transformers.LlamaForCausalLM.from_pretrained(
865	            model_args.model_name_or_path,
866	            cache_dir=training_args.cache_dir,
867	            **bnb_model_from_pretrained_args,
868	        )
869	    model.config.use_cache = False

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/train/train.py:916:20
915	    if "mpt" in model_args.model_name_or_path:
916	        tokenizer = transformers.AutoTokenizer.from_pretrained(
917	            model_args.model_name_or_path,
918	            cache_dir=training_args.cache_dir,
919	            model_max_length=training_args.model_max_length,
920	            padding_side="right",
921	        )
922	    else:

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/train/train.py:923:20
922	    else:
923	        tokenizer = transformers.AutoTokenizer.from_pretrained(
924	            model_args.model_name_or_path,
925	            cache_dir=training_args.cache_dir,
926	            model_max_length=training_args.model_max_length,
927	            padding_side="right",
928	            use_fast=False,
929	        )
930	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/utils/dataset.py:333:36
332	        self.transform = ResizeLongestSide(image_size)
333	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(vision_tower)
334	

--------------------------------------------------
>> Issue: [B301:blacklist] Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b301-pickle
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/utils/grefer.py:55:32
54	        if osp.exists(ref_file):
55	            self.data["refs"] = pickle.load(open(ref_file, "rb"), fix_imports=True)
56	        else:

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/utils/reason_seg_dataset.py:51:36
50	        self.transform = ResizeLongestSide(image_size)
51	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(vision_tower)
52	

--------------------------------------------------
>> Issue: [B301:blacklist] Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b301-pickle
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/utils/refer.py:68:28
67	        self.data["dataset"] = dataset
68	        self.data["refs"] = pickle.load(open(ref_file, "rb"))
69	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/utils/refer_seg_dataset.py:46:36
45	        self.transform = ResizeLongestSide(image_size)
46	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(vision_tower)
47	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/utils/sem_seg_dataset.py:154:36
153	        self.transform = ResizeLongestSide(image_size)
154	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(vision_tower)
155	

--------------------------------------------------
>> Issue: [B307:blacklist] Use of possibly insecure function - consider using safer ast.literal_eval.
   Severity: Medium   Confidence: High
   CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b307-eval
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/utils/sem_seg_dataset.py:164:38
163	        for ds in self.sem_seg_datas:
164	            classes, images, labels = eval("init_{}".format(ds))(base_image_dir)
165	            self.data2list[ds] = (images, labels)

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/utils/vqa_dataset.py:58:36
57	        self.transform = ResizeLongestSide(image_size)
58	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(vision_tower)
59	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/LISA_gradio_interface.py:55:25
54	        # Create tokenizer
55	        self.tokenizer = AutoTokenizer.from_pretrained(
56	            self.args.version,
57	            cache_dir=None,
58	            model_max_length=self.args.model_max_length,
59	            padding_side="right",
60	            use_fast=False,
61	        )
62	        self.tokenizer.pad_token = self.tokenizer.unk_token

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/LISA_gradio_interface.py:139:36
138	        # Initialize processors
139	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(self.model.config.vision_tower)
140	        self.transform = ResizeLongestSide(self.args.image_size)

--------------------------------------------------
>> Issue: [B104:hardcoded_bind_all_interfaces] Possible binding to all interfaces.
   Severity: Medium   Confidence: Medium
   CWE: CWE-605 (https://cwe.mitre.org/data/definitions/605.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b104_hardcoded_bind_all_interfaces.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/LISA_gradio_interface.py:412:20
411	    demo.launch(
412	        server_name="0.0.0.0",
413	        server_port=7860,

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/chat.py:71:16
70	    # Create model
71	    tokenizer = AutoTokenizer.from_pretrained(
72	        args.version,
73	        cache_dir=None,
74	        model_max_length=args.model_max_length,
75	        padding_side="right",
76	        use_fast=False,
77	    )
78	    tokenizer.pad_token = tokenizer.unk_token

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/chat.py:149:27
148	
149	    clip_image_processor = CLIPImageProcessor.from_pretrained(model.config.vision_tower)
150	    transform = ResizeLongestSide(args.image_size)

--------------------------------------------------
>> Issue: [B614:pytorch_load] Use of unsafe PyTorch load
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b614_pytorch_load.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/csrnet/run.py:23:13
22	
23	checkpoint = torch.load('weights.pth', map_location="cpu")
24	model.load_state_dict(checkpoint)

--------------------------------------------------
>> Issue: [B614:pytorch_load] Use of unsafe PyTorch load
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b614_pytorch_load.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/csrnet_service.py:22:21
21	        self.model = CSRNet().to(self.device)
22	        checkpoint = torch.load(weights_path, map_location=self.device)
23	        self.model.load_state_dict(checkpoint)

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/lisa_segmentor.py:55:25
54	        # Tokenizer
55	        self.tokenizer = AutoTokenizer.from_pretrained(
56	            self.args.version,
57	            cache_dir=None,
58	            model_max_length=self.args.model_max_length,
59	            padding_side="right",
60	            use_fast=False,
61	        )
62	        self.tokenizer.pad_token = self.tokenizer.unk_token

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/lisa_segmentor.py:147:36
146	
147	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(self.model.config.vision_tower)
148	        self.transform = ResizeLongestSide(self.args.image_size)

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/apply_delta.py:15:11
14	    print("Loading base model")
15	    base = AutoModelForCausalLM.from_pretrained(
16	        base_model_path, torch_dtype=torch.float16, low_cpu_mem_usage=True
17	    )
18	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/apply_delta.py:23:22
22	    )
23	    delta_tokenizer = AutoTokenizer.from_pretrained(delta_path)
24	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/consolidate.py:16:16
15	    auto_upgrade(src_path)
16	    src_model = AutoModelForCausalLM.from_pretrained(
17	        src_path, torch_dtype=torch.float16, low_cpu_mem_usage=True
18	    )
19	    src_tokenizer = AutoTokenizer.from_pretrained(src_path, use_fast=False)

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/consolidate.py:19:20
18	    )
19	    src_tokenizer = AutoTokenizer.from_pretrained(src_path, use_fast=False)
20	    src_model.save_pretrained(dst_path)

--------------------------------------------------
>> Issue: [B614:pytorch_load] Use of unsafe PyTorch load
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b614_pytorch_load.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/llava_arch.py:69:35
68	        if pretrain_mm_mlp_adapter is not None:
69	            mm_projector_weights = torch.load(
70	                pretrain_mm_mlp_adapter, map_location="cpu"
71	            )
72	

--------------------------------------------------
>> Issue: [B614:pytorch_load] Use of unsafe PyTorch load
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b614_pytorch_load.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/llava_arch.py:378:39
377	            if model_args.pretrain_mm_mlp_adapter:
378	                mm_projector_weights = torch.load(
379	                    model_args.pretrain_mm_mlp_adapter, map_location="cpu"
380	                )
381	                embed_tokens_weight = mm_projector_weights["model.embed_tokens.weight"]

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/make_delta.py:15:11
14	    print("Loading base model")
15	    base = AutoModelForCausalLM.from_pretrained(
16	        base_model_path, torch_dtype=torch.float16, low_cpu_mem_usage=True
17	    )
18	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/make_delta.py:21:13
20	    auto_upgrade(target_model_path)
21	    target = AutoModelForCausalLM.from_pretrained(
22	        target_model_path, torch_dtype=torch.float16, low_cpu_mem_usage=True
23	    )
24	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/make_delta.py:49:23
48	    target.save_pretrained(delta_path, **kwargs)
49	    target_tokenizer = AutoTokenizer.from_pretrained(target_model_path)
50	    target_tokenizer.save_pretrained(delta_path, **kwargs)

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/multimodal_encoder/clip_encoder.py:19:28
18	        else:
19	            self.cfg_only = CLIPVisionConfig.from_pretrained(self.vision_tower_name)
20	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/multimodal_encoder/clip_encoder.py:22:31
21	    def load_model(self):
22	        self.image_processor = CLIPImageProcessor.from_pretrained(
23	            self.vision_tower_name
24	        )
25	        self.vision_tower = CLIPVisionModel.from_pretrained(

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/multimodal_encoder/clip_encoder.py:25:28
24	        )
25	        self.vision_tower = CLIPVisionModel.from_pretrained(
26	            self.vision_tower_name, low_cpu_mem_usage=True
27	        )
28	        self.vision_tower.requires_grad_(False)

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/utils.py:5:10
4	def auto_upgrade(config):
5	    cfg = AutoConfig.from_pretrained(config)
6	    if "llava" in config and "llava" not in cfg.model_type:

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/train/train.py:847:21
846	        if "mpt" in model_args.model_name_or_path:
847	            config = transformers.AutoConfig.from_pretrained(
848	                model_args.model_name_or_path, trust_remote_code=True
849	            )
850	            config.attn_config["attn_impl"] = training_args.mpt_attn_impl

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/train/train.py:864:16
863	    else:
864	        model = transformers.LlamaForCausalLM.from_pretrained(
865	            model_args.model_name_or_path,
866	            cache_dir=training_args.cache_dir,
867	            **bnb_model_from_pretrained_args,
868	        )
869	    model.config.use_cache = False

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/train/train.py:916:20
915	    if "mpt" in model_args.model_name_or_path:
916	        tokenizer = transformers.AutoTokenizer.from_pretrained(
917	            model_args.model_name_or_path,
918	            cache_dir=training_args.cache_dir,
919	            model_max_length=training_args.model_max_length,
920	            padding_side="right",
921	        )
922	    else:

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/train/train.py:923:20
922	    else:
923	        tokenizer = transformers.AutoTokenizer.from_pretrained(
924	            model_args.model_name_or_path,
925	            cache_dir=training_args.cache_dir,
926	            model_max_length=training_args.model_max_length,
927	            padding_side="right",
928	            use_fast=False,
929	        )
930	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/utils/dataset.py:333:36
332	        self.transform = ResizeLongestSide(image_size)
333	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(vision_tower)
334	

--------------------------------------------------
>> Issue: [B301:blacklist] Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b301-pickle
   Location: ./Crowd_Monitoring/LISA_Heatmap/utils/grefer.py:55:32
54	        if osp.exists(ref_file):
55	            self.data["refs"] = pickle.load(open(ref_file, "rb"), fix_imports=True)
56	        else:

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/utils/reason_seg_dataset.py:51:36
50	        self.transform = ResizeLongestSide(image_size)
51	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(vision_tower)
52	

--------------------------------------------------
>> Issue: [B301:blacklist] Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b301-pickle
   Location: ./Crowd_Monitoring/LISA_Heatmap/utils/refer.py:68:28
67	        self.data["dataset"] = dataset
68	        self.data["refs"] = pickle.load(open(ref_file, "rb"))
69	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/utils/refer_seg_dataset.py:46:36
45	        self.transform = ResizeLongestSide(image_size)
46	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(vision_tower)
47	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/utils/sem_seg_dataset.py:154:36
153	        self.transform = ResizeLongestSide(image_size)
154	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(vision_tower)
155	

--------------------------------------------------
>> Issue: [B307:blacklist] Use of possibly insecure function - consider using safer ast.literal_eval.
   Severity: Medium   Confidence: High
   CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b307-eval
   Location: ./Crowd_Monitoring/LISA_Heatmap/utils/sem_seg_dataset.py:164:38
163	        for ds in self.sem_seg_datas:
164	            classes, images, labels = eval("init_{}".format(ds))(base_image_dir)
165	            self.data2list[ds] = (images, labels)

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/utils/vqa_dataset.py:58:36
57	        self.transform = ResizeLongestSide(image_size)
58	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(vision_tower)
59	

--------------------------------------------------
>> Issue: [B614:pytorch_load] Use of unsafe PyTorch load
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b614_pytorch_load.html
   Location: ./Player_Tracking/YOLOV3_Model/YOLOV3/utils/utils.py:468:8
467	    # Strip optimizer from *.pt files for lighter files (reduced by 2/3 size)
468	    a = torch.load(filename, map_location='cpu')
469	    a['optimizer'] = []

--------------------------------------------------
>> Issue: [B614:pytorch_load] Use of unsafe PyTorch load
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b614_pytorch_load.html
   Location: ./Player_Tracking/tennis_tracking/court_line_detector/court_line_detector.py:10:35
9	        self.model.fc = torch.nn.Linear(self.model.fc.in_features,14*2)
10	        self.model.load_state_dict(torch.load(model_path,map_location='cpu'))
11	

--------------------------------------------------
>> Issue: [B301:blacklist] Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b301-pickle
   Location: ./Player_Tracking/tennis_tracking/trackers/ball_tracker.py:61:34
60	            with open(stub_path,'rb') as f:
61	                ball_detections = pickle.load(f)
62	            return ball_detections

--------------------------------------------------
>> Issue: [B301:blacklist] Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b301-pickle
   Location: ./Player_Tracking/tennis_tracking/trackers/player_tracker.py:53:36
52	            with open(stub_path,'rb') as f:
53	                player_detections = pickle.load(f)
54	            return player_detections

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b108_hardcoded_tmp_directory.html
   Location: ./data_streaming_backend/airflow/dags/heatmaps_kafka.py:44:49
43	    coco_names = os.getenv('COCO_NAMES')
44	    tmp_output_dir = os.getenv('TMP_OUTPUT_DIR', '/tmp')
45	

--------------------------------------------------
>> Issue: [B310:blacklist] Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
   Severity: Medium   Confidence: High
   CWE: CWE-22 (https://cwe.mitre.org/data/definitions/22.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b310-urllib-urlopen
   Location: ./data_streaming_backend/airflow/dags/heatmaps_kafka.py:48:12
47	        if not os.path.exists(yolo_config):
48	            urllib.request.urlretrieve("https://raw.githubusercontent.com/AlexeyAB/darknet/master/cfg/yolov4.cfg", yolo_config)
49	        if not os.path.exists(yolo_weights):

--------------------------------------------------
>> Issue: [B310:blacklist] Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
   Severity: Medium   Confidence: High
   CWE: CWE-22 (https://cwe.mitre.org/data/definitions/22.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b310-urllib-urlopen
   Location: ./data_streaming_backend/airflow/dags/heatmaps_kafka.py:50:12
49	        if not os.path.exists(yolo_weights):
50	            urllib.request.urlretrieve("https://github.com/AlexeyAB/darknet/releases/download/yolov4/yolov4.weights", yolo_weights)
51	        if not os.path.exists(coco_names):

--------------------------------------------------
>> Issue: [B310:blacklist] Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
   Severity: Medium   Confidence: High
   CWE: CWE-22 (https://cwe.mitre.org/data/definitions/22.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b310-urllib-urlopen
   Location: ./data_streaming_backend/airflow/dags/heatmaps_kafka.py:52:12
51	        if not os.path.exists(coco_names):
52	            urllib.request.urlretrieve("https://raw.githubusercontent.com/pjreddie/darknet/master/data/coco.names", coco_names)
53	    except Exception as e:

--------------------------------------------------
>> Issue: [B113:request_without_timeout] Call to requests without timeout
   Severity: Medium   Confidence: Low
   CWE: CWE-400 (https://cwe.mitre.org/data/definitions/400.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b113_request_without_timeout.html
   Location: ./data_streaming_backend/api.py:216:19
215	        validate_url(health_url)
216	        response = requests.get(health_url)
217	        if response.status_code == 200:

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b108_hardcoded_tmp_directory.html
   Location: ./data_streaming_backend/detect_faces_and_features.py:16:16
15	    'RESULTS_TOPIC': 'face_results',
16	    'YOLO_CFG': '/tmp/yolov4-face.cfg',
17	    'YOLO_WEIGHTS': '/tmp/yolov4-face.weights',
18	    'MASK_MODEL': '/tmp/mask_detector.model',
19	    'AGE_PROTO': '/tmp/age_deploy.prototxt',
20	    'AGE_MODEL': '/tmp/age_net.caffemodel',
21	    'EMOTION_MODEL': '/tmp/emotion-ferplus-8.onnx'
22	}
23	
24	def detect_faces_and_features():
25	    import os
26	    import cv2
27	    import io

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b108_hardcoded_tmp_directory.html
   Location: ./data_streaming_backend/detect_faces_and_features.py:17:20
16	    'YOLO_CFG': '/tmp/yolov4-face.cfg',
17	    'YOLO_WEIGHTS': '/tmp/yolov4-face.weights',
18	    'MASK_MODEL': '/tmp/mask_detector.model',
19	    'AGE_PROTO': '/tmp/age_deploy.prototxt',
20	    'AGE_MODEL': '/tmp/age_net.caffemodel',
21	    'EMOTION_MODEL': '/tmp/emotion-ferplus-8.onnx'
22	}
23	
24	def detect_faces_and_features():
25	    import os
26	    import cv2
27	    import io
28	    import json

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b108_hardcoded_tmp_directory.html
   Location: ./data_streaming_backend/detect_faces_and_features.py:18:18
17	    'YOLO_WEIGHTS': '/tmp/yolov4-face.weights',
18	    'MASK_MODEL': '/tmp/mask_detector.model',
19	    'AGE_PROTO': '/tmp/age_deploy.prototxt',
20	    'AGE_MODEL': '/tmp/age_net.caffemodel',
21	    'EMOTION_MODEL': '/tmp/emotion-ferplus-8.onnx'
22	}
23	
24	def detect_faces_and_features():
25	    import os
26	    import cv2
27	    import io
28	    import json
29	    import numpy as np

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b108_hardcoded_tmp_directory.html
   Location: ./data_streaming_backend/detect_faces_and_features.py:19:17
18	    'MASK_MODEL': '/tmp/mask_detector.model',
19	    'AGE_PROTO': '/tmp/age_deploy.prototxt',
20	    'AGE_MODEL': '/tmp/age_net.caffemodel',
21	    'EMOTION_MODEL': '/tmp/emotion-ferplus-8.onnx'
22	}
23	
24	def detect_faces_and_features():
25	    import os
26	    import cv2
27	    import io
28	    import json
29	    import numpy as np
30	    import urllib.request

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b108_hardcoded_tmp_directory.html
   Location: ./data_streaming_backend/detect_faces_and_features.py:20:17
19	    'AGE_PROTO': '/tmp/age_deploy.prototxt',
20	    'AGE_MODEL': '/tmp/age_net.caffemodel',
21	    'EMOTION_MODEL': '/tmp/emotion-ferplus-8.onnx'
22	}
23	
24	def detect_faces_and_features():
25	    import os
26	    import cv2
27	    import io
28	    import json
29	    import numpy as np
30	    import urllib.request
31	    from PIL import Image

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b108_hardcoded_tmp_directory.html
   Location: ./data_streaming_backend/detect_faces_and_features.py:21:21
20	    'AGE_MODEL': '/tmp/age_net.caffemodel',
21	    'EMOTION_MODEL': '/tmp/emotion-ferplus-8.onnx'
22	}
23	
24	def detect_faces_and_features():
25	    import os
26	    import cv2
27	    import io
28	    import json
29	    import numpy as np
30	    import urllib.request
31	    from PIL import Image
32	    from kafka import KafkaConsumer, KafkaProducer

--------------------------------------------------
>> Issue: [B310:blacklist] Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
   Severity: Medium   Confidence: High
   CWE: CWE-22 (https://cwe.mitre.org/data/definitions/22.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b310-urllib-urlopen
   Location: ./data_streaming_backend/detect_faces_and_features.py:36:12
35	        if not os.path.exists(path):
36	            urllib.request.urlretrieve(url, path)
37	

--------------------------------------------------

Code scanned:
	Total lines of code: 39811
	Total lines skipped (#nosec): 4
	Total potential issues skipped due to specifically being disabled (e.g., #nosec BXXX): 0

Run metrics:
	Total issues (by severity):
		Undefined: 0
		Low: 325
		Medium: 84
		High: 0
	Total issues (by confidence):
		Undefined: 0
		Low: 1
		Medium: 31
		High: 377
Files skipped (0):

✅ No critical security issues detected.

The code has passed all critical security checks.

- Add RefreshToken model (refresh_tokens table) to track issued tokens per user - Update auth/jwt.py with create_refresh_token and decode_refresh_token functions - Update auth/schemas with RefreshRequest, LogoutRequest, refresh_token in AuthResponse - Add POST /auth/refresh — issues new token pair, revokes old refresh token - Add POST /auth/logout — revokes refresh token in DB - Update login and register to issue both access + refresh tokens - Add REFRESH_TOKEN_EXPIRE_DAYS config (default 7 days) - Update API_CONTRACT.md to v1.1.0 with full refresh token documentation - Add presentation scripts (create_ppt.py, create_individual_ppt.py)

Updated work from last sprint

github-actions · 2026-04-14T06:51:31Z

🔒 Security Scan Results

🔒 Security Scan Results
=========================

Bandit Scan Results:
-------------------
Run started:2026-04-14 06:51:31.301029+00:00

Test results:
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/LISA_gradio_interface.py:55:25
54	        # Create tokenizer
55	        self.tokenizer = AutoTokenizer.from_pretrained(
56	            self.args.version,
57	            cache_dir=None,
58	            model_max_length=self.args.model_max_length,
59	            padding_side="right",
60	            use_fast=False,
61	        )
62	        self.tokenizer.pad_token = self.tokenizer.unk_token

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/LISA_gradio_interface.py:139:36
138	        # Initialize processors
139	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(self.model.config.vision_tower)
140	        self.transform = ResizeLongestSide(self.args.image_size)

--------------------------------------------------
>> Issue: [B104:hardcoded_bind_all_interfaces] Possible binding to all interfaces.
   Severity: Medium   Confidence: Medium
   CWE: CWE-605 (https://cwe.mitre.org/data/definitions/605.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b104_hardcoded_bind_all_interfaces.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/LISA_gradio_interface.py:412:20
411	    demo.launch(
412	        server_name="0.0.0.0",
413	        server_port=7860,

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/chat.py:71:16
70	    # Create model
71	    tokenizer = AutoTokenizer.from_pretrained(
72	        args.version,
73	        cache_dir=None,
74	        model_max_length=args.model_max_length,
75	        padding_side="right",
76	        use_fast=False,
77	    )
78	    tokenizer.pad_token = tokenizer.unk_token

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/chat.py:149:27
148	
149	    clip_image_processor = CLIPImageProcessor.from_pretrained(model.config.vision_tower)
150	    transform = ResizeLongestSide(args.image_size)

--------------------------------------------------
>> Issue: [B614:pytorch_load] Use of unsafe PyTorch load
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b614_pytorch_load.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/csrnet/run.py:23:13
22	
23	checkpoint = torch.load('weights.pth', map_location="cpu")
24	model.load_state_dict(checkpoint)

--------------------------------------------------
>> Issue: [B614:pytorch_load] Use of unsafe PyTorch load
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b614_pytorch_load.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/csrnet_service.py:22:21
21	        self.model = CSRNet().to(self.device)
22	        checkpoint = torch.load(weights_path, map_location=self.device)
23	        self.model.load_state_dict(checkpoint)

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/lisa_segmentor.py:55:25
54	        # Tokenizer
55	        self.tokenizer = AutoTokenizer.from_pretrained(
56	            self.args.version,
57	            cache_dir=None,
58	            model_max_length=self.args.model_max_length,
59	            padding_side="right",
60	            use_fast=False,
61	        )
62	        self.tokenizer.pad_token = self.tokenizer.unk_token

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/lisa_segmentor.py:147:36
146	
147	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(self.model.config.vision_tower)
148	        self.transform = ResizeLongestSide(self.args.image_size)

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/apply_delta.py:15:11
14	    print("Loading base model")
15	    base = AutoModelForCausalLM.from_pretrained(
16	        base_model_path, torch_dtype=torch.float16, low_cpu_mem_usage=True
17	    )
18	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/apply_delta.py:23:22
22	    )
23	    delta_tokenizer = AutoTokenizer.from_pretrained(delta_path)
24	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/consolidate.py:16:16
15	    auto_upgrade(src_path)
16	    src_model = AutoModelForCausalLM.from_pretrained(
17	        src_path, torch_dtype=torch.float16, low_cpu_mem_usage=True
18	    )
19	    src_tokenizer = AutoTokenizer.from_pretrained(src_path, use_fast=False)

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/consolidate.py:19:20
18	    )
19	    src_tokenizer = AutoTokenizer.from_pretrained(src_path, use_fast=False)
20	    src_model.save_pretrained(dst_path)

--------------------------------------------------
>> Issue: [B614:pytorch_load] Use of unsafe PyTorch load
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b614_pytorch_load.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/llava_arch.py:69:35
68	        if pretrain_mm_mlp_adapter is not None:
69	            mm_projector_weights = torch.load(
70	                pretrain_mm_mlp_adapter, map_location="cpu"
71	            )
72	

--------------------------------------------------
>> Issue: [B614:pytorch_load] Use of unsafe PyTorch load
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b614_pytorch_load.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/llava_arch.py:378:39
377	            if model_args.pretrain_mm_mlp_adapter:
378	                mm_projector_weights = torch.load(
379	                    model_args.pretrain_mm_mlp_adapter, map_location="cpu"
380	                )
381	                embed_tokens_weight = mm_projector_weights["model.embed_tokens.weight"]

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/make_delta.py:15:11
14	    print("Loading base model")
15	    base = AutoModelForCausalLM.from_pretrained(
16	        base_model_path, torch_dtype=torch.float16, low_cpu_mem_usage=True
17	    )
18	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/make_delta.py:21:13
20	    auto_upgrade(target_model_path)
21	    target = AutoModelForCausalLM.from_pretrained(
22	        target_model_path, torch_dtype=torch.float16, low_cpu_mem_usage=True
23	    )
24	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/make_delta.py:49:23
48	    target.save_pretrained(delta_path, **kwargs)
49	    target_tokenizer = AutoTokenizer.from_pretrained(target_model_path)
50	    target_tokenizer.save_pretrained(delta_path, **kwargs)

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/multimodal_encoder/clip_encoder.py:19:28
18	        else:
19	            self.cfg_only = CLIPVisionConfig.from_pretrained(self.vision_tower_name)
20	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/multimodal_encoder/clip_encoder.py:22:31
21	    def load_model(self):
22	        self.image_processor = CLIPImageProcessor.from_pretrained(
23	            self.vision_tower_name
24	        )
25	        self.vision_tower = CLIPVisionModel.from_pretrained(

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/multimodal_encoder/clip_encoder.py:25:28
24	        )
25	        self.vision_tower = CLIPVisionModel.from_pretrained(
26	            self.vision_tower_name, low_cpu_mem_usage=True
27	        )
28	        self.vision_tower.requires_grad_(False)

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/utils.py:5:10
4	def auto_upgrade(config):
5	    cfg = AutoConfig.from_pretrained(config)
6	    if "llava" in config and "llava" not in cfg.model_type:

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/train/train.py:847:21
846	        if "mpt" in model_args.model_name_or_path:
847	            config = transformers.AutoConfig.from_pretrained(
848	                model_args.model_name_or_path, trust_remote_code=True
849	            )
850	            config.attn_config["attn_impl"] = training_args.mpt_attn_impl

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/train/train.py:864:16
863	    else:
864	        model = transformers.LlamaForCausalLM.from_pretrained(
865	            model_args.model_name_or_path,
866	            cache_dir=training_args.cache_dir,
867	            **bnb_model_from_pretrained_args,
868	        )
869	    model.config.use_cache = False

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/train/train.py:916:20
915	    if "mpt" in model_args.model_name_or_path:
916	        tokenizer = transformers.AutoTokenizer.from_pretrained(
917	            model_args.model_name_or_path,
918	            cache_dir=training_args.cache_dir,
919	            model_max_length=training_args.model_max_length,
920	            padding_side="right",
921	        )
922	    else:

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/train/train.py:923:20
922	    else:
923	        tokenizer = transformers.AutoTokenizer.from_pretrained(
924	            model_args.model_name_or_path,
925	            cache_dir=training_args.cache_dir,
926	            model_max_length=training_args.model_max_length,
927	            padding_side="right",
928	            use_fast=False,
929	        )
930	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/utils/dataset.py:333:36
332	        self.transform = ResizeLongestSide(image_size)
333	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(vision_tower)
334	

--------------------------------------------------
>> Issue: [B301:blacklist] Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b301-pickle
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/utils/grefer.py:55:32
54	        if osp.exists(ref_file):
55	            self.data["refs"] = pickle.load(open(ref_file, "rb"), fix_imports=True)
56	        else:

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/utils/reason_seg_dataset.py:51:36
50	        self.transform = ResizeLongestSide(image_size)
51	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(vision_tower)
52	

--------------------------------------------------
>> Issue: [B301:blacklist] Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b301-pickle
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/utils/refer.py:68:28
67	        self.data["dataset"] = dataset
68	        self.data["refs"] = pickle.load(open(ref_file, "rb"))
69	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/utils/refer_seg_dataset.py:46:36
45	        self.transform = ResizeLongestSide(image_size)
46	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(vision_tower)
47	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/utils/sem_seg_dataset.py:154:36
153	        self.transform = ResizeLongestSide(image_size)
154	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(vision_tower)
155	

--------------------------------------------------
>> Issue: [B307:blacklist] Use of possibly insecure function - consider using safer ast.literal_eval.
   Severity: Medium   Confidence: High
   CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b307-eval
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/utils/sem_seg_dataset.py:164:38
163	        for ds in self.sem_seg_datas:
164	            classes, images, labels = eval("init_{}".format(ds))(base_image_dir)
165	            self.data2list[ds] = (images, labels)

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/utils/vqa_dataset.py:58:36
57	        self.transform = ResizeLongestSide(image_size)
58	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(vision_tower)
59	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/LISA_gradio_interface.py:55:25
54	        # Create tokenizer
55	        self.tokenizer = AutoTokenizer.from_pretrained(
56	            self.args.version,
57	            cache_dir=None,
58	            model_max_length=self.args.model_max_length,
59	            padding_side="right",
60	            use_fast=False,
61	        )
62	        self.tokenizer.pad_token = self.tokenizer.unk_token

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/LISA_gradio_interface.py:139:36
138	        # Initialize processors
139	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(self.model.config.vision_tower)
140	        self.transform = ResizeLongestSide(self.args.image_size)

--------------------------------------------------
>> Issue: [B104:hardcoded_bind_all_interfaces] Possible binding to all interfaces.
   Severity: Medium   Confidence: Medium
   CWE: CWE-605 (https://cwe.mitre.org/data/definitions/605.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b104_hardcoded_bind_all_interfaces.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/LISA_gradio_interface.py:412:20
411	    demo.launch(
412	        server_name="0.0.0.0",
413	        server_port=7860,

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/chat.py:71:16
70	    # Create model
71	    tokenizer = AutoTokenizer.from_pretrained(
72	        args.version,
73	        cache_dir=None,
74	        model_max_length=args.model_max_length,
75	        padding_side="right",
76	        use_fast=False,
77	    )
78	    tokenizer.pad_token = tokenizer.unk_token

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/chat.py:149:27
148	
149	    clip_image_processor = CLIPImageProcessor.from_pretrained(model.config.vision_tower)
150	    transform = ResizeLongestSide(args.image_size)

--------------------------------------------------
>> Issue: [B614:pytorch_load] Use of unsafe PyTorch load
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b614_pytorch_load.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/csrnet/run.py:23:13
22	
23	checkpoint = torch.load('weights.pth', map_location="cpu")
24	model.load_state_dict(checkpoint)

--------------------------------------------------
>> Issue: [B614:pytorch_load] Use of unsafe PyTorch load
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b614_pytorch_load.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/csrnet_service.py:22:21
21	        self.model = CSRNet().to(self.device)
22	        checkpoint = torch.load(weights_path, map_location=self.device)
23	        self.model.load_state_dict(checkpoint)

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/lisa_segmentor.py:55:25
54	        # Tokenizer
55	        self.tokenizer = AutoTokenizer.from_pretrained(
56	            self.args.version,
57	            cache_dir=None,
58	            model_max_length=self.args.model_max_length,
59	            padding_side="right",
60	            use_fast=False,
61	        )
62	        self.tokenizer.pad_token = self.tokenizer.unk_token

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/lisa_segmentor.py:147:36
146	
147	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(self.model.config.vision_tower)
148	        self.transform = ResizeLongestSide(self.args.image_size)

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/apply_delta.py:15:11
14	    print("Loading base model")
15	    base = AutoModelForCausalLM.from_pretrained(
16	        base_model_path, torch_dtype=torch.float16, low_cpu_mem_usage=True
17	    )
18	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/apply_delta.py:23:22
22	    )
23	    delta_tokenizer = AutoTokenizer.from_pretrained(delta_path)
24	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/consolidate.py:16:16
15	    auto_upgrade(src_path)
16	    src_model = AutoModelForCausalLM.from_pretrained(
17	        src_path, torch_dtype=torch.float16, low_cpu_mem_usage=True
18	    )
19	    src_tokenizer = AutoTokenizer.from_pretrained(src_path, use_fast=False)

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/consolidate.py:19:20
18	    )
19	    src_tokenizer = AutoTokenizer.from_pretrained(src_path, use_fast=False)
20	    src_model.save_pretrained(dst_path)

--------------------------------------------------
>> Issue: [B614:pytorch_load] Use of unsafe PyTorch load
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b614_pytorch_load.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/llava_arch.py:69:35
68	        if pretrain_mm_mlp_adapter is not None:
69	            mm_projector_weights = torch.load(
70	                pretrain_mm_mlp_adapter, map_location="cpu"
71	            )
72	

--------------------------------------------------
>> Issue: [B614:pytorch_load] Use of unsafe PyTorch load
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b614_pytorch_load.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/llava_arch.py:378:39
377	            if model_args.pretrain_mm_mlp_adapter:
378	                mm_projector_weights = torch.load(
379	                    model_args.pretrain_mm_mlp_adapter, map_location="cpu"
380	                )
381	                embed_tokens_weight = mm_projector_weights["model.embed_tokens.weight"]

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/make_delta.py:15:11
14	    print("Loading base model")
15	    base = AutoModelForCausalLM.from_pretrained(
16	        base_model_path, torch_dtype=torch.float16, low_cpu_mem_usage=True
17	    )
18	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/make_delta.py:21:13
20	    auto_upgrade(target_model_path)
21	    target = AutoModelForCausalLM.from_pretrained(
22	        target_model_path, torch_dtype=torch.float16, low_cpu_mem_usage=True
23	    )
24	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/make_delta.py:49:23
48	    target.save_pretrained(delta_path, **kwargs)
49	    target_tokenizer = AutoTokenizer.from_pretrained(target_model_path)
50	    target_tokenizer.save_pretrained(delta_path, **kwargs)

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/multimodal_encoder/clip_encoder.py:19:28
18	        else:
19	            self.cfg_only = CLIPVisionConfig.from_pretrained(self.vision_tower_name)
20	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/multimodal_encoder/clip_encoder.py:22:31
21	    def load_model(self):
22	        self.image_processor = CLIPImageProcessor.from_pretrained(
23	            self.vision_tower_name
24	        )
25	        self.vision_tower = CLIPVisionModel.from_pretrained(

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/multimodal_encoder/clip_encoder.py:25:28
24	        )
25	        self.vision_tower = CLIPVisionModel.from_pretrained(
26	            self.vision_tower_name, low_cpu_mem_usage=True
27	        )
28	        self.vision_tower.requires_grad_(False)

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/utils.py:5:10
4	def auto_upgrade(config):
5	    cfg = AutoConfig.from_pretrained(config)
6	    if "llava" in config and "llava" not in cfg.model_type:

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/train/train.py:847:21
846	        if "mpt" in model_args.model_name_or_path:
847	            config = transformers.AutoConfig.from_pretrained(
848	                model_args.model_name_or_path, trust_remote_code=True
849	            )
850	            config.attn_config["attn_impl"] = training_args.mpt_attn_impl

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/train/train.py:864:16
863	    else:
864	        model = transformers.LlamaForCausalLM.from_pretrained(
865	            model_args.model_name_or_path,
866	            cache_dir=training_args.cache_dir,
867	            **bnb_model_from_pretrained_args,
868	        )
869	    model.config.use_cache = False

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/train/train.py:916:20
915	    if "mpt" in model_args.model_name_or_path:
916	        tokenizer = transformers.AutoTokenizer.from_pretrained(
917	            model_args.model_name_or_path,
918	            cache_dir=training_args.cache_dir,
919	            model_max_length=training_args.model_max_length,
920	            padding_side="right",
921	        )
922	    else:

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/train/train.py:923:20
922	    else:
923	        tokenizer = transformers.AutoTokenizer.from_pretrained(
924	            model_args.model_name_or_path,
925	            cache_dir=training_args.cache_dir,
926	            model_max_length=training_args.model_max_length,
927	            padding_side="right",
928	            use_fast=False,
929	        )
930	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/utils/dataset.py:333:36
332	        self.transform = ResizeLongestSide(image_size)
333	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(vision_tower)
334	

--------------------------------------------------
>> Issue: [B301:blacklist] Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b301-pickle
   Location: ./Crowd_Monitoring/LISA_Heatmap/utils/grefer.py:55:32
54	        if osp.exists(ref_file):
55	            self.data["refs"] = pickle.load(open(ref_file, "rb"), fix_imports=True)
56	        else:

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/utils/reason_seg_dataset.py:51:36
50	        self.transform = ResizeLongestSide(image_size)
51	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(vision_tower)
52	

--------------------------------------------------
>> Issue: [B301:blacklist] Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b301-pickle
   Location: ./Crowd_Monitoring/LISA_Heatmap/utils/refer.py:68:28
67	        self.data["dataset"] = dataset
68	        self.data["refs"] = pickle.load(open(ref_file, "rb"))
69	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/utils/refer_seg_dataset.py:46:36
45	        self.transform = ResizeLongestSide(image_size)
46	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(vision_tower)
47	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/utils/sem_seg_dataset.py:154:36
153	        self.transform = ResizeLongestSide(image_size)
154	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(vision_tower)
155	

--------------------------------------------------
>> Issue: [B307:blacklist] Use of possibly insecure function - consider using safer ast.literal_eval.
   Severity: Medium   Confidence: High
   CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b307-eval
   Location: ./Crowd_Monitoring/LISA_Heatmap/utils/sem_seg_dataset.py:164:38
163	        for ds in self.sem_seg_datas:
164	            classes, images, labels = eval("init_{}".format(ds))(base_image_dir)
165	            self.data2list[ds] = (images, labels)

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/utils/vqa_dataset.py:58:36
57	        self.transform = ResizeLongestSide(image_size)
58	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(vision_tower)
59	

--------------------------------------------------
>> Issue: [B614:pytorch_load] Use of unsafe PyTorch load
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b614_pytorch_load.html
   Location: ./Player_Tracking/YOLOV3_Model/YOLOV3/utils/utils.py:468:8
467	    # Strip optimizer from *.pt files for lighter files (reduced by 2/3 size)
468	    a = torch.load(filename, map_location='cpu')
469	    a['optimizer'] = []

--------------------------------------------------
>> Issue: [B614:pytorch_load] Use of unsafe PyTorch load
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b614_pytorch_load.html
   Location: ./Player_Tracking/tennis_tracking/court_line_detector/court_line_detector.py:10:35
9	        self.model.fc = torch.nn.Linear(self.model.fc.in_features,14*2)
10	        self.model.load_state_dict(torch.load(model_path,map_location='cpu'))
11	

--------------------------------------------------
>> Issue: [B301:blacklist] Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b301-pickle
   Location: ./Player_Tracking/tennis_tracking/trackers/ball_tracker.py:61:34
60	            with open(stub_path,'rb') as f:
61	                ball_detections = pickle.load(f)
62	            return ball_detections

--------------------------------------------------
>> Issue: [B301:blacklist] Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b301-pickle
   Location: ./Player_Tracking/tennis_tracking/trackers/player_tracker.py:53:36
52	            with open(stub_path,'rb') as f:
53	                player_detections = pickle.load(f)
54	            return player_detections

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b108_hardcoded_tmp_directory.html
   Location: ./data_streaming_backend/airflow/dags/heatmaps_kafka.py:44:49
43	    coco_names = os.getenv('COCO_NAMES')
44	    tmp_output_dir = os.getenv('TMP_OUTPUT_DIR', '/tmp')
45	

--------------------------------------------------
>> Issue: [B310:blacklist] Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
   Severity: Medium   Confidence: High
   CWE: CWE-22 (https://cwe.mitre.org/data/definitions/22.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b310-urllib-urlopen
   Location: ./data_streaming_backend/airflow/dags/heatmaps_kafka.py:48:12
47	        if not os.path.exists(yolo_config):
48	            urllib.request.urlretrieve("https://raw.githubusercontent.com/AlexeyAB/darknet/master/cfg/yolov4.cfg", yolo_config)
49	        if not os.path.exists(yolo_weights):

--------------------------------------------------
>> Issue: [B310:blacklist] Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
   Severity: Medium   Confidence: High
   CWE: CWE-22 (https://cwe.mitre.org/data/definitions/22.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b310-urllib-urlopen
   Location: ./data_streaming_backend/airflow/dags/heatmaps_kafka.py:50:12
49	        if not os.path.exists(yolo_weights):
50	            urllib.request.urlretrieve("https://github.com/AlexeyAB/darknet/releases/download/yolov4/yolov4.weights", yolo_weights)
51	        if not os.path.exists(coco_names):

--------------------------------------------------
>> Issue: [B310:blacklist] Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
   Severity: Medium   Confidence: High
   CWE: CWE-22 (https://cwe.mitre.org/data/definitions/22.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b310-urllib-urlopen
   Location: ./data_streaming_backend/airflow/dags/heatmaps_kafka.py:52:12
51	        if not os.path.exists(coco_names):
52	            urllib.request.urlretrieve("https://raw.githubusercontent.com/pjreddie/darknet/master/data/coco.names", coco_names)
53	    except Exception as e:

--------------------------------------------------
>> Issue: [B113:request_without_timeout] Call to requests without timeout
   Severity: Medium   Confidence: Low
   CWE: CWE-400 (https://cwe.mitre.org/data/definitions/400.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b113_request_without_timeout.html
   Location: ./data_streaming_backend/api.py:216:19
215	        validate_url(health_url)
216	        response = requests.get(health_url)
217	        if response.status_code == 200:

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b108_hardcoded_tmp_directory.html
   Location: ./data_streaming_backend/detect_faces_and_features.py:16:16
15	    'RESULTS_TOPIC': 'face_results',
16	    'YOLO_CFG': '/tmp/yolov4-face.cfg',
17	    'YOLO_WEIGHTS': '/tmp/yolov4-face.weights',
18	    'MASK_MODEL': '/tmp/mask_detector.model',
19	    'AGE_PROTO': '/tmp/age_deploy.prototxt',
20	    'AGE_MODEL': '/tmp/age_net.caffemodel',
21	    'EMOTION_MODEL': '/tmp/emotion-ferplus-8.onnx'
22	}
23	
24	def detect_faces_and_features():
25	    import os
26	    import cv2
27	    import io

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b108_hardcoded_tmp_directory.html
   Location: ./data_streaming_backend/detect_faces_and_features.py:17:20
16	    'YOLO_CFG': '/tmp/yolov4-face.cfg',
17	    'YOLO_WEIGHTS': '/tmp/yolov4-face.weights',
18	    'MASK_MODEL': '/tmp/mask_detector.model',
19	    'AGE_PROTO': '/tmp/age_deploy.prototxt',
20	    'AGE_MODEL': '/tmp/age_net.caffemodel',
21	    'EMOTION_MODEL': '/tmp/emotion-ferplus-8.onnx'
22	}
23	
24	def detect_faces_and_features():
25	    import os
26	    import cv2
27	    import io
28	    import json

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b108_hardcoded_tmp_directory.html
   Location: ./data_streaming_backend/detect_faces_and_features.py:18:18
17	    'YOLO_WEIGHTS': '/tmp/yolov4-face.weights',
18	    'MASK_MODEL': '/tmp/mask_detector.model',
19	    'AGE_PROTO': '/tmp/age_deploy.prototxt',
20	    'AGE_MODEL': '/tmp/age_net.caffemodel',
21	    'EMOTION_MODEL': '/tmp/emotion-ferplus-8.onnx'
22	}
23	
24	def detect_faces_and_features():
25	    import os
26	    import cv2
27	    import io
28	    import json
29	    import numpy as np

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b108_hardcoded_tmp_directory.html
   Location: ./data_streaming_backend/detect_faces_and_features.py:19:17
18	    'MASK_MODEL': '/tmp/mask_detector.model',
19	    'AGE_PROTO': '/tmp/age_deploy.prototxt',
20	    'AGE_MODEL': '/tmp/age_net.caffemodel',
21	    'EMOTION_MODEL': '/tmp/emotion-ferplus-8.onnx'
22	}
23	
24	def detect_faces_and_features():
25	    import os
26	    import cv2
27	    import io
28	    import json
29	    import numpy as np
30	    import urllib.request

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b108_hardcoded_tmp_directory.html
   Location: ./data_streaming_backend/detect_faces_and_features.py:20:17
19	    'AGE_PROTO': '/tmp/age_deploy.prototxt',
20	    'AGE_MODEL': '/tmp/age_net.caffemodel',
21	    'EMOTION_MODEL': '/tmp/emotion-ferplus-8.onnx'
22	}
23	
24	def detect_faces_and_features():
25	    import os
26	    import cv2
27	    import io
28	    import json
29	    import numpy as np
30	    import urllib.request
31	    from PIL import Image

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b108_hardcoded_tmp_directory.html
   Location: ./data_streaming_backend/detect_faces_and_features.py:21:21
20	    'AGE_MODEL': '/tmp/age_net.caffemodel',
21	    'EMOTION_MODEL': '/tmp/emotion-ferplus-8.onnx'
22	}
23	
24	def detect_faces_and_features():
25	    import os
26	    import cv2
27	    import io
28	    import json
29	    import numpy as np
30	    import urllib.request
31	    from PIL import Image
32	    from kafka import KafkaConsumer, KafkaProducer

--------------------------------------------------
>> Issue: [B310:blacklist] Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
   Severity: Medium   Confidence: High
   CWE: CWE-22 (https://cwe.mitre.org/data/definitions/22.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b310-urllib-urlopen
   Location: ./data_streaming_backend/detect_faces_and_features.py:36:12
35	        if not os.path.exists(path):
36	            urllib.request.urlretrieve(url, path)
37	

--------------------------------------------------

Code scanned:
	Total lines of code: 39811
	Total lines skipped (#nosec): 4
	Total potential issues skipped due to specifically being disabled (e.g., #nosec BXXX): 0

Run metrics:
	Total issues (by severity):
		Undefined: 0
		Low: 325
		Medium: 84
		High: 0
	Total issues (by confidence):
		Undefined: 0
		Low: 1
		Medium: 31
		High: 377
Files skipped (0):

✅ No critical security issues detected.

The code has passed all critical security checks.

Crowd team's merged changes replaced create_engine with create_async_engine which requires asyncpg driver and breaks all backend routes. Restored correct sync setup — all routes use synchronous SQLAlchemy sessions.

- Switch OAuth2PasswordBearer to HTTPBearer in dependencies.py so Swagger shows a simple Bearer token input instead of the broken OAuth2 username/password form - Fix job_id UUID to string serialization in schemas/jobs.py using field_serializer to prevent 500 error on GET /jobs and GET /jobs/{job_id}

Backend API Gateway — JWT refresh token, bug fixes and API contract

…zone feat: add avg time spent per zone card to crowd monitor

github-actions · 2026-04-15T06:58:23Z

🔒 Security Scan Results

🔒 Security Scan Results
=========================

Bandit Scan Results:
-------------------
Run started:2026-04-15 06:58:22.738934+00:00

Test results:
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/LISA_gradio_interface.py:55:25
54	        # Create tokenizer
55	        self.tokenizer = AutoTokenizer.from_pretrained(
56	            self.args.version,
57	            cache_dir=None,
58	            model_max_length=self.args.model_max_length,
59	            padding_side="right",
60	            use_fast=False,
61	        )
62	        self.tokenizer.pad_token = self.tokenizer.unk_token

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/LISA_gradio_interface.py:139:36
138	        # Initialize processors
139	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(self.model.config.vision_tower)
140	        self.transform = ResizeLongestSide(self.args.image_size)

--------------------------------------------------
>> Issue: [B104:hardcoded_bind_all_interfaces] Possible binding to all interfaces.
   Severity: Medium   Confidence: Medium
   CWE: CWE-605 (https://cwe.mitre.org/data/definitions/605.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b104_hardcoded_bind_all_interfaces.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/LISA_gradio_interface.py:412:20
411	    demo.launch(
412	        server_name="0.0.0.0",
413	        server_port=7860,

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/chat.py:71:16
70	    # Create model
71	    tokenizer = AutoTokenizer.from_pretrained(
72	        args.version,
73	        cache_dir=None,
74	        model_max_length=args.model_max_length,
75	        padding_side="right",
76	        use_fast=False,
77	    )
78	    tokenizer.pad_token = tokenizer.unk_token

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/chat.py:149:27
148	
149	    clip_image_processor = CLIPImageProcessor.from_pretrained(model.config.vision_tower)
150	    transform = ResizeLongestSide(args.image_size)

--------------------------------------------------
>> Issue: [B614:pytorch_load] Use of unsafe PyTorch load
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b614_pytorch_load.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/csrnet/run.py:23:13
22	
23	checkpoint = torch.load('weights.pth', map_location="cpu")
24	model.load_state_dict(checkpoint)

--------------------------------------------------
>> Issue: [B614:pytorch_load] Use of unsafe PyTorch load
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b614_pytorch_load.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/csrnet_service.py:22:21
21	        self.model = CSRNet().to(self.device)
22	        checkpoint = torch.load(weights_path, map_location=self.device)
23	        self.model.load_state_dict(checkpoint)

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/lisa_segmentor.py:55:25
54	        # Tokenizer
55	        self.tokenizer = AutoTokenizer.from_pretrained(
56	            self.args.version,
57	            cache_dir=None,
58	            model_max_length=self.args.model_max_length,
59	            padding_side="right",
60	            use_fast=False,
61	        )
62	        self.tokenizer.pad_token = self.tokenizer.unk_token

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/lisa_segmentor.py:147:36
146	
147	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(self.model.config.vision_tower)
148	        self.transform = ResizeLongestSide(self.args.image_size)

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/apply_delta.py:15:11
14	    print("Loading base model")
15	    base = AutoModelForCausalLM.from_pretrained(
16	        base_model_path, torch_dtype=torch.float16, low_cpu_mem_usage=True
17	    )
18	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/apply_delta.py:23:22
22	    )
23	    delta_tokenizer = AutoTokenizer.from_pretrained(delta_path)
24	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/consolidate.py:16:16
15	    auto_upgrade(src_path)
16	    src_model = AutoModelForCausalLM.from_pretrained(
17	        src_path, torch_dtype=torch.float16, low_cpu_mem_usage=True
18	    )
19	    src_tokenizer = AutoTokenizer.from_pretrained(src_path, use_fast=False)

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/consolidate.py:19:20
18	    )
19	    src_tokenizer = AutoTokenizer.from_pretrained(src_path, use_fast=False)
20	    src_model.save_pretrained(dst_path)

--------------------------------------------------
>> Issue: [B614:pytorch_load] Use of unsafe PyTorch load
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b614_pytorch_load.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/llava_arch.py:69:35
68	        if pretrain_mm_mlp_adapter is not None:
69	            mm_projector_weights = torch.load(
70	                pretrain_mm_mlp_adapter, map_location="cpu"
71	            )
72	

--------------------------------------------------
>> Issue: [B614:pytorch_load] Use of unsafe PyTorch load
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b614_pytorch_load.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/llava_arch.py:378:39
377	            if model_args.pretrain_mm_mlp_adapter:
378	                mm_projector_weights = torch.load(
379	                    model_args.pretrain_mm_mlp_adapter, map_location="cpu"
380	                )
381	                embed_tokens_weight = mm_projector_weights["model.embed_tokens.weight"]

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/make_delta.py:15:11
14	    print("Loading base model")
15	    base = AutoModelForCausalLM.from_pretrained(
16	        base_model_path, torch_dtype=torch.float16, low_cpu_mem_usage=True
17	    )
18	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/make_delta.py:21:13
20	    auto_upgrade(target_model_path)
21	    target = AutoModelForCausalLM.from_pretrained(
22	        target_model_path, torch_dtype=torch.float16, low_cpu_mem_usage=True
23	    )
24	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/make_delta.py:49:23
48	    target.save_pretrained(delta_path, **kwargs)
49	    target_tokenizer = AutoTokenizer.from_pretrained(target_model_path)
50	    target_tokenizer.save_pretrained(delta_path, **kwargs)

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/multimodal_encoder/clip_encoder.py:19:28
18	        else:
19	            self.cfg_only = CLIPVisionConfig.from_pretrained(self.vision_tower_name)
20	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/multimodal_encoder/clip_encoder.py:22:31
21	    def load_model(self):
22	        self.image_processor = CLIPImageProcessor.from_pretrained(
23	            self.vision_tower_name
24	        )
25	        self.vision_tower = CLIPVisionModel.from_pretrained(

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/multimodal_encoder/clip_encoder.py:25:28
24	        )
25	        self.vision_tower = CLIPVisionModel.from_pretrained(
26	            self.vision_tower_name, low_cpu_mem_usage=True
27	        )
28	        self.vision_tower.requires_grad_(False)

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/utils.py:5:10
4	def auto_upgrade(config):
5	    cfg = AutoConfig.from_pretrained(config)
6	    if "llava" in config and "llava" not in cfg.model_type:

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/train/train.py:847:21
846	        if "mpt" in model_args.model_name_or_path:
847	            config = transformers.AutoConfig.from_pretrained(
848	                model_args.model_name_or_path, trust_remote_code=True
849	            )
850	            config.attn_config["attn_impl"] = training_args.mpt_attn_impl

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/train/train.py:864:16
863	    else:
864	        model = transformers.LlamaForCausalLM.from_pretrained(
865	            model_args.model_name_or_path,
866	            cache_dir=training_args.cache_dir,
867	            **bnb_model_from_pretrained_args,
868	        )
869	    model.config.use_cache = False

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/train/train.py:916:20
915	    if "mpt" in model_args.model_name_or_path:
916	        tokenizer = transformers.AutoTokenizer.from_pretrained(
917	            model_args.model_name_or_path,
918	            cache_dir=training_args.cache_dir,
919	            model_max_length=training_args.model_max_length,
920	            padding_side="right",
921	        )
922	    else:

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/train/train.py:923:20
922	    else:
923	        tokenizer = transformers.AutoTokenizer.from_pretrained(
924	            model_args.model_name_or_path,
925	            cache_dir=training_args.cache_dir,
926	            model_max_length=training_args.model_max_length,
927	            padding_side="right",
928	            use_fast=False,
929	        )
930	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/utils/dataset.py:333:36
332	        self.transform = ResizeLongestSide(image_size)
333	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(vision_tower)
334	

--------------------------------------------------
>> Issue: [B301:blacklist] Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b301-pickle
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/utils/grefer.py:55:32
54	        if osp.exists(ref_file):
55	            self.data["refs"] = pickle.load(open(ref_file, "rb"), fix_imports=True)
56	        else:

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/utils/reason_seg_dataset.py:51:36
50	        self.transform = ResizeLongestSide(image_size)
51	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(vision_tower)
52	

--------------------------------------------------
>> Issue: [B301:blacklist] Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b301-pickle
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/utils/refer.py:68:28
67	        self.data["dataset"] = dataset
68	        self.data["refs"] = pickle.load(open(ref_file, "rb"))
69	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/utils/refer_seg_dataset.py:46:36
45	        self.transform = ResizeLongestSide(image_size)
46	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(vision_tower)
47	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/utils/sem_seg_dataset.py:154:36
153	        self.transform = ResizeLongestSide(image_size)
154	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(vision_tower)
155	

--------------------------------------------------
>> Issue: [B307:blacklist] Use of possibly insecure function - consider using safer ast.literal_eval.
   Severity: Medium   Confidence: High
   CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b307-eval
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/utils/sem_seg_dataset.py:164:38
163	        for ds in self.sem_seg_datas:
164	            classes, images, labels = eval("init_{}".format(ds))(base_image_dir)
165	            self.data2list[ds] = (images, labels)

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/utils/vqa_dataset.py:58:36
57	        self.transform = ResizeLongestSide(image_size)
58	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(vision_tower)
59	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/LISA_gradio_interface.py:55:25
54	        # Create tokenizer
55	        self.tokenizer = AutoTokenizer.from_pretrained(
56	            self.args.version,
57	            cache_dir=None,
58	            model_max_length=self.args.model_max_length,
59	            padding_side="right",
60	            use_fast=False,
61	        )
62	        self.tokenizer.pad_token = self.tokenizer.unk_token

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/LISA_gradio_interface.py:139:36
138	        # Initialize processors
139	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(self.model.config.vision_tower)
140	        self.transform = ResizeLongestSide(self.args.image_size)

--------------------------------------------------
>> Issue: [B104:hardcoded_bind_all_interfaces] Possible binding to all interfaces.
   Severity: Medium   Confidence: Medium
   CWE: CWE-605 (https://cwe.mitre.org/data/definitions/605.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b104_hardcoded_bind_all_interfaces.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/LISA_gradio_interface.py:412:20
411	    demo.launch(
412	        server_name="0.0.0.0",
413	        server_port=7860,

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/chat.py:71:16
70	    # Create model
71	    tokenizer = AutoTokenizer.from_pretrained(
72	        args.version,
73	        cache_dir=None,
74	        model_max_length=args.model_max_length,
75	        padding_side="right",
76	        use_fast=False,
77	    )
78	    tokenizer.pad_token = tokenizer.unk_token

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/chat.py:149:27
148	
149	    clip_image_processor = CLIPImageProcessor.from_pretrained(model.config.vision_tower)
150	    transform = ResizeLongestSide(args.image_size)

--------------------------------------------------
>> Issue: [B614:pytorch_load] Use of unsafe PyTorch load
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b614_pytorch_load.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/csrnet/run.py:23:13
22	
23	checkpoint = torch.load('weights.pth', map_location="cpu")
24	model.load_state_dict(checkpoint)

--------------------------------------------------
>> Issue: [B614:pytorch_load] Use of unsafe PyTorch load
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b614_pytorch_load.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/csrnet_service.py:22:21
21	        self.model = CSRNet().to(self.device)
22	        checkpoint = torch.load(weights_path, map_location=self.device)
23	        self.model.load_state_dict(checkpoint)

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/lisa_segmentor.py:55:25
54	        # Tokenizer
55	        self.tokenizer = AutoTokenizer.from_pretrained(
56	            self.args.version,
57	            cache_dir=None,
58	            model_max_length=self.args.model_max_length,
59	            padding_side="right",
60	            use_fast=False,
61	        )
62	        self.tokenizer.pad_token = self.tokenizer.unk_token

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/lisa_segmentor.py:147:36
146	
147	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(self.model.config.vision_tower)
148	        self.transform = ResizeLongestSide(self.args.image_size)

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/apply_delta.py:15:11
14	    print("Loading base model")
15	    base = AutoModelForCausalLM.from_pretrained(
16	        base_model_path, torch_dtype=torch.float16, low_cpu_mem_usage=True
17	    )
18	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/apply_delta.py:23:22
22	    )
23	    delta_tokenizer = AutoTokenizer.from_pretrained(delta_path)
24	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/consolidate.py:16:16
15	    auto_upgrade(src_path)
16	    src_model = AutoModelForCausalLM.from_pretrained(
17	        src_path, torch_dtype=torch.float16, low_cpu_mem_usage=True
18	    )
19	    src_tokenizer = AutoTokenizer.from_pretrained(src_path, use_fast=False)

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/consolidate.py:19:20
18	    )
19	    src_tokenizer = AutoTokenizer.from_pretrained(src_path, use_fast=False)
20	    src_model.save_pretrained(dst_path)

--------------------------------------------------
>> Issue: [B614:pytorch_load] Use of unsafe PyTorch load
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b614_pytorch_load.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/llava_arch.py:69:35
68	        if pretrain_mm_mlp_adapter is not None:
69	            mm_projector_weights = torch.load(
70	                pretrain_mm_mlp_adapter, map_location="cpu"
71	            )
72	

--------------------------------------------------
>> Issue: [B614:pytorch_load] Use of unsafe PyTorch load
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b614_pytorch_load.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/llava_arch.py:378:39
377	            if model_args.pretrain_mm_mlp_adapter:
378	                mm_projector_weights = torch.load(
379	                    model_args.pretrain_mm_mlp_adapter, map_location="cpu"
380	                )
381	                embed_tokens_weight = mm_projector_weights["model.embed_tokens.weight"]

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/make_delta.py:15:11
14	    print("Loading base model")
15	    base = AutoModelForCausalLM.from_pretrained(
16	        base_model_path, torch_dtype=torch.float16, low_cpu_mem_usage=True
17	    )
18	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/make_delta.py:21:13
20	    auto_upgrade(target_model_path)
21	    target = AutoModelForCausalLM.from_pretrained(
22	        target_model_path, torch_dtype=torch.float16, low_cpu_mem_usage=True
23	    )
24	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/make_delta.py:49:23
48	    target.save_pretrained(delta_path, **kwargs)
49	    target_tokenizer = AutoTokenizer.from_pretrained(target_model_path)
50	    target_tokenizer.save_pretrained(delta_path, **kwargs)

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/multimodal_encoder/clip_encoder.py:19:28
18	        else:
19	            self.cfg_only = CLIPVisionConfig.from_pretrained(self.vision_tower_name)
20	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/multimodal_encoder/clip_encoder.py:22:31
21	    def load_model(self):
22	        self.image_processor = CLIPImageProcessor.from_pretrained(
23	            self.vision_tower_name
24	        )
25	        self.vision_tower = CLIPVisionModel.from_pretrained(

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/multimodal_encoder/clip_encoder.py:25:28
24	        )
25	        self.vision_tower = CLIPVisionModel.from_pretrained(
26	            self.vision_tower_name, low_cpu_mem_usage=True
27	        )
28	        self.vision_tower.requires_grad_(False)

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/utils.py:5:10
4	def auto_upgrade(config):
5	    cfg = AutoConfig.from_pretrained(config)
6	    if "llava" in config and "llava" not in cfg.model_type:

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/train/train.py:847:21
846	        if "mpt" in model_args.model_name_or_path:
847	            config = transformers.AutoConfig.from_pretrained(
848	                model_args.model_name_or_path, trust_remote_code=True
849	            )
850	            config.attn_config["attn_impl"] = training_args.mpt_attn_impl

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/train/train.py:864:16
863	    else:
864	        model = transformers.LlamaForCausalLM.from_pretrained(
865	            model_args.model_name_or_path,
866	            cache_dir=training_args.cache_dir,
867	            **bnb_model_from_pretrained_args,
868	        )
869	    model.config.use_cache = False

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/train/train.py:916:20
915	    if "mpt" in model_args.model_name_or_path:
916	        tokenizer = transformers.AutoTokenizer.from_pretrained(
917	            model_args.model_name_or_path,
918	            cache_dir=training_args.cache_dir,
919	            model_max_length=training_args.model_max_length,
920	            padding_side="right",
921	        )
922	    else:

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/train/train.py:923:20
922	    else:
923	        tokenizer = transformers.AutoTokenizer.from_pretrained(
924	            model_args.model_name_or_path,
925	            cache_dir=training_args.cache_dir,
926	            model_max_length=training_args.model_max_length,
927	            padding_side="right",
928	            use_fast=False,
929	        )
930	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/utils/dataset.py:333:36
332	        self.transform = ResizeLongestSide(image_size)
333	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(vision_tower)
334	

--------------------------------------------------
>> Issue: [B301:blacklist] Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b301-pickle
   Location: ./Crowd_Monitoring/LISA_Heatmap/utils/grefer.py:55:32
54	        if osp.exists(ref_file):
55	            self.data["refs"] = pickle.load(open(ref_file, "rb"), fix_imports=True)
56	        else:

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/utils/reason_seg_dataset.py:51:36
50	        self.transform = ResizeLongestSide(image_size)
51	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(vision_tower)
52	

--------------------------------------------------
>> Issue: [B301:blacklist] Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b301-pickle
   Location: ./Crowd_Monitoring/LISA_Heatmap/utils/refer.py:68:28
67	        self.data["dataset"] = dataset
68	        self.data["refs"] = pickle.load(open(ref_file, "rb"))
69	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/utils/refer_seg_dataset.py:46:36
45	        self.transform = ResizeLongestSide(image_size)
46	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(vision_tower)
47	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/utils/sem_seg_dataset.py:154:36
153	        self.transform = ResizeLongestSide(image_size)
154	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(vision_tower)
155	

--------------------------------------------------
>> Issue: [B307:blacklist] Use of possibly insecure function - consider using safer ast.literal_eval.
   Severity: Medium   Confidence: High
   CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b307-eval
   Location: ./Crowd_Monitoring/LISA_Heatmap/utils/sem_seg_dataset.py:164:38
163	        for ds in self.sem_seg_datas:
164	            classes, images, labels = eval("init_{}".format(ds))(base_image_dir)
165	            self.data2list[ds] = (images, labels)

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/utils/vqa_dataset.py:58:36
57	        self.transform = ResizeLongestSide(image_size)
58	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(vision_tower)
59	

--------------------------------------------------
>> Issue: [B614:pytorch_load] Use of unsafe PyTorch load
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b614_pytorch_load.html
   Location: ./Player_Tracking/YOLOV3_Model/YOLOV3/utils/utils.py:468:8
467	    # Strip optimizer from *.pt files for lighter files (reduced by 2/3 size)
468	    a = torch.load(filename, map_location='cpu')
469	    a['optimizer'] = []

--------------------------------------------------
>> Issue: [B614:pytorch_load] Use of unsafe PyTorch load
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b614_pytorch_load.html
   Location: ./Player_Tracking/tennis_tracking/court_line_detector/court_line_detector.py:10:35
9	        self.model.fc = torch.nn.Linear(self.model.fc.in_features,14*2)
10	        self.model.load_state_dict(torch.load(model_path,map_location='cpu'))
11	

--------------------------------------------------
>> Issue: [B301:blacklist] Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b301-pickle
   Location: ./Player_Tracking/tennis_tracking/trackers/ball_tracker.py:61:34
60	            with open(stub_path,'rb') as f:
61	                ball_detections = pickle.load(f)
62	            return ball_detections

--------------------------------------------------
>> Issue: [B301:blacklist] Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b301-pickle
   Location: ./Player_Tracking/tennis_tracking/trackers/player_tracker.py:53:36
52	            with open(stub_path,'rb') as f:
53	                player_detections = pickle.load(f)
54	            return player_detections

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b108_hardcoded_tmp_directory.html
   Location: ./data_streaming_backend/airflow/dags/heatmaps_kafka.py:44:49
43	    coco_names = os.getenv('COCO_NAMES')
44	    tmp_output_dir = os.getenv('TMP_OUTPUT_DIR', '/tmp')
45	

--------------------------------------------------
>> Issue: [B310:blacklist] Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
   Severity: Medium   Confidence: High
   CWE: CWE-22 (https://cwe.mitre.org/data/definitions/22.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b310-urllib-urlopen
   Location: ./data_streaming_backend/airflow/dags/heatmaps_kafka.py:48:12
47	        if not os.path.exists(yolo_config):
48	            urllib.request.urlretrieve("https://raw.githubusercontent.com/AlexeyAB/darknet/master/cfg/yolov4.cfg", yolo_config)
49	        if not os.path.exists(yolo_weights):

--------------------------------------------------
>> Issue: [B310:blacklist] Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
   Severity: Medium   Confidence: High
   CWE: CWE-22 (https://cwe.mitre.org/data/definitions/22.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b310-urllib-urlopen
   Location: ./data_streaming_backend/airflow/dags/heatmaps_kafka.py:50:12
49	        if not os.path.exists(yolo_weights):
50	            urllib.request.urlretrieve("https://github.com/AlexeyAB/darknet/releases/download/yolov4/yolov4.weights", yolo_weights)
51	        if not os.path.exists(coco_names):

--------------------------------------------------
>> Issue: [B310:blacklist] Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
   Severity: Medium   Confidence: High
   CWE: CWE-22 (https://cwe.mitre.org/data/definitions/22.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b310-urllib-urlopen
   Location: ./data_streaming_backend/airflow/dags/heatmaps_kafka.py:52:12
51	        if not os.path.exists(coco_names):
52	            urllib.request.urlretrieve("https://raw.githubusercontent.com/pjreddie/darknet/master/data/coco.names", coco_names)
53	    except Exception as e:

--------------------------------------------------
>> Issue: [B113:request_without_timeout] Call to requests without timeout
   Severity: Medium   Confidence: Low
   CWE: CWE-400 (https://cwe.mitre.org/data/definitions/400.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b113_request_without_timeout.html
   Location: ./data_streaming_backend/api.py:216:19
215	        validate_url(health_url)
216	        response = requests.get(health_url)
217	        if response.status_code == 200:

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b108_hardcoded_tmp_directory.html
   Location: ./data_streaming_backend/detect_faces_and_features.py:16:16
15	    'RESULTS_TOPIC': 'face_results',
16	    'YOLO_CFG': '/tmp/yolov4-face.cfg',
17	    'YOLO_WEIGHTS': '/tmp/yolov4-face.weights',
18	    'MASK_MODEL': '/tmp/mask_detector.model',
19	    'AGE_PROTO': '/tmp/age_deploy.prototxt',
20	    'AGE_MODEL': '/tmp/age_net.caffemodel',
21	    'EMOTION_MODEL': '/tmp/emotion-ferplus-8.onnx'
22	}
23	
24	def detect_faces_and_features():
25	    import os
26	    import cv2
27	    import io

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b108_hardcoded_tmp_directory.html
   Location: ./data_streaming_backend/detect_faces_and_features.py:17:20
16	    'YOLO_CFG': '/tmp/yolov4-face.cfg',
17	    'YOLO_WEIGHTS': '/tmp/yolov4-face.weights',
18	    'MASK_MODEL': '/tmp/mask_detector.model',
19	    'AGE_PROTO': '/tmp/age_deploy.prototxt',
20	    'AGE_MODEL': '/tmp/age_net.caffemodel',
21	    'EMOTION_MODEL': '/tmp/emotion-ferplus-8.onnx'
22	}
23	
24	def detect_faces_and_features():
25	    import os
26	    import cv2
27	    import io
28	    import json

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b108_hardcoded_tmp_directory.html
   Location: ./data_streaming_backend/detect_faces_and_features.py:18:18
17	    'YOLO_WEIGHTS': '/tmp/yolov4-face.weights',
18	    'MASK_MODEL': '/tmp/mask_detector.model',
19	    'AGE_PROTO': '/tmp/age_deploy.prototxt',
20	    'AGE_MODEL': '/tmp/age_net.caffemodel',
21	    'EMOTION_MODEL': '/tmp/emotion-ferplus-8.onnx'
22	}
23	
24	def detect_faces_and_features():
25	    import os
26	    import cv2
27	    import io
28	    import json
29	    import numpy as np

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b108_hardcoded_tmp_directory.html
   Location: ./data_streaming_backend/detect_faces_and_features.py:19:17
18	    'MASK_MODEL': '/tmp/mask_detector.model',
19	    'AGE_PROTO': '/tmp/age_deploy.prototxt',
20	    'AGE_MODEL': '/tmp/age_net.caffemodel',
21	    'EMOTION_MODEL': '/tmp/emotion-ferplus-8.onnx'
22	}
23	
24	def detect_faces_and_features():
25	    import os
26	    import cv2
27	    import io
28	    import json
29	    import numpy as np
30	    import urllib.request

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b108_hardcoded_tmp_directory.html
   Location: ./data_streaming_backend/detect_faces_and_features.py:20:17
19	    'AGE_PROTO': '/tmp/age_deploy.prototxt',
20	    'AGE_MODEL': '/tmp/age_net.caffemodel',
21	    'EMOTION_MODEL': '/tmp/emotion-ferplus-8.onnx'
22	}
23	
24	def detect_faces_and_features():
25	    import os
26	    import cv2
27	    import io
28	    import json
29	    import numpy as np
30	    import urllib.request
31	    from PIL import Image

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b108_hardcoded_tmp_directory.html
   Location: ./data_streaming_backend/detect_faces_and_features.py:21:21
20	    'AGE_MODEL': '/tmp/age_net.caffemodel',
21	    'EMOTION_MODEL': '/tmp/emotion-ferplus-8.onnx'
22	}
23	
24	def detect_faces_and_features():
25	    import os
26	    import cv2
27	    import io
28	    import json
29	    import numpy as np
30	    import urllib.request
31	    from PIL import Image
32	    from kafka import KafkaConsumer, KafkaProducer

--------------------------------------------------
>> Issue: [B310:blacklist] Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
   Severity: Medium   Confidence: High
   CWE: CWE-22 (https://cwe.mitre.org/data/definitions/22.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b310-urllib-urlopen
   Location: ./data_streaming_backend/detect_faces_and_features.py:36:12
35	        if not os.path.exists(path):
36	            urllib.request.urlretrieve(url, path)
37	

--------------------------------------------------

Code scanned:
	Total lines of code: 40586
	Total lines skipped (#nosec): 4
	Total potential issues skipped due to specifically being disabled (e.g., #nosec BXXX): 0

Run metrics:
	Total issues (by severity):
		Undefined: 0
		Low: 324
		Medium: 84
		High: 0
	Total issues (by confidence):
		Undefined: 0
		Low: 1
		Medium: 30
		High: 377
Files skipped (0):

✅ No critical security issues detected.

The code has passed all critical security checks.

github-actions · 2026-04-15T06:58:58Z

🔒 Security Scan Results

🔒 Security Scan Results
=========================

Bandit Scan Results:
-------------------
Run started:2026-04-15 06:58:58.196096+00:00

Test results:
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/LISA_gradio_interface.py:55:25
54	        # Create tokenizer
55	        self.tokenizer = AutoTokenizer.from_pretrained(
56	            self.args.version,
57	            cache_dir=None,
58	            model_max_length=self.args.model_max_length,
59	            padding_side="right",
60	            use_fast=False,
61	        )
62	        self.tokenizer.pad_token = self.tokenizer.unk_token

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/LISA_gradio_interface.py:139:36
138	        # Initialize processors
139	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(self.model.config.vision_tower)
140	        self.transform = ResizeLongestSide(self.args.image_size)

--------------------------------------------------
>> Issue: [B104:hardcoded_bind_all_interfaces] Possible binding to all interfaces.
   Severity: Medium   Confidence: Medium
   CWE: CWE-605 (https://cwe.mitre.org/data/definitions/605.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b104_hardcoded_bind_all_interfaces.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/LISA_gradio_interface.py:412:20
411	    demo.launch(
412	        server_name="0.0.0.0",
413	        server_port=7860,

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/chat.py:71:16
70	    # Create model
71	    tokenizer = AutoTokenizer.from_pretrained(
72	        args.version,
73	        cache_dir=None,
74	        model_max_length=args.model_max_length,
75	        padding_side="right",
76	        use_fast=False,
77	    )
78	    tokenizer.pad_token = tokenizer.unk_token

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/chat.py:149:27
148	
149	    clip_image_processor = CLIPImageProcessor.from_pretrained(model.config.vision_tower)
150	    transform = ResizeLongestSide(args.image_size)

--------------------------------------------------
>> Issue: [B614:pytorch_load] Use of unsafe PyTorch load
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b614_pytorch_load.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/csrnet/run.py:23:13
22	
23	checkpoint = torch.load('weights.pth', map_location="cpu")
24	model.load_state_dict(checkpoint)

--------------------------------------------------
>> Issue: [B614:pytorch_load] Use of unsafe PyTorch load
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b614_pytorch_load.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/csrnet_service.py:22:21
21	        self.model = CSRNet().to(self.device)
22	        checkpoint = torch.load(weights_path, map_location=self.device)
23	        self.model.load_state_dict(checkpoint)

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/lisa_segmentor.py:55:25
54	        # Tokenizer
55	        self.tokenizer = AutoTokenizer.from_pretrained(
56	            self.args.version,
57	            cache_dir=None,
58	            model_max_length=self.args.model_max_length,
59	            padding_side="right",
60	            use_fast=False,
61	        )
62	        self.tokenizer.pad_token = self.tokenizer.unk_token

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/lisa_segmentor.py:147:36
146	
147	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(self.model.config.vision_tower)
148	        self.transform = ResizeLongestSide(self.args.image_size)

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/apply_delta.py:15:11
14	    print("Loading base model")
15	    base = AutoModelForCausalLM.from_pretrained(
16	        base_model_path, torch_dtype=torch.float16, low_cpu_mem_usage=True
17	    )
18	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/apply_delta.py:23:22
22	    )
23	    delta_tokenizer = AutoTokenizer.from_pretrained(delta_path)
24	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/consolidate.py:16:16
15	    auto_upgrade(src_path)
16	    src_model = AutoModelForCausalLM.from_pretrained(
17	        src_path, torch_dtype=torch.float16, low_cpu_mem_usage=True
18	    )
19	    src_tokenizer = AutoTokenizer.from_pretrained(src_path, use_fast=False)

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/consolidate.py:19:20
18	    )
19	    src_tokenizer = AutoTokenizer.from_pretrained(src_path, use_fast=False)
20	    src_model.save_pretrained(dst_path)

--------------------------------------------------
>> Issue: [B614:pytorch_load] Use of unsafe PyTorch load
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b614_pytorch_load.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/llava_arch.py:69:35
68	        if pretrain_mm_mlp_adapter is not None:
69	            mm_projector_weights = torch.load(
70	                pretrain_mm_mlp_adapter, map_location="cpu"
71	            )
72	

--------------------------------------------------
>> Issue: [B614:pytorch_load] Use of unsafe PyTorch load
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b614_pytorch_load.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/llava_arch.py:378:39
377	            if model_args.pretrain_mm_mlp_adapter:
378	                mm_projector_weights = torch.load(
379	                    model_args.pretrain_mm_mlp_adapter, map_location="cpu"
380	                )
381	                embed_tokens_weight = mm_projector_weights["model.embed_tokens.weight"]

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/make_delta.py:15:11
14	    print("Loading base model")
15	    base = AutoModelForCausalLM.from_pretrained(
16	        base_model_path, torch_dtype=torch.float16, low_cpu_mem_usage=True
17	    )
18	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/make_delta.py:21:13
20	    auto_upgrade(target_model_path)
21	    target = AutoModelForCausalLM.from_pretrained(
22	        target_model_path, torch_dtype=torch.float16, low_cpu_mem_usage=True
23	    )
24	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/make_delta.py:49:23
48	    target.save_pretrained(delta_path, **kwargs)
49	    target_tokenizer = AutoTokenizer.from_pretrained(target_model_path)
50	    target_tokenizer.save_pretrained(delta_path, **kwargs)

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/multimodal_encoder/clip_encoder.py:19:28
18	        else:
19	            self.cfg_only = CLIPVisionConfig.from_pretrained(self.vision_tower_name)
20	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/multimodal_encoder/clip_encoder.py:22:31
21	    def load_model(self):
22	        self.image_processor = CLIPImageProcessor.from_pretrained(
23	            self.vision_tower_name
24	        )
25	        self.vision_tower = CLIPVisionModel.from_pretrained(

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/multimodal_encoder/clip_encoder.py:25:28
24	        )
25	        self.vision_tower = CLIPVisionModel.from_pretrained(
26	            self.vision_tower_name, low_cpu_mem_usage=True
27	        )
28	        self.vision_tower.requires_grad_(False)

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/utils.py:5:10
4	def auto_upgrade(config):
5	    cfg = AutoConfig.from_pretrained(config)
6	    if "llava" in config and "llava" not in cfg.model_type:

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/train/train.py:847:21
846	        if "mpt" in model_args.model_name_or_path:
847	            config = transformers.AutoConfig.from_pretrained(
848	                model_args.model_name_or_path, trust_remote_code=True
849	            )
850	            config.attn_config["attn_impl"] = training_args.mpt_attn_impl

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/train/train.py:864:16
863	    else:
864	        model = transformers.LlamaForCausalLM.from_pretrained(
865	            model_args.model_name_or_path,
866	            cache_dir=training_args.cache_dir,
867	            **bnb_model_from_pretrained_args,
868	        )
869	    model.config.use_cache = False

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/train/train.py:916:20
915	    if "mpt" in model_args.model_name_or_path:
916	        tokenizer = transformers.AutoTokenizer.from_pretrained(
917	            model_args.model_name_or_path,
918	            cache_dir=training_args.cache_dir,
919	            model_max_length=training_args.model_max_length,
920	            padding_side="right",
921	        )
922	    else:

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/train/train.py:923:20
922	    else:
923	        tokenizer = transformers.AutoTokenizer.from_pretrained(
924	            model_args.model_name_or_path,
925	            cache_dir=training_args.cache_dir,
926	            model_max_length=training_args.model_max_length,
927	            padding_side="right",
928	            use_fast=False,
929	        )
930	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/utils/dataset.py:333:36
332	        self.transform = ResizeLongestSide(image_size)
333	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(vision_tower)
334	

--------------------------------------------------
>> Issue: [B301:blacklist] Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b301-pickle
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/utils/grefer.py:55:32
54	        if osp.exists(ref_file):
55	            self.data["refs"] = pickle.load(open(ref_file, "rb"), fix_imports=True)
56	        else:

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/utils/reason_seg_dataset.py:51:36
50	        self.transform = ResizeLongestSide(image_size)
51	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(vision_tower)
52	

--------------------------------------------------
>> Issue: [B301:blacklist] Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b301-pickle
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/utils/refer.py:68:28
67	        self.data["dataset"] = dataset
68	        self.data["refs"] = pickle.load(open(ref_file, "rb"))
69	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/utils/refer_seg_dataset.py:46:36
45	        self.transform = ResizeLongestSide(image_size)
46	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(vision_tower)
47	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/utils/sem_seg_dataset.py:154:36
153	        self.transform = ResizeLongestSide(image_size)
154	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(vision_tower)
155	

--------------------------------------------------
>> Issue: [B307:blacklist] Use of possibly insecure function - consider using safer ast.literal_eval.
   Severity: Medium   Confidence: High
   CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b307-eval
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/utils/sem_seg_dataset.py:164:38
163	        for ds in self.sem_seg_datas:
164	            classes, images, labels = eval("init_{}".format(ds))(base_image_dir)
165	            self.data2list[ds] = (images, labels)

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/utils/vqa_dataset.py:58:36
57	        self.transform = ResizeLongestSide(image_size)
58	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(vision_tower)
59	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/LISA_gradio_interface.py:55:25
54	        # Create tokenizer
55	        self.tokenizer = AutoTokenizer.from_pretrained(
56	            self.args.version,
57	            cache_dir=None,
58	            model_max_length=self.args.model_max_length,
59	            padding_side="right",
60	            use_fast=False,
61	        )
62	        self.tokenizer.pad_token = self.tokenizer.unk_token

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/LISA_gradio_interface.py:139:36
138	        # Initialize processors
139	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(self.model.config.vision_tower)
140	        self.transform = ResizeLongestSide(self.args.image_size)

--------------------------------------------------
>> Issue: [B104:hardcoded_bind_all_interfaces] Possible binding to all interfaces.
   Severity: Medium   Confidence: Medium
   CWE: CWE-605 (https://cwe.mitre.org/data/definitions/605.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b104_hardcoded_bind_all_interfaces.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/LISA_gradio_interface.py:412:20
411	    demo.launch(
412	        server_name="0.0.0.0",
413	        server_port=7860,

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/chat.py:71:16
70	    # Create model
71	    tokenizer = AutoTokenizer.from_pretrained(
72	        args.version,
73	        cache_dir=None,
74	        model_max_length=args.model_max_length,
75	        padding_side="right",
76	        use_fast=False,
77	    )
78	    tokenizer.pad_token = tokenizer.unk_token

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/chat.py:149:27
148	
149	    clip_image_processor = CLIPImageProcessor.from_pretrained(model.config.vision_tower)
150	    transform = ResizeLongestSide(args.image_size)

--------------------------------------------------
>> Issue: [B614:pytorch_load] Use of unsafe PyTorch load
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b614_pytorch_load.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/csrnet/run.py:23:13
22	
23	checkpoint = torch.load('weights.pth', map_location="cpu")
24	model.load_state_dict(checkpoint)

--------------------------------------------------
>> Issue: [B614:pytorch_load] Use of unsafe PyTorch load
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b614_pytorch_load.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/csrnet_service.py:22:21
21	        self.model = CSRNet().to(self.device)
22	        checkpoint = torch.load(weights_path, map_location=self.device)
23	        self.model.load_state_dict(checkpoint)

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/lisa_segmentor.py:55:25
54	        # Tokenizer
55	        self.tokenizer = AutoTokenizer.from_pretrained(
56	            self.args.version,
57	            cache_dir=None,
58	            model_max_length=self.args.model_max_length,
59	            padding_side="right",
60	            use_fast=False,
61	        )
62	        self.tokenizer.pad_token = self.tokenizer.unk_token

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/lisa_segmentor.py:147:36
146	
147	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(self.model.config.vision_tower)
148	        self.transform = ResizeLongestSide(self.args.image_size)

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/apply_delta.py:15:11
14	    print("Loading base model")
15	    base = AutoModelForCausalLM.from_pretrained(
16	        base_model_path, torch_dtype=torch.float16, low_cpu_mem_usage=True
17	    )
18	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/apply_delta.py:23:22
22	    )
23	    delta_tokenizer = AutoTokenizer.from_pretrained(delta_path)
24	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/consolidate.py:16:16
15	    auto_upgrade(src_path)
16	    src_model = AutoModelForCausalLM.from_pretrained(
17	        src_path, torch_dtype=torch.float16, low_cpu_mem_usage=True
18	    )
19	    src_tokenizer = AutoTokenizer.from_pretrained(src_path, use_fast=False)

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/consolidate.py:19:20
18	    )
19	    src_tokenizer = AutoTokenizer.from_pretrained(src_path, use_fast=False)
20	    src_model.save_pretrained(dst_path)

--------------------------------------------------
>> Issue: [B614:pytorch_load] Use of unsafe PyTorch load
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b614_pytorch_load.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/llava_arch.py:69:35
68	        if pretrain_mm_mlp_adapter is not None:
69	            mm_projector_weights = torch.load(
70	                pretrain_mm_mlp_adapter, map_location="cpu"
71	            )
72	

--------------------------------------------------
>> Issue: [B614:pytorch_load] Use of unsafe PyTorch load
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b614_pytorch_load.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/llava_arch.py:378:39
377	            if model_args.pretrain_mm_mlp_adapter:
378	                mm_projector_weights = torch.load(
379	                    model_args.pretrain_mm_mlp_adapter, map_location="cpu"
380	                )
381	                embed_tokens_weight = mm_projector_weights["model.embed_tokens.weight"]

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/make_delta.py:15:11
14	    print("Loading base model")
15	    base = AutoModelForCausalLM.from_pretrained(
16	        base_model_path, torch_dtype=torch.float16, low_cpu_mem_usage=True
17	    )
18	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/make_delta.py:21:13
20	    auto_upgrade(target_model_path)
21	    target = AutoModelForCausalLM.from_pretrained(
22	        target_model_path, torch_dtype=torch.float16, low_cpu_mem_usage=True
23	    )
24	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/make_delta.py:49:23
48	    target.save_pretrained(delta_path, **kwargs)
49	    target_tokenizer = AutoTokenizer.from_pretrained(target_model_path)
50	    target_tokenizer.save_pretrained(delta_path, **kwargs)

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/multimodal_encoder/clip_encoder.py:19:28
18	        else:
19	            self.cfg_only = CLIPVisionConfig.from_pretrained(self.vision_tower_name)
20	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/multimodal_encoder/clip_encoder.py:22:31
21	    def load_model(self):
22	        self.image_processor = CLIPImageProcessor.from_pretrained(
23	            self.vision_tower_name
24	        )
25	        self.vision_tower = CLIPVisionModel.from_pretrained(

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/multimodal_encoder/clip_encoder.py:25:28
24	        )
25	        self.vision_tower = CLIPVisionModel.from_pretrained(
26	            self.vision_tower_name, low_cpu_mem_usage=True
27	        )
28	        self.vision_tower.requires_grad_(False)

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/utils.py:5:10
4	def auto_upgrade(config):
5	    cfg = AutoConfig.from_pretrained(config)
6	    if "llava" in config and "llava" not in cfg.model_type:

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/train/train.py:847:21
846	        if "mpt" in model_args.model_name_or_path:
847	            config = transformers.AutoConfig.from_pretrained(
848	                model_args.model_name_or_path, trust_remote_code=True
849	            )
850	            config.attn_config["attn_impl"] = training_args.mpt_attn_impl

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/train/train.py:864:16
863	    else:
864	        model = transformers.LlamaForCausalLM.from_pretrained(
865	            model_args.model_name_or_path,
866	            cache_dir=training_args.cache_dir,
867	            **bnb_model_from_pretrained_args,
868	        )
869	    model.config.use_cache = False

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/train/train.py:916:20
915	    if "mpt" in model_args.model_name_or_path:
916	        tokenizer = transformers.AutoTokenizer.from_pretrained(
917	            model_args.model_name_or_path,
918	            cache_dir=training_args.cache_dir,
919	            model_max_length=training_args.model_max_length,
920	            padding_side="right",
921	        )
922	    else:

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/train/train.py:923:20
922	    else:
923	        tokenizer = transformers.AutoTokenizer.from_pretrained(
924	            model_args.model_name_or_path,
925	            cache_dir=training_args.cache_dir,
926	            model_max_length=training_args.model_max_length,
927	            padding_side="right",
928	            use_fast=False,
929	        )
930	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/utils/dataset.py:333:36
332	        self.transform = ResizeLongestSide(image_size)
333	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(vision_tower)
334	

--------------------------------------------------
>> Issue: [B301:blacklist] Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b301-pickle
   Location: ./Crowd_Monitoring/LISA_Heatmap/utils/grefer.py:55:32
54	        if osp.exists(ref_file):
55	            self.data["refs"] = pickle.load(open(ref_file, "rb"), fix_imports=True)
56	        else:

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/utils/reason_seg_dataset.py:51:36
50	        self.transform = ResizeLongestSide(image_size)
51	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(vision_tower)
52	

--------------------------------------------------
>> Issue: [B301:blacklist] Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b301-pickle
   Location: ./Crowd_Monitoring/LISA_Heatmap/utils/refer.py:68:28
67	        self.data["dataset"] = dataset
68	        self.data["refs"] = pickle.load(open(ref_file, "rb"))
69	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/utils/refer_seg_dataset.py:46:36
45	        self.transform = ResizeLongestSide(image_size)
46	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(vision_tower)
47	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/utils/sem_seg_dataset.py:154:36
153	        self.transform = ResizeLongestSide(image_size)
154	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(vision_tower)
155	

--------------------------------------------------
>> Issue: [B307:blacklist] Use of possibly insecure function - consider using safer ast.literal_eval.
   Severity: Medium   Confidence: High
   CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b307-eval
   Location: ./Crowd_Monitoring/LISA_Heatmap/utils/sem_seg_dataset.py:164:38
163	        for ds in self.sem_seg_datas:
164	            classes, images, labels = eval("init_{}".format(ds))(base_image_dir)
165	            self.data2list[ds] = (images, labels)

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/utils/vqa_dataset.py:58:36
57	        self.transform = ResizeLongestSide(image_size)
58	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(vision_tower)
59	

--------------------------------------------------
>> Issue: [B614:pytorch_load] Use of unsafe PyTorch load
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b614_pytorch_load.html
   Location: ./Player_Tracking/YOLOV3_Model/YOLOV3/utils/utils.py:468:8
467	    # Strip optimizer from *.pt files for lighter files (reduced by 2/3 size)
468	    a = torch.load(filename, map_location='cpu')
469	    a['optimizer'] = []

--------------------------------------------------
>> Issue: [B614:pytorch_load] Use of unsafe PyTorch load
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b614_pytorch_load.html
   Location: ./Player_Tracking/tennis_tracking/court_line_detector/court_line_detector.py:10:35
9	        self.model.fc = torch.nn.Linear(self.model.fc.in_features,14*2)
10	        self.model.load_state_dict(torch.load(model_path,map_location='cpu'))
11	

--------------------------------------------------
>> Issue: [B301:blacklist] Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b301-pickle
   Location: ./Player_Tracking/tennis_tracking/trackers/ball_tracker.py:61:34
60	            with open(stub_path,'rb') as f:
61	                ball_detections = pickle.load(f)
62	            return ball_detections

--------------------------------------------------
>> Issue: [B301:blacklist] Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b301-pickle
   Location: ./Player_Tracking/tennis_tracking/trackers/player_tracker.py:53:36
52	            with open(stub_path,'rb') as f:
53	                player_detections = pickle.load(f)
54	            return player_detections

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b108_hardcoded_tmp_directory.html
   Location: ./data_streaming_backend/airflow/dags/heatmaps_kafka.py:44:49
43	    coco_names = os.getenv('COCO_NAMES')
44	    tmp_output_dir = os.getenv('TMP_OUTPUT_DIR', '/tmp')
45	

--------------------------------------------------
>> Issue: [B310:blacklist] Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
   Severity: Medium   Confidence: High
   CWE: CWE-22 (https://cwe.mitre.org/data/definitions/22.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b310-urllib-urlopen
   Location: ./data_streaming_backend/airflow/dags/heatmaps_kafka.py:48:12
47	        if not os.path.exists(yolo_config):
48	            urllib.request.urlretrieve("https://raw.githubusercontent.com/AlexeyAB/darknet/master/cfg/yolov4.cfg", yolo_config)
49	        if not os.path.exists(yolo_weights):

--------------------------------------------------
>> Issue: [B310:blacklist] Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
   Severity: Medium   Confidence: High
   CWE: CWE-22 (https://cwe.mitre.org/data/definitions/22.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b310-urllib-urlopen
   Location: ./data_streaming_backend/airflow/dags/heatmaps_kafka.py:50:12
49	        if not os.path.exists(yolo_weights):
50	            urllib.request.urlretrieve("https://github.com/AlexeyAB/darknet/releases/download/yolov4/yolov4.weights", yolo_weights)
51	        if not os.path.exists(coco_names):

--------------------------------------------------
>> Issue: [B310:blacklist] Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
   Severity: Medium   Confidence: High
   CWE: CWE-22 (https://cwe.mitre.org/data/definitions/22.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b310-urllib-urlopen
   Location: ./data_streaming_backend/airflow/dags/heatmaps_kafka.py:52:12
51	        if not os.path.exists(coco_names):
52	            urllib.request.urlretrieve("https://raw.githubusercontent.com/pjreddie/darknet/master/data/coco.names", coco_names)
53	    except Exception as e:

--------------------------------------------------
>> Issue: [B113:request_without_timeout] Call to requests without timeout
   Severity: Medium   Confidence: Low
   CWE: CWE-400 (https://cwe.mitre.org/data/definitions/400.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b113_request_without_timeout.html
   Location: ./data_streaming_backend/api.py:216:19
215	        validate_url(health_url)
216	        response = requests.get(health_url)
217	        if response.status_code == 200:

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b108_hardcoded_tmp_directory.html
   Location: ./data_streaming_backend/detect_faces_and_features.py:16:16
15	    'RESULTS_TOPIC': 'face_results',
16	    'YOLO_CFG': '/tmp/yolov4-face.cfg',
17	    'YOLO_WEIGHTS': '/tmp/yolov4-face.weights',
18	    'MASK_MODEL': '/tmp/mask_detector.model',
19	    'AGE_PROTO': '/tmp/age_deploy.prototxt',
20	    'AGE_MODEL': '/tmp/age_net.caffemodel',
21	    'EMOTION_MODEL': '/tmp/emotion-ferplus-8.onnx'
22	}
23	
24	def detect_faces_and_features():
25	    import os
26	    import cv2
27	    import io

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b108_hardcoded_tmp_directory.html
   Location: ./data_streaming_backend/detect_faces_and_features.py:17:20
16	    'YOLO_CFG': '/tmp/yolov4-face.cfg',
17	    'YOLO_WEIGHTS': '/tmp/yolov4-face.weights',
18	    'MASK_MODEL': '/tmp/mask_detector.model',
19	    'AGE_PROTO': '/tmp/age_deploy.prototxt',
20	    'AGE_MODEL': '/tmp/age_net.caffemodel',
21	    'EMOTION_MODEL': '/tmp/emotion-ferplus-8.onnx'
22	}
23	
24	def detect_faces_and_features():
25	    import os
26	    import cv2
27	    import io
28	    import json

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b108_hardcoded_tmp_directory.html
   Location: ./data_streaming_backend/detect_faces_and_features.py:18:18
17	    'YOLO_WEIGHTS': '/tmp/yolov4-face.weights',
18	    'MASK_MODEL': '/tmp/mask_detector.model',
19	    'AGE_PROTO': '/tmp/age_deploy.prototxt',
20	    'AGE_MODEL': '/tmp/age_net.caffemodel',
21	    'EMOTION_MODEL': '/tmp/emotion-ferplus-8.onnx'
22	}
23	
24	def detect_faces_and_features():
25	    import os
26	    import cv2
27	    import io
28	    import json
29	    import numpy as np

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b108_hardcoded_tmp_directory.html
   Location: ./data_streaming_backend/detect_faces_and_features.py:19:17
18	    'MASK_MODEL': '/tmp/mask_detector.model',
19	    'AGE_PROTO': '/tmp/age_deploy.prototxt',
20	    'AGE_MODEL': '/tmp/age_net.caffemodel',
21	    'EMOTION_MODEL': '/tmp/emotion-ferplus-8.onnx'
22	}
23	
24	def detect_faces_and_features():
25	    import os
26	    import cv2
27	    import io
28	    import json
29	    import numpy as np
30	    import urllib.request

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b108_hardcoded_tmp_directory.html
   Location: ./data_streaming_backend/detect_faces_and_features.py:20:17
19	    'AGE_PROTO': '/tmp/age_deploy.prototxt',
20	    'AGE_MODEL': '/tmp/age_net.caffemodel',
21	    'EMOTION_MODEL': '/tmp/emotion-ferplus-8.onnx'
22	}
23	
24	def detect_faces_and_features():
25	    import os
26	    import cv2
27	    import io
28	    import json
29	    import numpy as np
30	    import urllib.request
31	    from PIL import Image

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b108_hardcoded_tmp_directory.html
   Location: ./data_streaming_backend/detect_faces_and_features.py:21:21
20	    'AGE_MODEL': '/tmp/age_net.caffemodel',
21	    'EMOTION_MODEL': '/tmp/emotion-ferplus-8.onnx'
22	}
23	
24	def detect_faces_and_features():
25	    import os
26	    import cv2
27	    import io
28	    import json
29	    import numpy as np
30	    import urllib.request
31	    from PIL import Image
32	    from kafka import KafkaConsumer, KafkaProducer

--------------------------------------------------
>> Issue: [B310:blacklist] Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
   Severity: Medium   Confidence: High
   CWE: CWE-22 (https://cwe.mitre.org/data/definitions/22.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b310-urllib-urlopen
   Location: ./data_streaming_backend/detect_faces_and_features.py:36:12
35	        if not os.path.exists(path):
36	            urllib.request.urlretrieve(url, path)
37	

--------------------------------------------------

Code scanned:
	Total lines of code: 40586
	Total lines skipped (#nosec): 4
	Total potential issues skipped due to specifically being disabled (e.g., #nosec BXXX): 0

Run metrics:
	Total issues (by severity):
		Undefined: 0
		Low: 324
		Medium: 84
		High: 0
	Total issues (by confidence):
		Undefined: 0
		Low: 1
		Medium: 30
		High: 377
Files skipped (0):

✅ No critical security issues detected.

The code has passed all critical security checks.

raymondchoy14

All good

mayuselva and others added 30 commits March 19, 2026 18:04

branch testing

76a5e4a

test file removed

e04c84c

Creating new branch

634ab98

Creating new branch

3ed5971

Merge branch 'Player-Tracking' of https://github.com/lucastargett/red…

09fe012

…back-orion into Player-Tracking

Remove test file

b2406a3

created service structure & whole flow

1c84fe9

Added toggle highlight functionality to Player Performance stat cards

f5cd3e3

feat: implement video processing and update gitignore and add config …

d08bc1c

…file and add init file

Implement crowd allocation risk zone assessment - density-based risk …

12b82e6

…thresholds with recommendations matching SCHEMA.md

Merge pull request #1 from s225009786/CM/density-zoning-SP1-new

9b15089

Crowd Allocation Risk Zone

crowd detection implementation

7452f35

implement baseline crowd behaviour analysis

0fd0ac0

Merge pull request #3 from lucastargett/CM/crowd-behaviour-analytics-…

6c440fe

…SP1-new implement baseline crowd behaviour analysis

Merge pull request #4 from lucastargett/CM/Video-processing-SP1-new

4287fd5

feat: implement video processing and update gitignore and add config and merged with corwd-monitoring branch

Merge pull request #5 from lucastargett/CM/crowd-detection-SP1-new

3249f8a

crowd detection implementation

crowd_allocation_risk_zone copied

322790d

Implement auth and health schemas with route integration

a2b5f43

correction cm/crowd_behaviour_analytics - missed zones to send as output

da15a5a

update ignore file to allow shared config and add vidoe processing co…

446cabb

…nfig file

Merge pull request #6 from lucastargett/CM/Video-processing-SP1-new

6afae27

update ignore file to allow shared config and add vidoe processing co…

add density zoning logic

bc727e0

Merge branch 'CM/density-zoning-SP1-new' of https://github.com/lucast…

278272c

…argett/redback-orion into CM/density-zoning-SP1-new

Implement Sprint 1 heatmap generation

05c9176

Merge pull request #8 from lucastargett/CM/density-zoning-SP1-new

8f18ff1

Cm/density zoning sp1 new

YOLO Model file

45d6d5e

Merge pull request #9 from lucastargett/CM/crowd-detection-SP1-new

96a1676

YOLO Model file

Merge pull request #10 from lucastargett/CM/heatmap-SP1-new

d26f6eb

Sprint 1: Implement initial heatmap generation

Added toggle highlight feature to API Diagnostics dashboard cards

330b835

Added Crowd Monitoring report to Browse Reports

06e5e18

lucastargett and others added 8 commits April 3, 2026 16:57

Merge pull request #17 from lucastargett/backend-api-gateway

4795c1b

Backend API Gateway - Sprint 1 Complete (Weeks 1-4)

Merge pull request #11 from shalukasw/FrontEnd

10ff6cd

Front-end

Implement testing Jersey OCR pipeline

e1a784a

Adding documentation for the re-identification and jersey ocr

6b54d76

Add files via upload

0016943

Merge pull request #19 from lucastargett/Modelling-Sri

411396c

Add initial modelling files (Sri)

Merge pull request #20 from lucastargett/Player-Tracking

ba91a13

Player tracking

Merge pull request #18 from lucastargett/crowd-monitoring

242d150

Crowd monitoring

Scott7ss and others added 4 commits April 8, 2026 19:12

feat: add safest zone card to crowd monitor

9df88a5

Implemented async PostgreSQL setup and user/job models

78c47a3

Merge pull request #26 from Prabhnoor911/feature/database

71fa787

Implemented async PostgreSQL setup and user/job models

Merge pull request #24 from Scott7ss/scott/safest-zone-card

31abe88

feat: add safest zone card to crowd monitor

Scott7ss and others added 4 commits April 13, 2026 12:30

frontend-sp2: Update Compare Players to select team before player

e62bcd1

Updated work from last sprint

744e776

Merge pull request #28 from lucastargett/UpdatedFrontEnd

148fe08

Updated work from last sprint

TOMINJOSE88 and others added 6 commits April 15, 2026 13:06

Merge branch 'backend-api-gateway'

2a24571

Merge branch 'main' of https://github.com/lucastargett/redback-orion

3661f87

Fix database.py: revert async engine to sync (psycopg2 compatible)

2deed4f

Crowd team's merged changes replaced create_engine with create_async_engine which requires asyncpg driver and breaks all backend routes. Restored correct sync setup — all routes use synchronous SQLAlchemy sessions.

Merge pull request #31 from lucastargett/backend-api-gateway

b9c9a6c

Backend API Gateway — JWT refresh token, bug fixes and API contract

Merge pull request #30 from lucastargett/frontend-sp2/scott-avg-time-…

02cfa9e

…zone feat: add avg time spent per zone card to crowd monitor

raymondchoy14 approved these changes Apr 18, 2026

View reviewed changes

raymondchoy14 merged commit ac085f2 into Redback-Operations:main Apr 18, 2026
1 check passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Sprint merge from lucastargett fork into upstream main#118

Sprint merge from lucastargett fork into upstream main#118
raymondchoy14 merged 81 commits into
Redback-Operations:mainfrom
lucastargett:main

lucastargett commented Apr 7, 2026

Uh oh!

github-actions Bot commented Apr 7, 2026

Uh oh!

github-actions Bot commented Apr 12, 2026

Uh oh!

github-actions Bot commented Apr 12, 2026

Uh oh!

github-actions Bot commented Apr 14, 2026

Uh oh!

github-actions Bot commented Apr 15, 2026

Uh oh!

github-actions Bot commented Apr 15, 2026

Uh oh!

raymondchoy14 left a comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

17 participants

Conversation

lucastargett commented Apr 7, 2026

Uh oh!

github-actions Bot commented Apr 7, 2026

🔒 Security Scan Results

Uh oh!

github-actions Bot commented Apr 12, 2026

🔒 Security Scan Results

Uh oh!

github-actions Bot commented Apr 12, 2026

🔒 Security Scan Results

Uh oh!

github-actions Bot commented Apr 14, 2026

🔒 Security Scan Results

Uh oh!

github-actions Bot commented Apr 15, 2026

🔒 Security Scan Results

Uh oh!

github-actions Bot commented Apr 15, 2026

🔒 Security Scan Results

Uh oh!

raymondchoy14 left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

17 participants