Skip to content

Updated front end#120

Merged
raymondchoy14 merged 72 commits into
Redback-Operations:mainfrom
lucastargett:UpdatedFrontEnd
Apr 18, 2026
Merged

Updated front end#120
raymondchoy14 merged 72 commits into
Redback-Operations:mainfrom
lucastargett:UpdatedFrontEnd

Conversation

@J4k3Ng0
Copy link
Copy Markdown
Contributor

@J4k3Ng0 J4k3Ng0 commented Apr 13, 2026

No description provided.

mayuselva and others added 30 commits March 19, 2026 18:04
@mayuselva
branch testing
76a5e4a
@mayuselva
test file removed
e04c84c
@quan-le
Creating new branch
634ab98
@quan-le
Creating new branch
3ed5971
@quan-le
Merge branch 'Player-Tracking' of https://github.com/lucastargett/red…
09fe012 
…back-orion into Player-Tracking
@quan-le
Remove test file
b2406a3
@mayuselva
created service structure & whole flow
1c84fe9
@shalukasw
Added toggle highlight functionality to Player Performance stat cards
f5cd3e3
@aniket939
feat: implement video processing and update gitignore and add config …
d08bc1c 
…file and add init file
@s225009786
Implement crowd allocation risk zone assessment - density-based risk …
12b82e6 
…thresholds with recommendations matching SCHEMA.md
@lucastargett
Merge pull request #1 from s225009786/CM/density-zoning-SP1-new
9b15089 
Crowd Allocation Risk Zone
@ShivamSaini09
crowd detection implementation
7452f35
@mayuselva
implement baseline crowd behaviour analysis
0fd0ac0
@MAYURA26-bot
Merge pull request #3 from lucastargett/CM/crowd-behaviour-analytics-…
6c440fe 
…SP1-new

implement baseline crowd behaviour analysis
@MAYURA26-bot
Merge pull request #4 from lucastargett/CM/Video-processing-SP1-new
4287fd5 
feat: implement video processing and update gitignore and add config and merged with corwd-monitoring branch
@MAYURA26-bot
Merge pull request #5 from lucastargett/CM/crowd-detection-SP1-new
3249f8a 
crowd detection implementation
@mayuselva
crowd_allocation_risk_zone copied
322790d
@lucastargett
Implement auth and health schemas with route integration
a2b5f43
@mayuselva
correction cm/crowd_behaviour_analytics - missed zones to send as output
da15a5a
@aniket939
update ignore file to allow shared config and add vidoe processing co…
446cabb 
…nfig file
@MAYURA26-bot
Merge pull request #6 from lucastargett/CM/Video-processing-SP1-new
6afae27 
update ignore file to allow shared config and add vidoe processing co…
@TolaniRidmini
add density zoning logic
bc727e0
@TolaniRidmini
Merge branch 'CM/density-zoning-SP1-new' of https://github.com/lucast…
278272c 
…argett/redback-orion into CM/density-zoning-SP1-new
@chiranthgowdaxaus
Implement Sprint 1 heatmap generation
05c9176
@MAYURA26-bot
Merge pull request #8 from lucastargett/CM/density-zoning-SP1-new
8f18ff1 
Cm/density zoning sp1 new
@ShivamSaini09
YOLO Model file
45d6d5e
@MAYURA26-bot
Merge pull request #9 from lucastargett/CM/crowd-detection-SP1-new
96a1676 
YOLO Model file
@MAYURA26-bot
Merge pull request #10 from lucastargett/CM/heatmap-SP1-new
d26f6eb 
Sprint 1: Implement initial heatmap generation
@shalukasw
Added toggle highlight feature to API Diagnostics dashboard cards
330b835
@shalukasw
Added Crowd Monitoring report to Browse Reports
06e5e18
WilliamHamilton22 and others added 27 commits April 1, 2026 16:38
@WilliamHamilton22
Connecting mock player and crowd services to routes
353044b
@TOMINJOSE88
Implement auth core - bcrypt hashing, JWT tokens, and RBAC dependencies
8679bf3
@TOMINJOSE88
Implement auth core - bcrypt hashing, JWT tokens, and RBAC dependencies
742a94b
@Prabhnoor911
implemented .env, config.py, global error handling and logging in mai…
43cc5fe 
…n.py
@TOMINJOSE88
Add global error handler, logging config, and DEBUG flag
6e1d125 
Applies Prabhnoor's PR #16 changes: structured logging via logging.basicConfig,
global exception handler returning clean JSON, DEBUG/LOG_LEVEL env vars in config.
@TOMINJOSE88
Revert "Add global error handler, logging config, and DEBUG flag"
3db7f2e 
This reverts commit 05cd669.
@TOMINJOSE88
Fix LoginRequest to use email instead of username
a9ee3f5 
Login should accept email+password per the API contract.
Also fix login route response to derive username from email.
@TOMINJOSE88
Implement real auth routes and job schemas
a9a72f1 
- routes/auth.py: real register/login with DB + bcrypt + JWT, add GET /auth/me
- schemas/auth.py: update UserResponse to match DB model (user_id, role, created_at)
- schemas/jobs.py: implement UploadResponse, JobSummary, JobDetail, JobListResponse
@TOMINJOSE88
Implement Week 4: upload route, job routes, background processing
9a05c37 
- routes/upload.py: POST /upload with video format validation, DB job creation,
  process_video() background task using asyncio.gather (partial/done/failed handling)
- routes/jobs.py: GET /status, GET /jobs (paginated), GET /jobs/{id},
  POST /jobs/{id}/retry (failed services only), DELETE /jobs/{id} — all RBAC enforced
- main.py: wire upload + jobs routers, restore logging and global error handler
- config.py: add DEBUG and LOG_LEVEL env vars
@TOMINJOSE88
Add auth and health tests, fix UserResponse UUID type
f9929d0 
- tests/conftest.py: shared fixtures with mocked DB dependency
- tests/test_auth.py: 9 tests covering register, login, and GET /auth/me
- tests/test_health.py: 3 tests covering health endpoint
- schemas/auth.py: fix user_id type from str to UUID
@TOMINJOSE88
Auto-create DB tables on startup and add .env.example
d50d2ed
@TOMINJOSE88
Merge William's PR #15: connect mock services to routes
2e0498c
@TOMINJOSE88
Merge Prabhnoor's PR #16: global error handler and logging
edeb283
@quan-le
Implement ReIdentification testing pipeline for tracking model when l…
ed67763 
…osing track
@lucastargett
Merge pull request #17 from lucastargett/backend-api-gateway
4795c1b 
Backend API Gateway - Sprint 1 Complete (Weeks 1-4)
@lucastargett
Merge pull request #11 from shalukasw/FrontEnd
10ff6cd 
Front-end
@quan-le
Implement testing Jersey OCR pipeline
e1a784a
@quan-le
Adding documentation for the re-identification and jersey ocr
6b54d76
@sri-bandara
Add files via upload
0016943
@quan-le
Merge pull request #19 from lucastargett/Modelling-Sri
411396c 
Add initial modelling files (Sri)
@lucastargett
Merge pull request #20 from lucastargett/Player-Tracking
ba91a13 
Player tracking
@lucastargett
Merge pull request #18 from lucastargett/crowd-monitoring
242d150 
Crowd monitoring
@Scott7ss
feat: add safest zone card to crowd monitor
9df88a5
@Prabhnoor911
Implemented async PostgreSQL setup and user/job models
78c47a3
@lucastargett
Merge pull request #26 from Prabhnoor911/feature/database
71fa787 
Implemented async PostgreSQL setup and user/job models
@lucastargett
Merge pull request #24 from Scott7ss/scott/safest-zone-card
31abe88 
feat: add safest zone card to crowd monitor
@J4k3Ng0
Updated work from last sprint
744e776
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 13, 2026

🔒 Security Scan Results

🔒 Security Scan Results
=========================

Bandit Scan Results:
-------------------
Run started:2026-04-13 13:24:17.875456+00:00

Test results:
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/LISA_gradio_interface.py:55:25
54	        # Create tokenizer
55	        self.tokenizer = AutoTokenizer.from_pretrained(
56	            self.args.version,
57	            cache_dir=None,
58	            model_max_length=self.args.model_max_length,
59	            padding_side="right",
60	            use_fast=False,
61	        )
62	        self.tokenizer.pad_token = self.tokenizer.unk_token

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/LISA_gradio_interface.py:139:36
138	        # Initialize processors
139	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(self.model.config.vision_tower)
140	        self.transform = ResizeLongestSide(self.args.image_size)

--------------------------------------------------
>> Issue: [B104:hardcoded_bind_all_interfaces] Possible binding to all interfaces.
   Severity: Medium   Confidence: Medium
   CWE: CWE-605 (https://cwe.mitre.org/data/definitions/605.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b104_hardcoded_bind_all_interfaces.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/LISA_gradio_interface.py:412:20
411	    demo.launch(
412	        server_name="0.0.0.0",
413	        server_port=7860,

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/chat.py:71:16
70	    # Create model
71	    tokenizer = AutoTokenizer.from_pretrained(
72	        args.version,
73	        cache_dir=None,
74	        model_max_length=args.model_max_length,
75	        padding_side="right",
76	        use_fast=False,
77	    )
78	    tokenizer.pad_token = tokenizer.unk_token

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/chat.py:149:27
148	
149	    clip_image_processor = CLIPImageProcessor.from_pretrained(model.config.vision_tower)
150	    transform = ResizeLongestSide(args.image_size)

--------------------------------------------------
>> Issue: [B614:pytorch_load] Use of unsafe PyTorch load
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b614_pytorch_load.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/csrnet/run.py:23:13
22	
23	checkpoint = torch.load('weights.pth', map_location="cpu")
24	model.load_state_dict(checkpoint)

--------------------------------------------------
>> Issue: [B614:pytorch_load] Use of unsafe PyTorch load
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b614_pytorch_load.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/csrnet_service.py:22:21
21	        self.model = CSRNet().to(self.device)
22	        checkpoint = torch.load(weights_path, map_location=self.device)
23	        self.model.load_state_dict(checkpoint)

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/lisa_segmentor.py:55:25
54	        # Tokenizer
55	        self.tokenizer = AutoTokenizer.from_pretrained(
56	            self.args.version,
57	            cache_dir=None,
58	            model_max_length=self.args.model_max_length,
59	            padding_side="right",
60	            use_fast=False,
61	        )
62	        self.tokenizer.pad_token = self.tokenizer.unk_token

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/lisa_segmentor.py:147:36
146	
147	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(self.model.config.vision_tower)
148	        self.transform = ResizeLongestSide(self.args.image_size)

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/apply_delta.py:15:11
14	    print("Loading base model")
15	    base = AutoModelForCausalLM.from_pretrained(
16	        base_model_path, torch_dtype=torch.float16, low_cpu_mem_usage=True
17	    )
18	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/apply_delta.py:23:22
22	    )
23	    delta_tokenizer = AutoTokenizer.from_pretrained(delta_path)
24	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/consolidate.py:16:16
15	    auto_upgrade(src_path)
16	    src_model = AutoModelForCausalLM.from_pretrained(
17	        src_path, torch_dtype=torch.float16, low_cpu_mem_usage=True
18	    )
19	    src_tokenizer = AutoTokenizer.from_pretrained(src_path, use_fast=False)

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/consolidate.py:19:20
18	    )
19	    src_tokenizer = AutoTokenizer.from_pretrained(src_path, use_fast=False)
20	    src_model.save_pretrained(dst_path)

--------------------------------------------------
>> Issue: [B614:pytorch_load] Use of unsafe PyTorch load
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b614_pytorch_load.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/llava_arch.py:69:35
68	        if pretrain_mm_mlp_adapter is not None:
69	            mm_projector_weights = torch.load(
70	                pretrain_mm_mlp_adapter, map_location="cpu"
71	            )
72	

--------------------------------------------------
>> Issue: [B614:pytorch_load] Use of unsafe PyTorch load
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b614_pytorch_load.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/llava_arch.py:378:39
377	            if model_args.pretrain_mm_mlp_adapter:
378	                mm_projector_weights = torch.load(
379	                    model_args.pretrain_mm_mlp_adapter, map_location="cpu"
380	                )
381	                embed_tokens_weight = mm_projector_weights["model.embed_tokens.weight"]

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/make_delta.py:15:11
14	    print("Loading base model")
15	    base = AutoModelForCausalLM.from_pretrained(
16	        base_model_path, torch_dtype=torch.float16, low_cpu_mem_usage=True
17	    )
18	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/make_delta.py:21:13
20	    auto_upgrade(target_model_path)
21	    target = AutoModelForCausalLM.from_pretrained(
22	        target_model_path, torch_dtype=torch.float16, low_cpu_mem_usage=True
23	    )
24	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/make_delta.py:49:23
48	    target.save_pretrained(delta_path, **kwargs)
49	    target_tokenizer = AutoTokenizer.from_pretrained(target_model_path)
50	    target_tokenizer.save_pretrained(delta_path, **kwargs)

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/multimodal_encoder/clip_encoder.py:19:28
18	        else:
19	            self.cfg_only = CLIPVisionConfig.from_pretrained(self.vision_tower_name)
20	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/multimodal_encoder/clip_encoder.py:22:31
21	    def load_model(self):
22	        self.image_processor = CLIPImageProcessor.from_pretrained(
23	            self.vision_tower_name
24	        )
25	        self.vision_tower = CLIPVisionModel.from_pretrained(

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/multimodal_encoder/clip_encoder.py:25:28
24	        )
25	        self.vision_tower = CLIPVisionModel.from_pretrained(
26	            self.vision_tower_name, low_cpu_mem_usage=True
27	        )
28	        self.vision_tower.requires_grad_(False)

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/model/utils.py:5:10
4	def auto_upgrade(config):
5	    cfg = AutoConfig.from_pretrained(config)
6	    if "llava" in config and "llava" not in cfg.model_type:

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/train/train.py:847:21
846	        if "mpt" in model_args.model_name_or_path:
847	            config = transformers.AutoConfig.from_pretrained(
848	                model_args.model_name_or_path, trust_remote_code=True
849	            )
850	            config.attn_config["attn_impl"] = training_args.mpt_attn_impl

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/train/train.py:864:16
863	    else:
864	        model = transformers.LlamaForCausalLM.from_pretrained(
865	            model_args.model_name_or_path,
866	            cache_dir=training_args.cache_dir,
867	            **bnb_model_from_pretrained_args,
868	        )
869	    model.config.use_cache = False

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/train/train.py:916:20
915	    if "mpt" in model_args.model_name_or_path:
916	        tokenizer = transformers.AutoTokenizer.from_pretrained(
917	            model_args.model_name_or_path,
918	            cache_dir=training_args.cache_dir,
919	            model_max_length=training_args.model_max_length,
920	            padding_side="right",
921	        )
922	    else:

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/model/llava/train/train.py:923:20
922	    else:
923	        tokenizer = transformers.AutoTokenizer.from_pretrained(
924	            model_args.model_name_or_path,
925	            cache_dir=training_args.cache_dir,
926	            model_max_length=training_args.model_max_length,
927	            padding_side="right",
928	            use_fast=False,
929	        )
930	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/utils/dataset.py:333:36
332	        self.transform = ResizeLongestSide(image_size)
333	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(vision_tower)
334	

--------------------------------------------------
>> Issue: [B301:blacklist] Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b301-pickle
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/utils/grefer.py:55:32
54	        if osp.exists(ref_file):
55	            self.data["refs"] = pickle.load(open(ref_file, "rb"), fix_imports=True)
56	        else:

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/utils/reason_seg_dataset.py:51:36
50	        self.transform = ResizeLongestSide(image_size)
51	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(vision_tower)
52	

--------------------------------------------------
>> Issue: [B301:blacklist] Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b301-pickle
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/utils/refer.py:68:28
67	        self.data["dataset"] = dataset
68	        self.data["refs"] = pickle.load(open(ref_file, "rb"))
69	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/utils/refer_seg_dataset.py:46:36
45	        self.transform = ResizeLongestSide(image_size)
46	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(vision_tower)
47	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/utils/sem_seg_dataset.py:154:36
153	        self.transform = ResizeLongestSide(image_size)
154	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(vision_tower)
155	

--------------------------------------------------
>> Issue: [B307:blacklist] Use of possibly insecure function - consider using safer ast.literal_eval.
   Severity: Medium   Confidence: High
   CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b307-eval
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/utils/sem_seg_dataset.py:164:38
163	        for ds in self.sem_seg_datas:
164	            classes, images, labels = eval("init_{}".format(ds))(base_image_dir)
165	            self.data2list[ds] = (images, labels)

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./26_T1/afl_player_tracking_and_crowd_monitoring/Crowd_Monitoring/LISA_Heatmap/utils/vqa_dataset.py:58:36
57	        self.transform = ResizeLongestSide(image_size)
58	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(vision_tower)
59	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/LISA_gradio_interface.py:55:25
54	        # Create tokenizer
55	        self.tokenizer = AutoTokenizer.from_pretrained(
56	            self.args.version,
57	            cache_dir=None,
58	            model_max_length=self.args.model_max_length,
59	            padding_side="right",
60	            use_fast=False,
61	        )
62	        self.tokenizer.pad_token = self.tokenizer.unk_token

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/LISA_gradio_interface.py:139:36
138	        # Initialize processors
139	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(self.model.config.vision_tower)
140	        self.transform = ResizeLongestSide(self.args.image_size)

--------------------------------------------------
>> Issue: [B104:hardcoded_bind_all_interfaces] Possible binding to all interfaces.
   Severity: Medium   Confidence: Medium
   CWE: CWE-605 (https://cwe.mitre.org/data/definitions/605.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b104_hardcoded_bind_all_interfaces.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/LISA_gradio_interface.py:412:20
411	    demo.launch(
412	        server_name="0.0.0.0",
413	        server_port=7860,

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/chat.py:71:16
70	    # Create model
71	    tokenizer = AutoTokenizer.from_pretrained(
72	        args.version,
73	        cache_dir=None,
74	        model_max_length=args.model_max_length,
75	        padding_side="right",
76	        use_fast=False,
77	    )
78	    tokenizer.pad_token = tokenizer.unk_token

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/chat.py:149:27
148	
149	    clip_image_processor = CLIPImageProcessor.from_pretrained(model.config.vision_tower)
150	    transform = ResizeLongestSide(args.image_size)

--------------------------------------------------
>> Issue: [B614:pytorch_load] Use of unsafe PyTorch load
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b614_pytorch_load.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/csrnet/run.py:23:13
22	
23	checkpoint = torch.load('weights.pth', map_location="cpu")
24	model.load_state_dict(checkpoint)

--------------------------------------------------
>> Issue: [B614:pytorch_load] Use of unsafe PyTorch load
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b614_pytorch_load.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/csrnet_service.py:22:21
21	        self.model = CSRNet().to(self.device)
22	        checkpoint = torch.load(weights_path, map_location=self.device)
23	        self.model.load_state_dict(checkpoint)

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/lisa_segmentor.py:55:25
54	        # Tokenizer
55	        self.tokenizer = AutoTokenizer.from_pretrained(
56	            self.args.version,
57	            cache_dir=None,
58	            model_max_length=self.args.model_max_length,
59	            padding_side="right",
60	            use_fast=False,
61	        )
62	        self.tokenizer.pad_token = self.tokenizer.unk_token

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/lisa_segmentor.py:147:36
146	
147	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(self.model.config.vision_tower)
148	        self.transform = ResizeLongestSide(self.args.image_size)

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/apply_delta.py:15:11
14	    print("Loading base model")
15	    base = AutoModelForCausalLM.from_pretrained(
16	        base_model_path, torch_dtype=torch.float16, low_cpu_mem_usage=True
17	    )
18	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/apply_delta.py:23:22
22	    )
23	    delta_tokenizer = AutoTokenizer.from_pretrained(delta_path)
24	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/consolidate.py:16:16
15	    auto_upgrade(src_path)
16	    src_model = AutoModelForCausalLM.from_pretrained(
17	        src_path, torch_dtype=torch.float16, low_cpu_mem_usage=True
18	    )
19	    src_tokenizer = AutoTokenizer.from_pretrained(src_path, use_fast=False)

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/consolidate.py:19:20
18	    )
19	    src_tokenizer = AutoTokenizer.from_pretrained(src_path, use_fast=False)
20	    src_model.save_pretrained(dst_path)

--------------------------------------------------
>> Issue: [B614:pytorch_load] Use of unsafe PyTorch load
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b614_pytorch_load.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/llava_arch.py:69:35
68	        if pretrain_mm_mlp_adapter is not None:
69	            mm_projector_weights = torch.load(
70	                pretrain_mm_mlp_adapter, map_location="cpu"
71	            )
72	

--------------------------------------------------
>> Issue: [B614:pytorch_load] Use of unsafe PyTorch load
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b614_pytorch_load.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/llava_arch.py:378:39
377	            if model_args.pretrain_mm_mlp_adapter:
378	                mm_projector_weights = torch.load(
379	                    model_args.pretrain_mm_mlp_adapter, map_location="cpu"
380	                )
381	                embed_tokens_weight = mm_projector_weights["model.embed_tokens.weight"]

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/make_delta.py:15:11
14	    print("Loading base model")
15	    base = AutoModelForCausalLM.from_pretrained(
16	        base_model_path, torch_dtype=torch.float16, low_cpu_mem_usage=True
17	    )
18	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/make_delta.py:21:13
20	    auto_upgrade(target_model_path)
21	    target = AutoModelForCausalLM.from_pretrained(
22	        target_model_path, torch_dtype=torch.float16, low_cpu_mem_usage=True
23	    )
24	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/make_delta.py:49:23
48	    target.save_pretrained(delta_path, **kwargs)
49	    target_tokenizer = AutoTokenizer.from_pretrained(target_model_path)
50	    target_tokenizer.save_pretrained(delta_path, **kwargs)

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/multimodal_encoder/clip_encoder.py:19:28
18	        else:
19	            self.cfg_only = CLIPVisionConfig.from_pretrained(self.vision_tower_name)
20	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/multimodal_encoder/clip_encoder.py:22:31
21	    def load_model(self):
22	        self.image_processor = CLIPImageProcessor.from_pretrained(
23	            self.vision_tower_name
24	        )
25	        self.vision_tower = CLIPVisionModel.from_pretrained(

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/multimodal_encoder/clip_encoder.py:25:28
24	        )
25	        self.vision_tower = CLIPVisionModel.from_pretrained(
26	            self.vision_tower_name, low_cpu_mem_usage=True
27	        )
28	        self.vision_tower.requires_grad_(False)

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/model/utils.py:5:10
4	def auto_upgrade(config):
5	    cfg = AutoConfig.from_pretrained(config)
6	    if "llava" in config and "llava" not in cfg.model_type:

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/train/train.py:847:21
846	        if "mpt" in model_args.model_name_or_path:
847	            config = transformers.AutoConfig.from_pretrained(
848	                model_args.model_name_or_path, trust_remote_code=True
849	            )
850	            config.attn_config["attn_impl"] = training_args.mpt_attn_impl

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/train/train.py:864:16
863	    else:
864	        model = transformers.LlamaForCausalLM.from_pretrained(
865	            model_args.model_name_or_path,
866	            cache_dir=training_args.cache_dir,
867	            **bnb_model_from_pretrained_args,
868	        )
869	    model.config.use_cache = False

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/train/train.py:916:20
915	    if "mpt" in model_args.model_name_or_path:
916	        tokenizer = transformers.AutoTokenizer.from_pretrained(
917	            model_args.model_name_or_path,
918	            cache_dir=training_args.cache_dir,
919	            model_max_length=training_args.model_max_length,
920	            padding_side="right",
921	        )
922	    else:

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/model/llava/train/train.py:923:20
922	    else:
923	        tokenizer = transformers.AutoTokenizer.from_pretrained(
924	            model_args.model_name_or_path,
925	            cache_dir=training_args.cache_dir,
926	            model_max_length=training_args.model_max_length,
927	            padding_side="right",
928	            use_fast=False,
929	        )
930	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/utils/dataset.py:333:36
332	        self.transform = ResizeLongestSide(image_size)
333	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(vision_tower)
334	

--------------------------------------------------
>> Issue: [B301:blacklist] Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b301-pickle
   Location: ./Crowd_Monitoring/LISA_Heatmap/utils/grefer.py:55:32
54	        if osp.exists(ref_file):
55	            self.data["refs"] = pickle.load(open(ref_file, "rb"), fix_imports=True)
56	        else:

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/utils/reason_seg_dataset.py:51:36
50	        self.transform = ResizeLongestSide(image_size)
51	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(vision_tower)
52	

--------------------------------------------------
>> Issue: [B301:blacklist] Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b301-pickle
   Location: ./Crowd_Monitoring/LISA_Heatmap/utils/refer.py:68:28
67	        self.data["dataset"] = dataset
68	        self.data["refs"] = pickle.load(open(ref_file, "rb"))
69	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/utils/refer_seg_dataset.py:46:36
45	        self.transform = ResizeLongestSide(image_size)
46	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(vision_tower)
47	

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/utils/sem_seg_dataset.py:154:36
153	        self.transform = ResizeLongestSide(image_size)
154	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(vision_tower)
155	

--------------------------------------------------
>> Issue: [B307:blacklist] Use of possibly insecure function - consider using safer ast.literal_eval.
   Severity: Medium   Confidence: High
   CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b307-eval
   Location: ./Crowd_Monitoring/LISA_Heatmap/utils/sem_seg_dataset.py:164:38
163	        for ds in self.sem_seg_datas:
164	            classes, images, labels = eval("init_{}".format(ds))(base_image_dir)
165	            self.data2list[ds] = (images, labels)

--------------------------------------------------
>> Issue: [B615:huggingface_unsafe_download] Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
   Severity: Medium   Confidence: High
   CWE: CWE-494 (https://cwe.mitre.org/data/definitions/494.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b615_huggingface_unsafe_download.html
   Location: ./Crowd_Monitoring/LISA_Heatmap/utils/vqa_dataset.py:58:36
57	        self.transform = ResizeLongestSide(image_size)
58	        self.clip_image_processor = CLIPImageProcessor.from_pretrained(vision_tower)
59	

--------------------------------------------------
>> Issue: [B614:pytorch_load] Use of unsafe PyTorch load
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b614_pytorch_load.html
   Location: ./Player_Tracking/YOLOV3_Model/YOLOV3/utils/utils.py:468:8
467	    # Strip optimizer from *.pt files for lighter files (reduced by 2/3 size)
468	    a = torch.load(filename, map_location='cpu')
469	    a['optimizer'] = []

--------------------------------------------------
>> Issue: [B614:pytorch_load] Use of unsafe PyTorch load
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b614_pytorch_load.html
   Location: ./Player_Tracking/tennis_tracking/court_line_detector/court_line_detector.py:10:35
9	        self.model.fc = torch.nn.Linear(self.model.fc.in_features,14*2)
10	        self.model.load_state_dict(torch.load(model_path,map_location='cpu'))
11	

--------------------------------------------------
>> Issue: [B301:blacklist] Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b301-pickle
   Location: ./Player_Tracking/tennis_tracking/trackers/ball_tracker.py:61:34
60	            with open(stub_path,'rb') as f:
61	                ball_detections = pickle.load(f)
62	            return ball_detections

--------------------------------------------------
>> Issue: [B301:blacklist] Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b301-pickle
   Location: ./Player_Tracking/tennis_tracking/trackers/player_tracker.py:53:36
52	            with open(stub_path,'rb') as f:
53	                player_detections = pickle.load(f)
54	            return player_detections

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b108_hardcoded_tmp_directory.html
   Location: ./data_streaming_backend/airflow/dags/heatmaps_kafka.py:44:49
43	    coco_names = os.getenv('COCO_NAMES')
44	    tmp_output_dir = os.getenv('TMP_OUTPUT_DIR', '/tmp')
45	

--------------------------------------------------
>> Issue: [B310:blacklist] Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
   Severity: Medium   Confidence: High
   CWE: CWE-22 (https://cwe.mitre.org/data/definitions/22.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b310-urllib-urlopen
   Location: ./data_streaming_backend/airflow/dags/heatmaps_kafka.py:48:12
47	        if not os.path.exists(yolo_config):
48	            urllib.request.urlretrieve("https://raw.githubusercontent.com/AlexeyAB/darknet/master/cfg/yolov4.cfg", yolo_config)
49	        if not os.path.exists(yolo_weights):

--------------------------------------------------
>> Issue: [B310:blacklist] Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
   Severity: Medium   Confidence: High
   CWE: CWE-22 (https://cwe.mitre.org/data/definitions/22.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b310-urllib-urlopen
   Location: ./data_streaming_backend/airflow/dags/heatmaps_kafka.py:50:12
49	        if not os.path.exists(yolo_weights):
50	            urllib.request.urlretrieve("https://github.com/AlexeyAB/darknet/releases/download/yolov4/yolov4.weights", yolo_weights)
51	        if not os.path.exists(coco_names):

--------------------------------------------------
>> Issue: [B310:blacklist] Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
   Severity: Medium   Confidence: High
   CWE: CWE-22 (https://cwe.mitre.org/data/definitions/22.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b310-urllib-urlopen
   Location: ./data_streaming_backend/airflow/dags/heatmaps_kafka.py:52:12
51	        if not os.path.exists(coco_names):
52	            urllib.request.urlretrieve("https://raw.githubusercontent.com/pjreddie/darknet/master/data/coco.names", coco_names)
53	    except Exception as e:

--------------------------------------------------
>> Issue: [B113:request_without_timeout] Call to requests without timeout
   Severity: Medium   Confidence: Low
   CWE: CWE-400 (https://cwe.mitre.org/data/definitions/400.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b113_request_without_timeout.html
   Location: ./data_streaming_backend/api.py:216:19
215	        validate_url(health_url)
216	        response = requests.get(health_url)
217	        if response.status_code == 200:

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b108_hardcoded_tmp_directory.html
   Location: ./data_streaming_backend/detect_faces_and_features.py:16:16
15	    'RESULTS_TOPIC': 'face_results',
16	    'YOLO_CFG': '/tmp/yolov4-face.cfg',
17	    'YOLO_WEIGHTS': '/tmp/yolov4-face.weights',
18	    'MASK_MODEL': '/tmp/mask_detector.model',
19	    'AGE_PROTO': '/tmp/age_deploy.prototxt',
20	    'AGE_MODEL': '/tmp/age_net.caffemodel',
21	    'EMOTION_MODEL': '/tmp/emotion-ferplus-8.onnx'
22	}
23	
24	def detect_faces_and_features():
25	    import os
26	    import cv2
27	    import io

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b108_hardcoded_tmp_directory.html
   Location: ./data_streaming_backend/detect_faces_and_features.py:17:20
16	    'YOLO_CFG': '/tmp/yolov4-face.cfg',
17	    'YOLO_WEIGHTS': '/tmp/yolov4-face.weights',
18	    'MASK_MODEL': '/tmp/mask_detector.model',
19	    'AGE_PROTO': '/tmp/age_deploy.prototxt',
20	    'AGE_MODEL': '/tmp/age_net.caffemodel',
21	    'EMOTION_MODEL': '/tmp/emotion-ferplus-8.onnx'
22	}
23	
24	def detect_faces_and_features():
25	    import os
26	    import cv2
27	    import io
28	    import json

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b108_hardcoded_tmp_directory.html
   Location: ./data_streaming_backend/detect_faces_and_features.py:18:18
17	    'YOLO_WEIGHTS': '/tmp/yolov4-face.weights',
18	    'MASK_MODEL': '/tmp/mask_detector.model',
19	    'AGE_PROTO': '/tmp/age_deploy.prototxt',
20	    'AGE_MODEL': '/tmp/age_net.caffemodel',
21	    'EMOTION_MODEL': '/tmp/emotion-ferplus-8.onnx'
22	}
23	
24	def detect_faces_and_features():
25	    import os
26	    import cv2
27	    import io
28	    import json
29	    import numpy as np

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b108_hardcoded_tmp_directory.html
   Location: ./data_streaming_backend/detect_faces_and_features.py:19:17
18	    'MASK_MODEL': '/tmp/mask_detector.model',
19	    'AGE_PROTO': '/tmp/age_deploy.prototxt',
20	    'AGE_MODEL': '/tmp/age_net.caffemodel',
21	    'EMOTION_MODEL': '/tmp/emotion-ferplus-8.onnx'
22	}
23	
24	def detect_faces_and_features():
25	    import os
26	    import cv2
27	    import io
28	    import json
29	    import numpy as np
30	    import urllib.request

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b108_hardcoded_tmp_directory.html
   Location: ./data_streaming_backend/detect_faces_and_features.py:20:17
19	    'AGE_PROTO': '/tmp/age_deploy.prototxt',
20	    'AGE_MODEL': '/tmp/age_net.caffemodel',
21	    'EMOTION_MODEL': '/tmp/emotion-ferplus-8.onnx'
22	}
23	
24	def detect_faces_and_features():
25	    import os
26	    import cv2
27	    import io
28	    import json
29	    import numpy as np
30	    import urllib.request
31	    from PIL import Image

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b108_hardcoded_tmp_directory.html
   Location: ./data_streaming_backend/detect_faces_and_features.py:21:21
20	    'AGE_MODEL': '/tmp/age_net.caffemodel',
21	    'EMOTION_MODEL': '/tmp/emotion-ferplus-8.onnx'
22	}
23	
24	def detect_faces_and_features():
25	    import os
26	    import cv2
27	    import io
28	    import json
29	    import numpy as np
30	    import urllib.request
31	    from PIL import Image
32	    from kafka import KafkaConsumer, KafkaProducer

--------------------------------------------------
>> Issue: [B310:blacklist] Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
   Severity: Medium   Confidence: High
   CWE: CWE-22 (https://cwe.mitre.org/data/definitions/22.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b310-urllib-urlopen
   Location: ./data_streaming_backend/detect_faces_and_features.py:36:12
35	        if not os.path.exists(path):
36	            urllib.request.urlretrieve(url, path)
37	

--------------------------------------------------

Code scanned:
	Total lines of code: 39811
	Total lines skipped (#nosec): 4
	Total potential issues skipped due to specifically being disabled (e.g., #nosec BXXX): 0

Run metrics:
	Total issues (by severity):
		Undefined: 0
		Low: 325
		Medium: 84
		High: 0
	Total issues (by confidence):
		Undefined: 0
		Low: 1
		Medium: 31
		High: 377
Files skipped (0):

No critical security issues detected.

The code has passed all critical security checks.

J4k3Ng0
J4k3Ng0 commented Apr 14, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor Author

@J4k3Ng0 J4k3Ng0 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

..

@raymondchoy14 raymondchoy14 merged commit 148fe08 into Redback-Operations:main Apr 18, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.