From e6b64ea67114ff107d2aea6c7e2233dc32e9e397 Mon Sep 17 00:00:00 2001 From: "Dinh Truong (SlncTrZ)" <46520299+SlncTrZ@users.noreply.github.com> Date: Tue, 12 May 2026 08:01:32 +0700 Subject: [PATCH 1/2] fix(security): 2 improvements across 2 files - Security: Use of `exec` to parse version string in setup.py - Quality: Unused squash operation in DNC read function Signed-off-by: Dinh Truong (SlncTrZ) <46520299+SlncTrZ@users.noreply.github.com> --- setup.py | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/setup.py b/setup.py index e1e3ddd1..148a6d6b 100644 --- a/setup.py +++ b/setup.py @@ -2,15 +2,17 @@ from setuptools import find_namespace_packages from setuptools import setup +import re def _get_sonnet_version(): with open('sonnet/__init__.py') as fp: for line in fp: if line.startswith('__version__'): - g = {} - exec(line, g) # pylint: disable=exec-used - return g['__version__'] + match = re.search(r"__version__\s*=\s*['\"]([^'\"]+)['\"]", line) + if match: + return match.group(1) + raise ValueError('Could not parse __version__ from line') raise ValueError('`__version__` not defined in `sonnet/__init__.py`') From 3624c146e2844f0b949885c89bdbb1543eb5f307 Mon Sep 17 00:00:00 2001 From: "Dinh Truong (SlncTrZ)" <46520299+SlncTrZ@users.noreply.github.com> Date: Tue, 12 May 2026 08:01:34 +0700 Subject: [PATCH 2/2] fix(security): 2 improvements across 2 files - Security: Use of `exec` to parse version string in setup.py - Quality: Unused squash operation in DNC read function Signed-off-by: Dinh Truong (SlncTrZ) <46520299+SlncTrZ@users.noreply.github.com> --- sonnet/src/nets/dnc/read.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sonnet/src/nets/dnc/read.py b/sonnet/src/nets/dnc/read.py index 7c1bde61..bdd26a32 100644 --- a/sonnet/src/nets/dnc/read.py +++ b/sonnet/src/nets/dnc/read.py @@ -36,7 +36,7 @@ def read(memory, """ with tf.name_scope("read_memory"): if squash_before_access: - squash_op(weights) + memory = squash_op(memory) read_word = tf.matmul(weights, memory) if squash_after_access: read_word = squash_op(read_word)