Insecure Random Number Generation in PyTorch Dataset

Description

Using the NumPy RNG inside of a PyTorch dataset can lead to issues with loading data, including identical augmentations. Instead, use the random number generators built into Python and PyTorch.

Examples

Insecure Code

python

import numpy

class MyDataset(torch.utils.data.Dataset):
    def __getitem__(self, index):
        # Using NumPy RNG
        random_value = numpy.random.randint(0, 10)
        return random_value

Secure Code

python

import torch

class MyDataset(torch.utils.data.Dataset):
    def __getitem__(self, index):
        # Using PyTorch RNG
        random_value = torch.randint(0, 10, (1,)).item()
        return random_value

Remediation

Replace NumPy RNG with PyTorch's random number generator.

Rule Details

Field	Value
ID	CODE-0249
Category	InsecureConfig
Severity	MEDIUM
CWE	CWE-330
Confidence	HIGH
Impact	LOW
Likelihood	MEDIUM
Exploitability	MODERATE
Tags	random number generation, pytorch dataset
OWASP	N/A

References

https://tanelp.github.io/posts/a-bug-that-plagues-thousands-of-open-source-ml-projects

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

Insecure Random Number Generation in PyTorch Dataset

Description

Examples

Insecure Code

Secure Code

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

Insecure Random Number Generation in PyTorch Dataset ​

Description ​

Examples ​

Insecure Code ​

Secure Code ​

Remediation ​

Rule Details ​

References ​

Insecure Random Number Generation in PyTorch Dataset

Description

Examples

Insecure Code

Secure Code

Remediation

Rule Details

References