[MO SDL] Test MO and IR Reader on attacking inputs (#8947)
* Test MO and IR Reader on attacking inputs Signed-off-by: Roman Kazantsev <roman.kazantsev@intel.com> * Add test to check IR Reader against untrusted well-formed IR Signed-off-by: Roman Kazantsev <roman.kazantsev@intel.com> * Refactor IR Reader tests with corrupted IR Signed-off-by: Roman Kazantsev <roman.kazantsev@intel.com> * Test for regular expression denial of service Signed-off-by: Roman Kazantsev <roman.kazantsev@intel.com> * Remove undesired word like bomb Signed-off-by: Roman Kazantsev <roman.kazantsev@intel.com> * Move tests to new location Signed-off-by: Roman Kazantsev <roman.kazantsev@intel.com> * Use correct import Signed-off-by: Roman Kazantsev <roman.kazantsev@intel.com> * Revert blank line Signed-off-by: Roman Kazantsev <roman.kazantsev@intel.com>
This commit is contained in:
Roman Kazantsev
GitHub
@@ -773,6 +773,12 @@ class TestShapesParsing(unittest.TestCase):
|
||||
input_shapes = "(-12,4,1),(4,6,8)"
|
||||
self.assertRaises(Error, get_placeholder_shapes, argv_input, input_shapes)
|
||||
|
||||
def test_get_shapes_long_dimension_with_invalid_character(self):
|
||||
# test for regular expression denial of service
|
||||
argv_input = "inp1,inp2"
|
||||
input_shapes = "(222222222222222222222222222222222222222222!,4,1),(4,6,8)"
|
||||
self.assertRaises(Error, get_placeholder_shapes, argv_input, input_shapes)
|
||||
|
||||
def test_get_shapes_one_input_any_neg_shape(self):
|
||||
argv_input = "inp1, inp2"
|
||||
input_shapes = "(12,4,1),(4,-6,8)"
|
||||
|
||||
@@ -4,33 +4,126 @@
|
||||
import os
|
||||
import tempfile
|
||||
import unittest
|
||||
|
||||
from defusedxml.common import EntitiesForbidden
|
||||
|
||||
from openvino.tools.mo.utils.ir_reader.restore_graph import restore_graph_from_ir
|
||||
|
||||
|
||||
class TestIRReader(unittest.TestCase):
|
||||
def setUp(self):
|
||||
self.xml_bomb = b'<?xml version="1.0"?>\n' \
|
||||
b'<!DOCTYPE lolz [\n' \
|
||||
b' <!ENTITY lol "lol">\n' \
|
||||
b' <!ELEMENT lolz (#PCDATA)>\n' \
|
||||
b' <!ENTITY lol1 "&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;">\n' \
|
||||
b' <!ENTITY lol2 "&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;">\n' \
|
||||
b' <!ENTITY lol3 "&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;">\n' \
|
||||
b' <!ENTITY lol4 "&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;">\n' \
|
||||
b' <!ENTITY lol5 "&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;">\n' \
|
||||
b' <!ENTITY lol6 "&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;">\n' \
|
||||
b' <!ENTITY lol7 "&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;">\n' \
|
||||
b' <!ENTITY lol8 "&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;">\n' \
|
||||
b' <!ENTITY lol9 "&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;">\n' \
|
||||
b']>\n' \
|
||||
b'<lolz>&lol9;</lolz>'
|
||||
def test_read_xml_incorrect(self):
|
||||
incorrect_xml = b'<?xml version="1.0"?>\n' \
|
||||
b'<!DOCTYPE lolz [\n' \
|
||||
b' <!ENTITY lol "lol">\n' \
|
||||
b' <!ELEMENT lolz (#PCDATA)>\n' \
|
||||
b' <!ENTITY lol1 "&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;">\n' \
|
||||
b' <!ENTITY lol2 "&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;">\n' \
|
||||
b' <!ENTITY lol3 "&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;">\n' \
|
||||
b' <!ENTITY lol4 "&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;">\n' \
|
||||
b' <!ENTITY lol5 "&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;">\n' \
|
||||
b' <!ENTITY lol6 "&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;">\n' \
|
||||
b' <!ENTITY lol7 "&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;">\n' \
|
||||
b' <!ENTITY lol8 "&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;">\n' \
|
||||
b' <!ENTITY lol9 "&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;">\n' \
|
||||
b']>\n' \
|
||||
b'<lolz>&lol9;</lolz>'
|
||||
|
||||
def test_read_xml_bomb(self):
|
||||
bomb_file = tempfile.NamedTemporaryFile(delete=False)
|
||||
bomb_file.write(self.xml_bomb)
|
||||
bomb_file.close()
|
||||
self.assertRaises(EntitiesForbidden, restore_graph_from_ir, bomb_file.name)
|
||||
os.remove(bomb_file.name)
|
||||
incorrect_xml_file = tempfile.NamedTemporaryFile(delete=False)
|
||||
incorrect_xml_file.write(incorrect_xml)
|
||||
incorrect_xml_file.close()
|
||||
self.assertRaises(EntitiesForbidden, restore_graph_from_ir, incorrect_xml_file.name)
|
||||
os.remove(incorrect_xml_file.name)
|
||||
|
||||
def test_read_untrusted_IR(self):
|
||||
untrusted_xml = b'<?xml version="1.0"?>\n' \
|
||||
b'<!DOCTYPE foo [\n' \
|
||||
b'<!ELEMENT foo ANY>\n' \
|
||||
b'<!ENTITY xxe SYSTEM "file:///c:/boot.ini">\n' \
|
||||
b']>\n' \
|
||||
b'<foo>&xxe;</foo>\n'
|
||||
|
||||
untrusted_xml_file = tempfile.NamedTemporaryFile(delete=False)
|
||||
untrusted_xml_file.write(untrusted_xml)
|
||||
untrusted_xml_file.close()
|
||||
self.assertRaises(EntitiesForbidden, restore_graph_from_ir, untrusted_xml_file.name)
|
||||
os.remove(untrusted_xml_file.name)
|
||||
|
||||
def test_read_malformed_IR(self):
|
||||
ir_front = b'<?xml version="1.0"?>' \
|
||||
b'<net name="test" version="11">' \
|
||||
b' <layers>' \
|
||||
b' <layer id="0" name="parameter" type="Parameter" version="opset1">' \
|
||||
b' <data shape="1, 3, 22, 22" element_type="f32" />' \
|
||||
b' <output>' \
|
||||
b' <port id="0" precision="FP32" names="parameter">' \
|
||||
b' <dim>1</dim>' \
|
||||
b' <dim>3</dim>' \
|
||||
b' <dim>22</dim>' \
|
||||
b' <dim>22</dim>' \
|
||||
b' </port>' \
|
||||
b' </output>' \
|
||||
b' </layer>' \
|
||||
|
||||
ir_front_malformed = b'<?xml version="1.0"?>' \
|
||||
b'<net name="test" version="11">' \
|
||||
b' <layers>' \
|
||||
b' <layer id="0" name="parameter" type="Parameter" version="opset1">' \
|
||||
b' <data shape="1, 3, 22, 22" element_type="f32" />' \
|
||||
b' <output>' \
|
||||
b' <port id="boot.ini" precision="FP32" names="parameter">' \
|
||||
b' <dim>1</dim>' \
|
||||
b' <dim>3</dim>' \
|
||||
b' <dim>22</dim>' \
|
||||
b' <dim>22</dim>' \
|
||||
b' </port>' \
|
||||
b' </output>' \
|
||||
b' </layer>' \
|
||||
|
||||
ir_end = b' <layer id="1" name="Relu_4" type="ReLU" version="opset1">' \
|
||||
b' <input>' \
|
||||
b' <port id="0" precision="FP32">' \
|
||||
b' <dim>1</dim>' \
|
||||
b' <dim>3</dim>' \
|
||||
b' <dim>22</dim>' \
|
||||
b' <dim>22</dim>' \
|
||||
b' </port>' \
|
||||
b' </input>' \
|
||||
b' <output>' \
|
||||
b' <port id="1" precision="FP32">' \
|
||||
b' <dim>1</dim>' \
|
||||
b' <dim>3</dim>' \
|
||||
b' <dim>22</dim>' \
|
||||
b' <dim>22</dim>' \
|
||||
b' </port>' \
|
||||
b' </output>' \
|
||||
b' </layer>' \
|
||||
b' <layer id="2" name="result" type="Result" version="opset1">' \
|
||||
b' <input>' \
|
||||
b' <port id="0" precision="FP32">' \
|
||||
b' <dim>1</dim>' \
|
||||
b' <dim>3</dim>' \
|
||||
b' <dim>22</dim>' \
|
||||
b' <dim>22</dim>' \
|
||||
b' </port>' \
|
||||
b' </input>' \
|
||||
b' </layer>' \
|
||||
b' </layers>' \
|
||||
b' <edges>' \
|
||||
b' <edge from-layer="0" from-port="0" to-layer="1" to-port="0" />' \
|
||||
b' <edge from-layer="1" from-port="1" to-layer="2" to-port="0" />' \
|
||||
b' </edges>' \
|
||||
b'</net>' \
|
||||
|
||||
normal_ir_ir = ir_front + ir_end
|
||||
normal_ir_file = tempfile.NamedTemporaryFile(delete=False)
|
||||
normal_ir_file.write(normal_ir_ir)
|
||||
normal_ir_file.close()
|
||||
# we must expect no exceptions
|
||||
restore_graph_from_ir(normal_ir_file.name)
|
||||
os.remove(normal_ir_file.name)
|
||||
|
||||
# expect that IR Reader complains on IR with malformed port id
|
||||
malformed_ir = ir_front_malformed + ir_end
|
||||
malformed_ir_file = tempfile.NamedTemporaryFile(delete=False)
|
||||
malformed_ir_file.write(malformed_ir)
|
||||
malformed_ir_file.close()
|
||||
self.assertRaises(ValueError, restore_graph_from_ir, malformed_ir_file.name)
|
||||
os.remove(malformed_ir_file.name)
|
||||
|
||||
Reference in New Issue
Block a user