Conversation
Signed-off-by: nithinraok <nithinrao.koluguri@gmail.com>
Signed-off-by: nithinraok <nithinrao.koluguri@gmail.com>
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| ) as proc: | ||
| stream = proc.stdout | ||
| if stream.peek(1): | ||
| done = True |
Check notice
Code scanning / CodeQL
Unused local variable Note
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 3 months ago
To fix the problem, remove the unused variable done from the function open_datastore_object_with_binary. Its only assignment is immediately followed by a return from the function, and the subsequent branch based on if not done: can simply be left as is after the loop, since done will always be False when execution reaches it. Specifically, eliminate the line done = False, and the inner assignment to done = True, along with simplifying the code to avoid using this variable at all.
Changes needed:
- Remove initialization of
done = Falsebefore the loop. - Remove assignment
done = Trueinside the loop. - Remove
if not done:—since that branch is always taken if the loop does not return, replace it with a code block that follows the loop naturally.
No imports, methods, or definitions are required.
Suggested changeset
1
nemo/utils/data_utils.py
| @@ -211,7 +211,6 @@ | ||
|
|
||
| cmd = [binary, 'get', path, '-'] | ||
|
|
||
| done = False | ||
|
|
||
| for _ in range(num_retries): | ||
| with subprocess.Popen( | ||
| @@ -219,18 +218,17 @@ | ||
| ) as proc: | ||
| stream = proc.stdout | ||
| if stream.peek(1): | ||
| done = True | ||
| return stream | ||
|
|
||
| if not done: | ||
| with subprocess.Popen( | ||
| cmd, shell=False, stdout=subprocess.PIPE, stderr=subprocess.PIPE, text=False | ||
| ) as proc: | ||
| error = proc.stderr.read().decode("utf-8", errors="ignore").strip() | ||
| raise ValueError( | ||
| f"{path} couldn't be opened with AIS binary " | ||
| f"after {num_retries} attempts because of the following exception: {error}" | ||
| ) | ||
| # If all attempts fail, raise error | ||
| with subprocess.Popen( | ||
| cmd, shell=False, stdout=subprocess.PIPE, stderr=subprocess.PIPE, text=False | ||
| ) as proc: | ||
| error = proc.stderr.read().decode("utf-8", errors="ignore").strip() | ||
| raise ValueError( | ||
| f"{path} couldn't be opened with AIS binary " | ||
| f"after {num_retries} attempts because of the following exception: {error}" | ||
| ) | ||
| return None | ||
|
|
||
|
|
Copilot is powered by AI and may make mistakes. Always verify output.
Contributor
|
[🤖]: Hi @nithinraok 👋, We wanted to let you know that a CICD pipeline for this PR just finished successfully. So it might be time to merge this PR or get some approvals. |
ko3n1g
approved these changes
Dec 10, 2025
Contributor
ko3n1g
left a comment
ko3n1g
left a comment
There was a problem hiding this comment.
@nithinraok offline asked for a fast-merge
7 tasks
chtruong814
pushed a commit
that referenced
this pull request
Jan 4, 2026
* Execute with subprocess list Signed-off-by: nithinraok <nithinrao.koluguri@gmail.com> * fix pylint issues Signed-off-by: nithinraok <nithinrao.koluguri@gmail.com> --------- Signed-off-by: nithinraok <nithinrao.koluguri@gmail.com> Signed-off-by: Charlie Truong <chtruong@nvidia.com>
chtruong814
pushed a commit
that referenced
this pull request
Jan 6, 2026
* Execute with subprocess list Signed-off-by: nithinraok <nithinrao.koluguri@gmail.com> * fix pylint issues Signed-off-by: nithinraok <nithinrao.koluguri@gmail.com> --------- Signed-off-by: nithinraok <nithinrao.koluguri@gmail.com> Signed-off-by: Charlie Truong <chtruong@nvidia.com>
8 tasks
chtruong814
added a commit
that referenced
this pull request
Jan 6, 2026
Rudra-Tiwari-codes
added a commit
to Rudra-Tiwari-codes/NeMo
that referenced
this pull request
Jan 23, 2026
Security Fix: Convert amr-nb, ogg, and g711 codecs in TranscodePerturbation from shell=True to secure subprocess patterns using explicit argument lists. - Use subprocess.Popen with pipes for amr-nb and ogg codecs - Use subprocess.run with list arguments for g711 codec - Remove unused 'Any' import to fix linting errors Related to NVIDIA-NeMo#15165 Signed-off-by: Rudra Tiwari <tiwarirudra2006@gmail.com>
8 tasks
Rudra-Tiwari-codes
added a commit
to Rudra-Tiwari-codes/NeMo
that referenced
this pull request
Jan 23, 2026
Security: Convert amr-nb, ogg, and g711 codecs in TranscodePerturbation from shell=True to secure subprocess patterns using list arguments. Changes: - Replace subprocess.check_output with shell=True to subprocess.Popen and subprocess.run with explicit argument lists for amr-nb and ogg codecs - Replace subprocess.check_output with shell=True to subprocess.run with list arguments for g711 codec - Use subprocess.DEVNULL for stderr to suppress unnecessary output - Properly close stdout pipes and wait for encoder process completion to prevent potential resource leaks - Remove unused 'Any' import from typing module This follows the precedent set in PR NVIDIA-NeMo#15165 which fixed similar security vulnerabilities in data_utils.py. Signed-off-by: Rudra-Tiwari-codes <rudratiwari2006@gmail.com> Signed-off-by: Rudra Tiwari <tiwarirudra2006@gmail.com>
AkCodes23
pushed a commit
to AkCodes23/NeMo
that referenced
this pull request
Jan 28, 2026
* Execute with subprocess list Signed-off-by: nithinraok <nithinrao.koluguri@gmail.com> * fix pylint issues Signed-off-by: nithinraok <nithinrao.koluguri@gmail.com> --------- Signed-off-by: nithinraok <nithinrao.koluguri@gmail.com> Signed-off-by: Akhil Varanasi <akhilvaranasi23@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Important
The
Update branchbutton must only be pressed in very rare occassions.An outdated branch is never blocking the merge of a PR.
Please reach out to the automation team before pressing that button.
What does this PR do ?
Fixes security related bug
Collection: ASR
Changelog
Usage
# Add a code snippet demonstrating how to use thisGitHub Actions CI
The Jenkins CI system has been replaced by GitHub Actions self-hosted runners.
The GitHub Actions CI will run automatically when the "Run CICD" label is added to the PR.
To re-run CI remove and add the label again.
To run CI on an untrusted fork, a NeMo user with write access must first click "Approve and run".
Before your PR is "Ready for review"
Pre checks:
PR Type:
If you haven't finished some of the above items you can still open "Draft" PR.
Who can review?
Anyone in the community is free to review the PR once the checks have passed.
Contributor guidelines contains specific people who can review PRs to various areas.
Additional Information