Cleaned up comments; added more classes to find_class so that SD v1.4 now imports.

Author: CrudeDiatribe

backends/model_converter/fake_torch.py

@@ -30,7 +30,7 @@ class Dummy:
 
  class MyPickle(pickle.Unpickler):
  def find_class(self, module, name):
- #making the following available will expose a vulnerability from 2011:
+ #making all of the following available will expose a vulnerability from 2011, unclear if patched
  #globals, getattr, dict, apply
 
  #print(module, name)
@@ -42,16 +42,26 @@ def find_class(self, module, name):
  return np.int64
  if name == 'HalfStorage':
  return np.float16
+ if module == 'numpy.core.multiarray' and name == 'scalar':
+ return np.core.multiarray.scalar
+ if module == 'numpy' and name == 'dtype':
+ return np.dtype
  if module == "torch._utils":
  if name == "_rebuild_tensor_v2":
  return HackTensor
  elif name == "_rebuild_parameter":
  return HackParameter
  if module == "collections" and name == "OrderedDict":
  return OrderedDict
+ if module == '_codecs' and name == 'encode':
+ from _codecs import encode
+ return encode
+ if module == "pytorch_lightning.callbacks" and name == 'model_checkpoint':
+ return Dummy
+ if module == "pytorch_lightning.callbacks.model_checkpoint" and name == 'ModelCheckpoint':
+ return Dummy
  else:
- #return Dummy
- raise pickle.UnpicklingError("'%s.%s' is forbidden" % (module, name))
+ raise pickle.UnpicklingError("'%s.%s' is forbidden" % (module, name))
 
  def persistent_load(self, pid):
  return pid