Avoid importing torch.package
Description
Importing torch.package can result in arbitrary code execution via pickle deserialization of untrusted data. This is a potential security risk as it allows an attacker to execute arbitrary code.
Examples
Insecure Code
python
import torch.packageSecure Code
python
Use alternative methods for packaging and distributing PyTorch models, such as torch.save() and torch.load()Remediation
Avoid using torch.package and instead use alternative methods for packaging and distributing PyTorch models.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0272 |
| Category | Deserialization |
| Severity | CRITICAL |
| CWE | CWE-502 |
| Confidence | LOW |
| Impact | HIGH |
| Likelihood | MEDIUM |
| Exploitability | EASY |
| Tags | pickle, deserialization |
| OWASP | N/A |
References
- https://blog.trailofbits.com/2021/03/15/never-a-dill-moment-exploiting-machine-learning-pickle-files/
- https://pytorch.org/docs/1.13/package.html#torch-package