Arbitrary Code Execution via Custom Operator Libraries
Description
Loading custom operator libraries can result in arbitrary code execution. The ONNX library allows registering custom operator libraries, which can lead to potential security vulnerabilities if not properly validated.
Examples
Insecure Code
python
SESSION = onnxruntime.SessionOptions()
SESSION.register_custom_ops_library('custom_op_library')Secure Code
python
SESSION = onnxruntime.SessionOptions()
# Validate and sanitize custom operator library before registration
validated_library = validate_custom_op_library('custom_op_library')
SESSION.register_custom_ops_library(validated_library)Remediation
Validate and sanitize custom operator libraries before registering them with the ONNX session.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0756 |
| Category | Injection |
| Severity | CRITICAL |
| CWE | CWE-676 |
| Confidence | MEDIUM |
| Impact | HIGH |
| Likelihood | MEDIUM |
| Exploitability | MODERATE |
| Tags | onnx, custom-operators, arbitrary-code-execution |
| OWASP | N/A |