Insecure Deserialization in PyTorch

Description

Functions reliant on pickle can result in arbitrary code execution. Consider loading from `state_dict`, using fickling, or switching to a safer serialization method like ONNX

Examples

Insecure Code

python

torch.save(model)
torch.load('model.pkl')

Secure Code

python

torch.save(model.state_dict(), 'model.pth')
model.load_state_dict(torch.load('model.pth'))

Remediation

Use `state_dict` to load models or switch to a safer serialization method like ONNX

Rule Details

Field	Value
ID	CODE-0800
Category	Deserialization
Severity	CRITICAL
CWE	CWE-502
Confidence	MEDIUM
Impact	HIGH
Likelihood	MEDIUM
Exploitability	EASY
Tags	pickle, deserialization
OWASP	N/A

References

https://blog.trailofbits.com/2021/03/15/never-a-dill-moment-exploiting-machine-learning-pickle-files/

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

Insecure Deserialization in PyTorch

Description

Examples

Insecure Code

Secure Code

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

Insecure Deserialization in PyTorch ​

Description ​

Examples ​

Insecure Code ​

Secure Code ​

Remediation ​

Rule Details ​

References ​

Insecure Deserialization in PyTorch

Description

Examples

Insecure Code

Secure Code

Remediation

Rule Details

References