A tool to load machine/deep learning models with security
Project description
A tool to load machine/deep learning models with security.
Many machine/deep learning libraries (PyTorch, Scikit-Learn and so on) save trained models solely based on Python pickle, while pickle is well known for its potential to execute malicious code when loading objects from untrusted sources.
This libary provides a secure tool to load pickled models by overriding the find_class method of standard python Unpickler class together with a series of global names -- whilelist. Only globals in the whilelist are allowed in loaded model objects, whereas the loading process interrupts when an untrusted global name is found to prevent any potential exploit.
This libary also provides utils to quickly update the global whilelist in case that the corresponding machine learning libraries are updated.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for model_unpickler-0.1-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 510f414a63219b6b0582434afc1247280850eb8e3ab0da4d9eb2ff0ad2c75559 |
|
| MD5 | dc90ee86ec7a97bf0950f703f910ad6a |
|
| BLAKE2b-256 | e1961cf9f73c5cce4b0ac5afb2df543c92f193f7cd09dffa4b9334b5ea6c808c |
