Safer loading
See original GitHub issueHi! I was just studying chainer’s serialization/deserialization.
Very good job, but to make numpy loading safe one minor change needed:
from chainer.serializers import NpzDeserializer
def load_npz(file, obj, path='', strict=True):
with numpy.load(file, allow_pickle=False) as f:
d = NpzDeserializer(f, path=path, strict=strict)
d.load(obj)
Please notice allow_pickle=False
. By default, numpy.load
allows using pickle, which can execute any code (pickle is very unsafe, that’s why can’t be used to share models, you probably know it).
I’ve checked that in my case this fix doesn’t break already saved models, so probably it is a good solution.
Issue Analytics
- State:
- Created 5 years ago
- Comments:8 (3 by maintainers)
Top Results From Across the Web
Company Snapshot LOADING USA LLC - SAFER Web
SAFER Layout. Entity Type: CARRIER. Operating Status: AUTHORIZED FOR Property, Out of Service Date: None. Legal Name: LOADING USA LLC.
Read more >Secure Your Load - Washington State Department of Ecology
Secure your load for safer roads · Tips for secure loads · Questions to ask yourself · Spread the word · Call 911...
Read more >4 Tips for Safer Loading Docks - AM Davis Inc.
A thorough inspection of your trailer restraint system should be completed, to be sure that (chocks, bumpers, locks etc…) are all in good...
Read more >Use Stokes Equipment to Create Safer Loading Docks
Fortunately, Stokes Equipment offers some excellent systems designed to create more secure loading dock and warehousing environments.
Read more >Secure your load for safer roads! - King County
Unsecured loads arriving at County transfer facilities or the landfill will be charged a $25 fee · Secured load laws · What is...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
The safety has become the default of NumPy >= 1.16.3. https://github.com/numpy/numpy/releases/tag/v1.16.3
Closing since it was already fixed on numpy side. (thanks to @toslunar for pointing this)