Disable torch.load in TorchModuleWrapper when in safe mode.

[hertschuh]

Raise an exception and explain the user about the risks.

[gemini-code-assist]

Summary of Changes

Hello @hertschuh, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request enhances the security of TorchModuleWrapper by preventing the deserialization of torch.nn.Module objects via torch.load() when Keras is operating in safe mode. This change mitigates potential arbitrary code execution risks associated with loading untrusted serialized PyTorch modules, providing users with a clear error message and guidance on how to proceed if they trust the source.

Highlights

• Enhanced Security for TorchModuleWrapper: Introduced a check within TorchModuleWrapper.from_config to prevent torch.load() operations when Keras's in_safe_mode() is active.
• Clear Error Messaging: When torch.load() is blocked in safe mode, a ValueError is raised, informing the user about the security risks (arbitrary code execution) and providing instructions on how to disable safe mode for deserialization if the source is trusted.
• Comprehensive Test Coverage: Updated the torch_utils_test.py to include parameterized tests for test_save_load, verifying both the expected ValueError in safe mode and successful model loading in unsafe mode.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point in your pull request via creating an issue comment (i.e. comment on the pull request page) using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in issue comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces a security enhancement by disabling torch.load in TorchModuleWrapper when Keras is operating in safe mode. This is a crucial change as torch.load can execute arbitrary code, posing a security risk. The implementation correctly raises a ValueError with a clear and informative message that explains the risk and provides guidance on how to proceed if the user trusts the model source. The accompanying test has been updated to be parameterized, thoroughly covering both safe and unsafe loading scenarios to ensure the new behavior is correct and doesn't introduce regressions. The changes are well-implemented and improve the security of the library.

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 82.75%. Comparing base (cd7ec31) to head (ae26522).
⚠️ Report is 1 commits behind head on master.

Additional details and impacted files

@@           Coverage Diff           @@
##           master   #21575   +/-   ##
=======================================
  Coverage   82.75%   82.75%           
=======================================
  Files         567      567           
  Lines       56528    56531    +3     
  Branches     8823     8824    +1     
=======================================
+ Hits        46782    46785    +3     
  Misses       7585     7585           
  Partials     2161     2161           

Flag	Coverage Δ
keras	82.56% <100.00%> (+<0.01%)	⬆️
keras-jax	63.77% <33.33%> (-0.01%)	⬇️
keras-numpy	58.29% <33.33%> (-0.01%)	⬇️
keras-openvino	34.66% <33.33%> (-0.01%)	⬇️
keras-tensorflow	64.21% <33.33%> (-0.01%)	⬇️
keras-torch	63.82% <100.00%> (+<0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[fchollet]

LGTM, thank you!