spaCy use of "pickle"? #13368

hpcpony · 2024-03-06T20:39:24Z

hpcpony
Mar 6, 2024

Does anything in spaCy make use of pickle-ing? I'm mostly curious about the security implications regarding loading models. From what I've seen in the code (ala thinc) there is no pickle-ing (it seems to use something called msgpack), but I'd be curious for a more definitive answer.

Answered by honnibal

Mar 13, 2024

When you call spacy.load(package_name), you're loading a package you downloaded previously, and so this can execute code (it's the same as importing it).

If you call the Language.from_disk() or Language.from_bytes() methods, that's not supposed to execute code. You can distribute binary models to a service and that service won't execute arbitrary things.

Within the spacy.load() method, you'll also only execute code that's in installed modules. So you can audit the code that's to be executed --- it will be things in your installed packages, not some new code that's hiding in the binary.

View full answer

honnibal · 2024-03-13T14:29:10Z

honnibal
Mar 13, 2024
Maintainer

When you call spacy.load(package_name), you're loading a package you downloaded previously, and so this can execute code (it's the same as importing it).

If you call the Language.from_disk() or Language.from_bytes() methods, that's not supposed to execute code. You can distribute binary models to a service and that service won't execute arbitrary things.

Within the spacy.load() method, you'll also only execute code that's in installed modules. So you can audit the code that's to be executed --- it will be things in your installed packages, not some new code that's hiding in the binary.

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

spaCy use of "pickle"? #13368

{{title}}

Replies: 1 comment

{{title}}

Select a reply

spaCy use of "pickle"? #13368

hpcpony Mar 6, 2024

Replies: 1 comment

honnibal Mar 13, 2024 Maintainer

hpcpony
Mar 6, 2024

honnibal
Mar 13, 2024
Maintainer