metadata
license: mit
tags:
- tensorflow
- savedmodel
- security-research
TF SavedModel Native Ops PoC
Security research — demonstrates arbitrary file write via native TensorFlow ops (tf.io.write_file) embedded in SavedModel graph.
DO NOT LOAD THIS MODEL IN PRODUCTION.
Vector
tf.io.write_fileis a native C++ kernel op- Embedded directly in the computation graph
- Invisible to Python-level security scanners
- Executes when model inference is called
Usage (for testing only)
import tensorflow as tf
model = tf.saved_model.load("./")
# Calling model triggers file write
result = model(tf.random.normal([1, 10]))