codejupiter's picture
Upload folder using huggingface_hub
f37b2bf verified
|
Raw
History Blame Contribute Delete
689 Bytes
---
library_name: tensorflow
tags:
- security
- savedmodel
- modelscan
license: apache-2.0
---
# TensorFlow SavedModel WholeFileReaderV2 PoC
Security research proof-of-concept for a TensorFlow SavedModel that uses legacy reader ops to read a local file through normal serving-signature execution.
This model is intentionally benign:
* `serving_default` reads `/etc/hosts`.
* `read_file(filename)` reads the local file path provided as a string tensor.
The purpose is to demonstrate that ModelScan 0.8.8 reports no issues even though the SavedModel contains local file-read behavior implemented with `WholeFileReaderV2` and `ReaderReadV2`.
Do not load untrusted models in production.