From 46964ee15e86714a5fa72eaa70ba873ed2d83944 Mon Sep 17 00:00:00 2001 From: Petr Onderka Date: Fri, 22 May 2026 15:22:42 +0200 Subject: [PATCH] Add note to only load trusted models --- .../Builder/BuilderExtensions.cs | 10 +++++++ .../Model/ModelOperationsCatalog.cs | 4 +++ .../OnnxCatalog.cs | 30 +++++++++++++++++++ .../TensorflowCatalog.cs | 2 ++ 4 files changed, 46 insertions(+) diff --git a/src/Microsoft.Extensions.ML/Builder/BuilderExtensions.cs b/src/Microsoft.Extensions.ML/Builder/BuilderExtensions.cs index 45ededdb10..a311014ed9 100644 --- a/src/Microsoft.Extensions.ML/Builder/BuilderExtensions.cs +++ b/src/Microsoft.Extensions.ML/Builder/BuilderExtensions.cs @@ -20,6 +20,7 @@ public static class BuilderExtensions /// /// The updated . /// + /// Only add models from trusted sources. Adding models from untrusted sources is a security risk. public static PredictionEnginePoolBuilder FromUri( this PredictionEnginePoolBuilder builder, string uri) where TData : class @@ -41,6 +42,7 @@ public static PredictionEnginePoolBuilder FromUri /// The updated . /// + /// Only add models from trusted sources. Adding models from untrusted sources is a security risk. public static PredictionEnginePoolBuilder FromUri( this PredictionEnginePoolBuilder builder, string modelName, string uri) where TData : class @@ -62,6 +64,7 @@ public static PredictionEnginePoolBuilder FromUri /// The updated . /// + /// Only add models from trusted sources. Adding models from untrusted sources is a security risk. public static PredictionEnginePoolBuilder FromUri( this PredictionEnginePoolBuilder builder, string modelName, Uri uri) where TData : class where TPrediction : class, new() @@ -80,6 +83,7 @@ public static PredictionEnginePoolBuilder FromUri /// The updated . /// + /// Only add models from trusted sources. Adding models from untrusted sources is a security risk. public static PredictionEnginePoolBuilder FromUri( this PredictionEnginePoolBuilder builder, string uri, TimeSpan period) where TData : class where TPrediction : class, new() @@ -103,6 +107,7 @@ public static PredictionEnginePoolBuilder FromUri /// The updated . /// + /// Only add models from trusted sources. Adding models from untrusted sources is a security risk. public static PredictionEnginePoolBuilder FromUri( this PredictionEnginePoolBuilder builder, string modelName, string uri, TimeSpan period) where TData : class @@ -127,6 +132,7 @@ public static PredictionEnginePoolBuilder FromUri /// The updated . /// + /// Only add models from trusted sources. Adding models from untrusted sources is a security risk. public static PredictionEnginePoolBuilder FromUri( this PredictionEnginePoolBuilder builder, string modelName, Uri uri, TimeSpan period) where TData : class @@ -150,6 +156,7 @@ public static PredictionEnginePoolBuilder FromUri /// The updated . /// + /// Only add models from trusted sources. Adding models from untrusted sources is a security risk. public static PredictionEnginePoolBuilder FromFile( this PredictionEnginePoolBuilder builder, string filePath) where TData : class @@ -169,6 +176,7 @@ public static PredictionEnginePoolBuilder FromFile /// The updated . /// + /// Only add models from trusted sources. Adding models from untrusted sources is a security risk. public static PredictionEnginePoolBuilder FromFile( this PredictionEnginePoolBuilder builder, string filePath, bool watchForChanges) where TData : class @@ -190,6 +198,7 @@ public static PredictionEnginePoolBuilder FromFile /// The updated . /// + /// Only add models from trusted sources. Adding models from untrusted sources is a security risk. public static PredictionEnginePoolBuilder FromFile( this PredictionEnginePoolBuilder builder, string modelName, string filePath) where TData : class @@ -214,6 +223,7 @@ public static PredictionEnginePoolBuilder FromFile /// The updated . /// + /// Only add models from trusted sources. Adding models from untrusted sources is a security risk. public static PredictionEnginePoolBuilder FromFile( this PredictionEnginePoolBuilder builder, string modelName, string filePath, bool watchForChanges) where TData : class diff --git a/src/Microsoft.ML.Data/Model/ModelOperationsCatalog.cs b/src/Microsoft.ML.Data/Model/ModelOperationsCatalog.cs index 26f13c71b8..6c098890fd 100644 --- a/src/Microsoft.ML.Data/Model/ModelOperationsCatalog.cs +++ b/src/Microsoft.ML.Data/Model/ModelOperationsCatalog.cs @@ -142,6 +142,7 @@ private void SaveInputSchema(DataViewSchema inputSchema, RepositoryWriter rep) /// Will contain the input schema for the model. If the model was saved without /// any description of the input, there will be no input schema. In this case this can be . /// The loaded model. + /// Only load models from trusted sources. Loading models from untrusted sources is a security risk. /// /// /// Will contain the input schema for the model. If the model was saved without /// any description of the input, there will be no input schema. In this case this can be . /// The loaded model. + /// Only load models from trusted sources. Loading models from untrusted sources is a security risk. /// /// /// loader) /// this method will throw an exception. The scenario where no loader is stored in the stream should /// be handled instead using the method. /// The transformer model from the model stream. + /// Only load models from trusted sources. Loading models from untrusted sources is a security risk. public ITransformer LoadWithDataLoader(Stream stream, out IDataLoader loader) { _env.CheckValue(stream, nameof(stream)); @@ -283,6 +286,7 @@ public ITransformer LoadWithDataLoader(Stream stream, out IDataLoader method. /// The transformer model from the model file. + /// Only load models from trusted sources. Loading models from untrusted sources is a security risk. public ITransformer LoadWithDataLoader(string filePath, out IDataLoader loader) { _env.CheckNonEmpty(filePath, nameof(filePath)); diff --git a/src/Microsoft.ML.OnnxTransformer/OnnxCatalog.cs b/src/Microsoft.ML.OnnxTransformer/OnnxCatalog.cs index 210e13e849..8728c0584c 100644 --- a/src/Microsoft.ML.OnnxTransformer/OnnxCatalog.cs +++ b/src/Microsoft.ML.OnnxTransformer/OnnxCatalog.cs @@ -23,6 +23,8 @@ public static class OnnxCatalog /// The name/type of input columns must exactly match name/type of the ONNX model inputs. /// The name/type of the produced output columns will match name/type of the ONNX model outputs. /// If the gpuDeviceId value is the value will be used if it is not . + /// + /// Only apply models from trusted sources. Applying models from untrusted sources is a security risk. /// /// The transform's catalog. /// The path of the file containing the ONNX model. @@ -51,6 +53,8 @@ public static OnnxScoringEstimator ApplyOnnxModel(this TransformsCatalog catalog /// The name/type of input columns must exactly match name/type of the ONNX model inputs. /// The name/type of the produced output columns will match name/type of the ONNX model outputs. /// If the gpuDeviceId value is the value will be used if it is not . + /// + /// Only apply models from trusted sources. Applying models from untrusted sources is a security risk. /// /// The transform's catalog. /// The containing the model bytes. @@ -79,6 +83,8 @@ public static OnnxScoringEstimator ApplyOnnxModel(this TransformsCatalog catalog /// The name/type of input columns must exactly match name/type of the ONNX model inputs. /// The name/type of the produced output columns will match name/type of the ONNX model outputs. /// If the gpuDeviceId value is the value will be used if it is not . + /// + /// Only apply models from trusted sources. Applying models from untrusted sources is a security risk. /// /// The transform's catalog. /// The path of the file containing the ONNX model. @@ -115,6 +121,8 @@ public static OnnxScoringEstimator ApplyOnnxModel(this TransformsCatalog catalog /// The name/type of input columns must exactly match name/type of the ONNX model inputs. /// The name/type of the produced output columns will match name/type of the ONNX model outputs. /// If the gpuDeviceId value is the value will be used if it is not . + /// + /// Only apply models from trusted sources. Applying models from untrusted sources is a security risk. /// /// The transform's catalog. /// The containing the model bytes. @@ -154,6 +162,8 @@ public static OnnxScoringEstimator ApplyOnnxModel(this TransformsCatalog catalog /// If GPU error, raise exception or fallback to CPU. /// /// If the gpuDeviceId value is the value will be used if it is not . + /// + /// Only apply models from trusted sources. Applying models from untrusted sources is a security risk. /// /// /// @@ -186,6 +196,8 @@ public static OnnxScoringEstimator ApplyOnnxModel(this TransformsCatalog catalog /// If GPU error, raise exception or fallback to CPU. /// /// If the gpuDeviceId value is the value will be used if it is not . + /// + /// Only apply models from trusted sources. Applying models from untrusted sources is a security risk. /// /// /// @@ -212,6 +224,8 @@ public static OnnxScoringEstimator ApplyOnnxModel(this TransformsCatalog catalog /// /// /// If the options.GpuDeviceId value is the value will be used if it is not . + /// + /// Only apply models from trusted sources. Applying models from untrusted sources is a security risk. /// /// The transform's catalog. /// Options for the . @@ -239,6 +253,8 @@ public static OnnxScoringEstimator ApplyOnnxModel(this TransformsCatalog catalog /// If GPU error, raise exception or fallback to CPU. /// /// If the gpuDeviceId value is the value will be used if it is not . + /// + /// Only apply models from trusted sources. Applying models from untrusted sources is a security risk. /// /// /// @@ -277,6 +293,8 @@ public static OnnxScoringEstimator ApplyOnnxModel(this TransformsCatalog catalog /// If GPU error, raise exception or fallback to CPU. /// /// If the gpuDeviceId value is the value will be used if it is not . + /// + /// Only apply models from trusted sources. Applying models from untrusted sources is a security risk. /// /// /// @@ -311,6 +329,8 @@ public static OnnxScoringEstimator ApplyOnnxModel(this TransformsCatalog catalog /// If GPU error, raise exception or fallback to CPU. /// /// If the gpuDeviceId value is the value will be used if it is not . + /// + /// Only apply models from trusted sources. Applying models from untrusted sources is a security risk. /// public static OnnxScoringEstimator ApplyOnnxModel(this TransformsCatalog catalog, string[] outputColumnNames, @@ -336,6 +356,8 @@ public static OnnxScoringEstimator ApplyOnnxModel(this TransformsCatalog catalog /// If GPU error, raise exception or fallback to CPU. /// /// If the gpuDeviceId value is the value will be used if it is not . + /// + /// Only apply models from trusted sources. Applying models from untrusted sources is a security risk. /// public static OnnxScoringEstimator ApplyOnnxModel(this TransformsCatalog catalog, string[] outputColumnNames, @@ -365,6 +387,8 @@ public static OnnxScoringEstimator ApplyOnnxModel(this TransformsCatalog catalog /// If GPU error, raise exception or fallback to CPU. /// /// If the gpuDeviceId value is the value will be used if it is not . + /// + /// Only apply models from trusted sources. Applying models from untrusted sources is a security risk. /// public static OnnxScoringEstimator ApplyOnnxModel(this TransformsCatalog catalog, string[] outputColumnNames, @@ -395,6 +419,8 @@ public static OnnxScoringEstimator ApplyOnnxModel(this TransformsCatalog catalog /// If GPU error, raise exception or fallback to CPU. /// /// If the gpuDeviceId value is the value will be used if it is not . + /// + /// Only apply models from trusted sources. Applying models from untrusted sources is a security risk. /// public static OnnxScoringEstimator ApplyOnnxModel(this TransformsCatalog catalog, string[] outputColumnNames, @@ -426,6 +452,8 @@ public static OnnxScoringEstimator ApplyOnnxModel(this TransformsCatalog catalog /// Optional, specifies the Protobuf CodedInputStream recursion limit. Default value is 100. /// /// If the gpuDeviceId value is the value will be used if it is not . + /// + /// Only apply models from trusted sources. Applying models from untrusted sources is a security risk. /// public static OnnxScoringEstimator ApplyOnnxModel(this TransformsCatalog catalog, string[] outputColumnNames, @@ -458,6 +486,8 @@ public static OnnxScoringEstimator ApplyOnnxModel(this TransformsCatalog catalog /// Optional, specifies the Protobuf CodedInputStream recursion limit. Default value is 100. /// /// If the gpuDeviceId value is the value will be used if it is not . + /// + /// Only apply models from trusted sources. Applying models from untrusted sources is a security risk. /// public static OnnxScoringEstimator ApplyOnnxModel(this TransformsCatalog catalog, string[] outputColumnNames, diff --git a/src/Microsoft.ML.TensorFlow/TensorflowCatalog.cs b/src/Microsoft.ML.TensorFlow/TensorflowCatalog.cs index 372d4b1029..78790cdfbd 100644 --- a/src/Microsoft.ML.TensorFlow/TensorflowCatalog.cs +++ b/src/Microsoft.ML.TensorFlow/TensorflowCatalog.cs @@ -26,6 +26,7 @@ public static class TensorflowCatalog /// /// The transform's catalog. /// Location of the TensorFlow model. + /// Only load models from trusted sources. Loading models from untrusted sources is a security risk. /// /// /// The transform's catalog. /// Location of the TensorFlow model. /// If the first dimension of the output is unknown, should it be treated as batched or not. + /// Only load models from trusted sources. Loading models from untrusted sources is a security risk. /// /// ///