Hugging Face's logo

Namdn
/
tf-savedmodel-native-ops-poc

TF-Keras
tensorflow
savedmodel
security-research
Model card Files
xet
 Community

You need to agree to share your contact information to access this model

This repository is publicly accessible, but you have to accept the conditions to access its files and content.

Log in or Sign Up to review the conditions and access this model content.

TF SavedModel Native Ops PoC

Security research — demonstrates arbitrary file write via native TensorFlow ops (tf.io.write_file) embedded in SavedModel graph.

DO NOT LOAD THIS MODEL IN PRODUCTION.

Vector

  • tf.io.write_file is a native C++ kernel op
  • Embedded directly in the computation graph
  • Invisible to Python-level security scanners
  • Executes when model inference is called

Usage (for testing only) 

import tensorflow as tf
model = tf.saved_model.load("./")
# Calling model triggers file write
result = model(tf.random.normal([1, 10]))
Downloads last month
38
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support