Update security documentation to include security scanning tools (#3084)

* Update security documentation to include security scanning tools * Add details about address configuration in SECURITY.md * Fix spellcheck
pytorch · Apr 17, 2024 · 953f252 · 953f252
1 parent d654750
commit 953f252
Show file tree

Hide file tree

Showing 3 changed files with 27 additions and 8 deletions.
diff --git a/README.md b/README.md
@@ -103,6 +103,9 @@ Refer to [torchserve docker](docker/README.md) for details.
 
 For [more examples](examples/README.md)
 
+## 🛡️ TorchServe Security Policy
+[SECURITY.md](SECURITY.md)
+
 ## 🤓 Learn More
 https://pytorch.org/serve
 

diff --git a/SECURITY.md b/SECURITY.md
@@ -20,22 +20,33 @@ TorchServe as much as possible relies on automated tools to do security scanning
     1. HTTP - `8080`, `8081`, `8082`
     2. gRPC - `7070`, `7071`
 
-    These ports are accessible to `localhost` by default.  The address can be configured by following the [guide](https://pytorch.org/serve/configuration.html#configure-torchserve-listening-address-and-port)
-    TorchServe does not prevent users from configuring the address to be `0.0.0.0`. Please be aware of the security risks if you use `0.0.0.0`
-2. TorchServe's Docker image is configured to expose the ports `8080`, `8081`, `8082`, `7070`, `7071` to the host by [default](https://github.com/pytorch/serve/blob/master/docker/Dockerfile). When these ports are mapped to the host, make sure to use `localhost` or a specific ip address.
+    These ports are accessible to `localhost` by default.  The addresses can be configured by following the guides for
+    [HTTP](https://github.com/pytorch/serve/blob/master/docs/configuration.md#configure-torchserve-listening-address-and-port) and
+    [gRPC](https://github.com/pytorch/serve/blob/master/docs/configuration.md#configure-torchserve-grpc-listening-addresses-and-ports).
+    TorchServe does not prevent users from configuring the address to be any value, including the wildcard address `0.0.0.0`.
+    Please be aware of the security risks of configuring the address to be `0.0.0.0`, this will give all addresses(including publicly accessible addresses, if any)
+    on the host, access to the TorchServer endpoints listening on the ports shown above.
+2. TorchServe's Docker image is configured to expose the ports `8080`, `8081`, `8082`, `7070`, `7071` to the host by [default](https://github.com/pytorch/serve/blob/master/docker/Dockerfile). When starting the container,
+   make sure to map the ports exposed by the container to `localhost` ports or a specific IP address as shown in this [security guideline](https://github.com/pytorch/serve/blob/master/docker/README.md#security-guideline).
 
 3. Be sure to validate the authenticity of the `.mar` file being used with TorchServe.
-    1. A `.mar` file being downloaded from the internet from an untrustworthy source may have malicious code, compromising the integrity of your application
-    2. TorchServe executes arbitrary python code packaged in the `mar` file. Make sure that you've either audited that the code you're using is safe and/or is from a source that you trust
-4. By default TorchServe allows you to register models from all URLs. Make sure to set `allowed_urls` parameter in config.properties to restrict this. You can find more details in the [configuration guide](https://pytorch.org/serve/configuration.html#other-properties)
-    - `use_env_allowed_urls=true` is required in config.properties to read `allowed_urls` from environment variable
+    1. A `.mar` file being downloaded from the internet from an untrustworthy source may have malicious code, compromising the integrity of your application.
+    2. TorchServe executes arbitrary python code packaged in the `mar` file. Make sure that you've either audited that the code you're using is safe and/or is from a source that you trust.
+    3. Torchserve supports custom [plugins](https://github.com/pytorch/serve/tree/master/plugins) and [handlers](https://github.com/pytorch/serve/blob/master/docs/custom_service.md).
+       These can be utilized to extend TorchServe functionality to perform runtime security scanning using tools such as:
+        - Clamd: https://pypi.org/project/clamd/
+        - VirusTotal: https://virustotal.github.io/vt-py/
+        - Fickling: https://github.com/trailofbits/fickling
+    4. Running Torchserve inside a container environment and loading an untrusted `.mar` file does not guarantee isolation from a security perspective.
+4. By default TorchServe allows you to register models from all URLs. Make sure to set `allowed_urls` parameter in config.properties to restrict this. You can find more details in the [configuration guide](https://pytorch.org/serve/configuration.html#other-properties).
+    - `use_env_allowed_urls=true` is required in config.properties to read `allowed_urls` from environment variable.
 5. Enable SSL:
 
     TorchServe supports two ways to configure SSL:
     1. Using a keystore
     2. Using private-key/certificate files
 
-    You can find more details in the [configuration guide](https://pytorch.org/serve/configuration.html#enable-ssl)
+    You can find more details in the [configuration guide](https://pytorch.org/serve/configuration.html#enable-ssl).
 6. Prepare your model against bad inputs and prompt injections. Some recommendations:
     1. Pre-analysis: check how the model performs by default when exposed to prompt injection (e.g. using [fuzzing for prompt injection](https://github.com/FonduAI/awesome-prompt-injection?tab=readme-ov-file#tools)).
     2. Input Sanitation: Before feeding data to the model, sanitize inputs rigorously. This involves techniques such as:

diff --git a/ts_scripts/spellcheck_conf/wordlist.txt b/ts_scripts/spellcheck_conf/wordlist.txt
@@ -1218,3 +1218,8 @@ venv
 TorchInductor
 Pytests
 deviceType
+Clamd
+Fickling
+TorchServer
+VirusTotal
+untrusted