docs: add warning to PickleSerializable and ParallelLocalRunner

tinkoff-ai · Aug 7, 2023 · 1d86a54 · 1d86a54
1 parent be92d11
commit 1d86a54
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 1 deletion.
diff --git a/etna/auto/runner/local.py b/etna/auto/runner/local.py
@@ -29,6 +29,10 @@ class ParallelLocalRunner(AbstractRunner):
     Global objects behavior could be different while parallel usage because platform dependent new process start.
     Be sure that new process is started with ``fork`` via ``multiprocessing.set_start_method``.
     If it's not possible you should try define all globals before ``if __name__ == "__main__"`` scope.
+
+    Warning
+    -------
+    This class uses :py:mod:`dill` module during serialization which might be not secure.
     """
 
     def __init__(

diff --git a/etna/experimental/classification/base.py b/etna/experimental/classification/base.py
@@ -11,7 +11,14 @@ def dump(self, path: str, *args, **kwargs):
 
     @staticmethod
     def load(path: str, *args, **kwargs):
-        """Load the object."""
+        """Load the object.
+
+        Warning
+        -------
+        This method uses :py:mod:`dill` module which is not secure.
+        It is possible to construct malicious data which will execute arbitrary code during loading.
+        Never load data that could have come from an untrusted source, or that could have been tampered with.
+        """
         with open(path, "rb") as file:
             clf = pickle.load(file, *args, **kwargs)
         return clf