Environment:Trailofbits Fickling PyTorch

Knowledge Sources	Fickling pyproject.toml PyTorch
Domains	Security, Deep_Learning, Infrastructure
Last Updated	2026-02-14 13:00 GMT

Overview

Python 3.10+ environment with PyTorch >= 2.1.0, torchvision >= 0.24.1, and NumPy for PyTorch model wrapping, payload injection, format identification, and polyglot creation.

Description

This environment extends the base Python runtime with PyTorch and its dependencies. It is required for fickling's pytorch and polyglot modules, which handle PyTorch model file manipulation. PyTorch is an optional dependency of fickling, installed via the `[torch]` extra. The environment includes `torch` for model serialization, `torchvision` for model architectures in examples, and `numpy` for NumPy array format detection in polyglot analysis.

Usage

Use this environment when working with PyTorch model files: wrapping models with `PyTorchModelWrapper`, injecting payloads into `.pth`/`.pt` files, identifying PyTorch file formats, detecting polyglot conditions, or creating polyglot test files. It is not required for core pickle analysis, decompilation, or safety checks on non-PyTorch pickle files.

System Requirements

Category	Requirement	Notes
OS	Any (Linux, macOS, Windows)	Linux recommended for PyTorch
Hardware	Standard CPU	GPU optional; not required by fickling itself
Disk	~2GB	PyTorch package is large
Python	>= 3.10	Required by fickling

Dependencies

System Packages

Python >= 3.10

Python Packages

`fickling` (base package)
`torch` >= 2.1.0
`torchvision` >= 0.24.1
`numpy` >= 2.2.6, < 2.3 (Python 3.10)
`numpy` >= 2.3.5 (Python >= 3.11)

Credentials

No credentials are required for fickling's PyTorch functionality.

Quick Install

# Install fickling with PyTorch support
pip install fickling[torch]

# Or with uv
uv pip install fickling[torch]

Code Evidence

PyTorch optional dependency check from `fickling/pytorch.py:11-18`:

try:
    import torch
except ModuleNotFoundError:
    raise ImportError(
        "The 'torch' module is required for this functionality."
        "PyTorch is now an optional dependency in Fickling."
        "Please use `pip install fickling[torch]`"
    )

PyTorch import guard in `fickling/polyglot.py:32-39`:

try:
    from torch.serialization import _is_zipfile
except ModuleNotFoundError:
    raise ImportError(
        "The 'torch' module is required for this functionality."
        "PyTorch is now an optional dependency in Fickling."
        "Please use `pip install fickling[torch]`"
    )

Version constraints from `pyproject.toml:30-36`:

[project.optional-dependencies]
torch = [
    "torch >= 2.1.0",
    "torchvision >= 0.24.1",
    "numpy >= 2.2.6, < 2.3; python_version == '3.10'",
    "numpy >= 2.3.5; python_version >= '3.11'",
]

NumPy usage for format detection in `fickling/polyglot.py:9`:

import numpy.lib.format as npformat

Common Errors

Error Message	Cause	Solution
`ImportError: The 'torch' module is required for this functionality.`	PyTorch not installed	`pip install fickling[torch]`
`ModuleNotFoundError: No module named 'torch'`	PyTorch not installed	`pip install fickling[torch]`
`ModuleNotFoundError: No module named 'torchvision'`	torchvision not installed	`pip install fickling[torch]`
`ValueError: This file has not been identified as a PyTorch file.`	File is not a PyTorch format	Use `force=True` to attempt anyway, or check the file format

Compatibility Notes

PyTorch >= 2.1.0: Minimum version; older PyTorch versions may lack `torch.serialization._is_zipfile`
NumPy version pinning: Different NumPy versions required for Python 3.10 vs 3.11+ due to API compatibility
GPU not required: Fickling uses PyTorch only for serialization/deserialization, not computation
PyTorch file formats: Supports PyTorch v0.1.1, v0.1.10, v1.3, TorchScript v1.0/v1.1/v1.3/v1.4, and Model Archive Format

Related Pages

Page Connections

Double-click a node to navigate. Hold to expand connections.

Principle

Implementation

Heuristic

Environment