Jump to content

Connect Leeroopedia MCP: Equip your AI agents to search best practices, build plans, verify code, diagnose failures, and look up hyperparameter defaults.

Implementation:Trailofbits Fickling PyTorchModelWrapper Inject Payload

From Leeroopedia
Knowledge Sources
Domains Security_Research, Red_Team, Deserialization
Last Updated 2026-02-14 14:00 GMT

Overview

Concrete tool for injecting Python payloads into PyTorch model files for security research, provided by the Fickling library.

Description

PyTorchModelWrapper.inject_payload takes a payload string and writes a modified model file with the payload injected. It supports two modes: insertion (modifies pickle opcodes in-place via Pickled.insert_python_exec) and combination (wraps model in BaseInjection class via torch.save). The overwrite parameter optionally replaces the original file.

Usage

Use this for security research: creating test samples for scanner benchmarking, demonstrating attack vectors, or building adversarial datasets. Requires a valid PyTorchModelWrapper instance from a supported format.

Code Reference

Source Location

  • Repository: fickling
  • File: fickling/pytorch.py
  • Lines: L124-157

Signature

class PyTorchModelWrapper:
    def inject_payload(
        self,
        payload: str,
        output_path: Path,
        injection: str = "all",
        overwrite: bool = False
    ) -> None:
        """Inject a Python payload into the PyTorch model file.

        Args:
            payload: Python code string to inject.
            output_path: Path for the modified model file.
            injection: Mode - "insertion" (modify pickle opcodes)
                       or "combination" (wrap in BaseInjection class).
            overwrite: If True, replace the original file.
        """

Import

from fickling.pytorch import PyTorchModelWrapper

I/O Contract

Inputs

Name Type Required Description
payload str Yes Python code string to inject (e.g., "print('test')")
output_path Path Yes Destination path for the modified model file
injection str No Mode: "insertion" or "combination" (default: "all")
overwrite bool No Replace original file with modified one (default: False)

Outputs

Name Type Description
(return) None No return value
Side effect File Modified .pt file written to output_path

Usage Examples

Insertion Mode Injection

from pathlib import Path
from fickling.pytorch import PyTorchModelWrapper

wrapper = PyTorchModelWrapper(Path("model.pt"))

# Inject payload using opcode insertion
wrapper.inject_payload(
    payload="print('security test')",
    output_path=Path("model_injected.pt"),
    injection="insertion"
)

Combination Mode Injection

from pathlib import Path
from fickling.pytorch import PyTorchModelWrapper

wrapper = PyTorchModelWrapper(Path("model.pt"))

# Inject payload using model wrapping
wrapper.inject_payload(
    payload="print('security test')",
    output_path=Path("model_injected.pt"),
    injection="combination"
)

Related Pages

Implements Principle

Requires Environment

Uses Heuristic

Page Connections

Double-click a node to navigate. Hold to expand connections.
Principle
Implementation
Heuristic
Environment
Retrieved from "https://leeroopedia.com/index.php?title=Implementation:Trailofbits_Fickling_PyTorchModelWrapper_Inject_Payload&oldid=10412"