pdstools.infinity.resources.prediction_studio.model_security¶
Lightweight security helpers for Pega ONNX models.
Provides:
- Extensible allow-list validation for pegaMetadata keys.
- Size-limit checks (predictor count, possible values, string length).
- SHA-256 hashing / verification of model files.
Usage¶
>>> from pdstools.infinity.resources.prediction_studio.model_security import (
... ModelSecurityValidator,
... compute_model_hash,
... verify_model_hash,
... )
>>> validator = ModelSecurityValidator()
>>> result = validator.validate_metadata(metadata_dict)
Attributes¶
Classes¶
Simple validation result container. |
|
Validate |
Functions¶
|
Compute the SHA-256 hex digest of an ONNX model file. |
|
Return |
Module Contents¶
- logger¶
- class SecurityResult¶
Simple validation result container.
- class ModelSecurityValidator(extra_allowed_keys: set[str] | None = None)¶
Validate
pegaMetadatadictionaries against an extensible allow-list.- Parameters:
extra_allowed_keys (set[str] | None) – Additional top-level pegaMetadata keys to accept.
- allowed_keys¶
- validate_metadata(metadata: dict[str, Any]) SecurityResult¶
Check metadata against the allow-list and size limits.
- Parameters:
- Return type:
- sanitize_metadata(metadata: dict[str, Any]) dict[str, Any]¶
Return a copy of metadata with only allowed keys retained.
- static _check_string_lengths(data: Any, result: SecurityResult, path: str = '') None¶
- Parameters:
data (Any)
result (SecurityResult)
path (str)
- Return type:
None
- compute_model_hash(model_path: str | pathlib.Path) str¶
Compute the SHA-256 hex digest of an ONNX model file.
- Parameters:
model_path (str | pathlib.Path)
- Return type:
- verify_model_hash(model_path: str | pathlib.Path, expected_hash: str) bool¶
Return
Trueif the file’s SHA-256 matches expected_hash.- Parameters:
model_path (str | pathlib.Path)
expected_hash (str)
- Return type: