Create rule S6985

rules/S6985/metadata.json

@@ -0,0 +1,2 @@
+{
+}

rules/S6985/python/metadata.json

@@ -0,0 +1,25 @@
+{
+  "title": "Usage of \"torch.load\" can lead to untrusted code execution",
+  "type": "SECURITY_HOTSPOT",
+  "status": "ready",
+  "remediation": {
+    "func": "Constant\/Issue",
+    "constantCost": "15min"
+  },
+  "tags": [
+    "pytorch",
+    "machine-learning"
+  ],
+  "defaultSeverity": "Major",
+  "ruleSpecification": "RSPEC-6985",
+  "sqKey": "S6985",
+  "scope": "All",
+  "defaultQualityProfiles": ["Sonar way"],
+  "quickfix": "infeasible",
+  "code": {
+    "impacts": {
+      "SECURITY": "HIGH"
+    },
+    "attribute": "CONVENTIONAL"
+  }
+}

rules/S6985/python/rule.adoc

@@ -0,0 +1,35 @@
+This rule raises an issue when `pytorch.load` is used to load a model.
+
+== Why is this an issue?
+
+Under the hood, `torch.load` uses the `pickle` library to load the model and the weights. 
+If the model comes from an untrusted source, an attacker could inject a malicious payload which would be executed during the deserialization.
+
+== How to fix it
+Use a safer alternative to load the model, such as `safetensors.torch.load_model`.
+=== Code examples
+
+==== Noncompliant code example
+
+[source,python,diff-id=1,diff-type=noncompliant]
+----
+import torch
+
+model = torch.load('model.pth') # Noncompliant: torch.load is used to load the model
+----
+
+==== Compliant solution
+
+[source,python,diff-id=1,diff-type=compliant]
+----
+import torch
+import safetensors
+
+model = MyModel()
+safetensors.torch.load_model(model, 'model.pth')
+----
+
+== Resources
+=== Documentation
+
+* Pytorch documentation: https://pytorch.org/tutorials/beginner/saving_loading_models.html#save-load-entire-model[Save/Load Entire Model]