[Security] Fix HIGH vulnerability: V-003

[orbisai0security]

Security Fix

This PR addresses a HIGH severity vulnerability detected by our security scanner.

Security Impact Assessment

Aspect	Rating	Rationale
Impact	High	In PaddleOCR, exploiting this via MITM could allow attackers to tamper with downloaded OCR models, leading to poisoned models that produce incorrect or malicious text recognition results, potentially compromising applications like document processing or automated systems relying on accurate OCR output.
Likelihood	Medium	PaddleOCR is an open-source OCR tool often deployed in varied environments like servers or edge devices, where network traffic might occur over insecure connections; however, exploitation requires an attacker on the same network with motivation to intercept model downloads, which is not trivially common but feasible in public or enterprise networks.
Ease of Fix	Easy	Remediation involves updating the HTTP URLs to HTTPS in params.py, assuming the model servers support secure connections, requiring only a simple configuration change with minimal testing for download functionality.

Vulnerability Details

• Rule ID: V-003
• File: deploy/hubserving/ocr_system/params.py
• Description: The application's default configuration specifies model download URLs using unencrypted http://. This allows an attacker on the same network to intercept and modify the model files as they are being downloaded.

Changes Made

This automated fix addresses the vulnerability by applying security best practices.

Files Modified

• deploy/hubserving/ocr_system/params.py

Verification

This fix has been automatically verified through:

• ✅ Build verification
• ✅ Scanner re-scan
• ✅ LLM code review

🤖 This PR was automatically generated.

[CLAassistant]

All committers have signed the CLA.

[Bobholamovic]

Please sign the CLA

[paddle-bot[bot]]

Thanks for your contribution!