Add the option to disable insecure weight types

[oeway]

For serving models with the core library from a public server, we need to have an option to disable all the model weight types that uses source code (e.g. pytorch state dict and keras weights + source code). This is necessary to prevent running arbitrary script provided by the users. We can also do it form outside to maintain a list of insecure weights formats, but would be nice if the core library can already do this.

[constantinpape]

I am not sure what you mean by "disable" exactly, but I don't think that makes much sense here.

All inference in bioimageio.core is done via the prediction pipeline class, which is created via create_prediction_pipeline. You can specify the weight format to be used via weight_format (by default it takes the one with the highest precedence available for this model). So all you need to do is restrict the allowed weight formats in the code that is running prediction. See this code snippet for how to get the list of weight formats for the current model ordered by the preference (which is defined by the library). So you just need to remove the formats you don't want to support from weight_formats and then you can check whether the requested weight format is valid (if the user requests a specific one) or just go through the list of weight formats and pick the one with highest preference available in the model (if not specific format is requested).

[oeway]

I am not sure what you mean by "disable" exactly, but I don't think that makes much sense here.

Let's say if we call create_prediction_pipeline with disable_insecure_weights=True and weight_format=None, disable means you throw an error if no "safe" weights format is found.

I know we can implement this ourselves, but from the server or even some user who want higher security standard, we would like to just call the inference pipeline without implementing the weight selection logic (because otherwise we need to maintain that logic according to the spec), and the one won't necessary know if a certain weight format requires executing external scripts.

[constantinpape]

Let's say if we call create_prediction_pipeline with disable_insecure_weights=True and weight_format=None, disable means you throw an error if no "safe" weights format is found.

Ok, I think that would be fine as long as this defaults to False so that we keep the old default behaviour. If you want you can just make a PR to implement this.