Add warning about using pickle during loading

CHANGELOG.md

@@ -22,6 +22,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Unify errors, warnings and checks in models ([#1312](https://github.com/tinkoff-ai/etna/pull/1312))
 - Remove upper limitation on version of numba ([#1321](https://github.com/tinkoff-ai/etna/pull/1321))
 - Optimize `TSDataset.describe` and `TSDataset.info` by vectorization ([#1344](https://github.com/tinkoff-ai/etna/pull/1344))
+- Add documentation warning about using dill during loading ([#1346](https://github.com/tinkoff-ai/etna/pull/1346))
 
 ### Fixed
 - Pipeline ensembles fail in `etna forecast` CLI ([#1331](https://github.com/tinkoff-ai/etna/pull/1331))

docs/source/conf.py

@@ -80,6 +80,10 @@
 autodoc_typehints_description_target = "all"
 add_module_names = False
 
+autodoc_default_options = {
+    "inherited-members": True,
+}
+
 # Add any paths that contain templates here, relative to this directory.
 templates_path = ["_templates"]
 

etna/auto/runner/local.py

@@ -29,6 +29,10 @@ class ParallelLocalRunner(AbstractRunner):
     Global objects behavior could be different while parallel usage because platform dependent new process start.
     Be sure that new process is started with ``fork`` via ``multiprocessing.set_start_method``.
     If it's not possible you should try define all globals before ``if __name__ == "__main__"`` scope.
+
+    Warning
+    -------
+    This class uses :py:mod:`dill` module during serialization which might be not secure.
     """
 
     def __init__(

etna/core/mixins.py

@@ -276,6 +276,12 @@ def _load_state(cls, archive: zipfile.ZipFile) -> Self:
     def load(cls, path: pathlib.Path) -> Self:
         """Load an object.
 
+        Warning
+        -------
+        This method uses :py:mod:`dill` module which is not secure.
+        It is possible to construct malicious data which will execute arbitrary code during loading.
+        Never load data that could have come from an untrusted source, or that could have been tampered with.
+
         Parameters
         ----------
         path:

etna/core/utils.py

@@ -13,6 +13,12 @@
 def load(path: pathlib.Path, **kwargs: Any) -> Any:
     """Load saved object by path.
 
+    Warning
+    -------
+    This method uses :py:mod:`dill` module which is not secure.
+    It is possible to construct malicious data which will execute arbitrary code during loading.
+    Never load data that could have come from an untrusted source, or that could have been tampered with.
+
     Parameters
     ----------
     path:

etna/ensembles/mixins.py

@@ -116,6 +116,12 @@ def save(self, path: pathlib.Path):
     def load(cls, path: pathlib.Path, ts: Optional[TSDataset] = None) -> Self:
         """Load an object.
 
+        Warning
+        -------
+        This method uses :py:mod:`dill` module which is not secure.
+        It is possible to construct malicious data which will execute arbitrary code during loading.
+        Never load data that could have come from an untrusted source, or that could have been tampered with.
+
         Parameters
         ----------
         path:

etna/experimental/classification/base.py

@@ -11,7 +11,14 @@ def dump(self, path: str, *args, **kwargs):
 
     @staticmethod
     def load(path: str, *args, **kwargs):
-        """Load the object."""
+        """Load the object.
+
+        Warning
+        -------
+        This method uses :py:mod:`dill` module which is not secure.
+        It is possible to construct malicious data which will execute arbitrary code during loading.
+        Never load data that could have come from an untrusted source, or that could have been tampered with.
+        """
         with open(path, "rb") as file:
             clf = pickle.load(file, *args, **kwargs)
         return clf

etna/pipeline/mixins.py

@@ -207,6 +207,12 @@ def save(self, path: pathlib.Path):
     def load(cls, path: pathlib.Path, ts: Optional[TSDataset] = None) -> Self:
         """Load an object.
 
+        Warning
+        -------
+        This method uses :py:mod:`dill` module which is not secure.
+        It is possible to construct malicious data which will execute arbitrary code during loading.
+        Never load data that could have come from an untrusted source, or that could have been tampered with.
+
         Parameters
         ----------
         path: