-
Notifications
You must be signed in to change notification settings - Fork 51
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add pty to unsafeimports #108
base: master
Are you sure you want to change the base?
Add pty to unsafeimports #108
Conversation
Andrew Johnston seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account. You have signed the CLA already but the status is still pending? Let us recheck it. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is great, thanks! It'd be nice to have a unit test to confirm that we now catch this attack, but we can add that after this PR is merged. Once you sign the CLA we can merge.
I've added a relevant test and signed the CLA! Let me know if there's anything else I can do. |
|
||
try: | ||
numpy.load("unsafe.pickle", allow_pickle=True) | ||
numpy.load("unsafe_pty.pickle", allow_pickle=True) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Might be missing something, but shouldn't this be in its own test/try-except
block at a minimum? I believe as-is the first line will always trip the exception, so this will never be tested.
The following code produces a pickle file that fickling fails to detect as malicious:
This is because this technique uses
pty
and does not leave _var0 unused. This PR addspty
tounsafe_imports
as a quick fix to ensure the primitive behind this technique is detected.