Skip to content

fix: add RestrictedUnpickler to prevent arbitrary code execution#226

Open
muhamedfazalps wants to merge 1 commit into
schollz:masterfrom
muhamedfazalps:fix-pickle-security
Open

fix: add RestrictedUnpickler to prevent arbitrary code execution#226
muhamedfazalps wants to merge 1 commit into
schollz:masterfrom
muhamedfazalps:fix-pickle-security

Conversation

@muhamedfazalps

Copy link
Copy Markdown

Security Fix: Unsafe Deserialization

Vulnerability

  • Type: Unsafe Deserialization (CWE-502)
  • Affected: rf.py line 153
  • Impact: Arbitrary code execution if .pkl file is modified

Root Cause

pickle.load() is used without validation, allowing arbitrary code execution if an attacker can modify the .pkl file in the data directory.

Fix

Added RestrictedUnpickler that only allows safe modules (numpy, sklearn, builtins). This prevents arbitrary code execution while maintaining functionality.

Testing

  • Verified existing functionality still works with the fix
  • Verified that malicious payloads are rejected

If this helps, consider buying me a coffee: https://buymeacoffee.com/muhamedfazalps

The code uses pickle.load() without validation, which allows arbitrary
code execution if an attacker can modify the .pkl file.

Added RestrictedUnpickler that only allows safe modules (numpy, sklearn, builtins).

---

If this helps, consider buying me a coffee: https://buymeacoffee.com/muhamedfazalps
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant