Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

Harden pickle.load() against deserialization attacks #10

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion Cryptogram Solver/cryptogram_solver.py
View file Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
import matplotlib.pyplot as plt
import pickle
import os
import fickling


def load_word_dictionary(file_path):
Expand Down Expand Up @@ -75,7 +76,7 @@ def save_progress(decrypted_text):
def load_progress():
if os.path.exists('progress.pickle'):
with open('progress.pickle', 'rb') as file:
return pickle.load(file)
return fickling.load(file)
else:
return None

Expand Down
4 changes: 2 additions & 2 deletions Heart Disease Prediction/script.py
View file Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
import json
import pickle
import numpy as np
import pandas as pd
import fickling

data = {}
print("[+] Enter the age")
Expand Down Expand Up @@ -36,7 +36,7 @@
data["ca"] = int(input())
print("[+] Enter 3 = normal, 6 = fixed defect, 7 = reversable defect")
data["thal"] = int(input())
model = pickle.load(open("./Heart Disease Prediction/heart_model.pkl", "rb"))
model = fickling.load(open("./Heart Disease Prediction/heart_model.pkl", "rb"))
arr = pd.DataFrame(
[
[
Expand Down
7 changes: 4 additions & 3 deletions Language Detection/app.py
View file Open in desktop
Original file line number Diff line number Diff line change
@@ -1,14 +1,15 @@
# importing libraries
from flask import Flask, request, render_template
import sklearn
import pickle
import pandas as pd
import re
import numpy as np
from sklearn.feature_extraction.text import CountVectorizer
from sklearn.naive_bayes import MultinomialNB
from sklearn.preprocessing import LabelEncoder
from googletrans import Translator
import fickling

le = LabelEncoder()

app = Flask(__name__)
Expand All @@ -29,8 +30,8 @@ def predict():
y = le.fit_transform(y)

# loading the model and cv
model = pickle.load(open("model.pkl", "rb"))
cv = pickle.load(open("transform.pkl", "rb"))
model = fickling.load(open("model.pkl", "rb"))
cv = fickling.load(open("transform.pkl", "rb"))

if request.method == "POST":
# taking the input
Expand Down
5 changes: 3 additions & 2 deletions Login And Signup GUI/login.py
View file Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
from datetime import date, datetime
from random import randint
import os.path
import fickling


# ++++++++++++++++WINDOW++++++++++++++++
Expand Down Expand Up @@ -270,7 +271,7 @@ def signup(
) as Myfile:
while True:
try:
a = pickle.load(
a = fickling.load(
Myfile)
usernames.append(
a[0])
Expand Down Expand Up @@ -521,7 +522,7 @@ def login(usernamee, passwordd):
l = 0
while True:
try:
a = pickle.load(Myfile)
a = fickling.load(Myfile)
if a[0] == usernamee and a[1] == passwordd:
l = l + 1
logindetails(usernamee)
Expand Down
6 changes: 3 additions & 3 deletions Movie recommendation system/app.py
View file Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
import pickle
import streamlit as st
import requests
import pandas as pd
import fickling


def fetch_poster(movie_id):
Expand Down Expand Up @@ -30,9 +30,9 @@ def recommend(movie):


st.header('TMDB Movie Recommender System')
movies = pickle.load(open('movie_list.pkl', 'rb'))
movies = fickling.load(open('movie_list.pkl', 'rb'))
movies = pd.DataFrame(movies)
similarity = pickle.load(open('similarity.pkl', 'rb'))
similarity = fickling.load(open('similarity.pkl', 'rb'))

movie_list = movies['title'].values
selected_movie = st.selectbox(
Expand Down
4 changes: 2 additions & 2 deletions Parking Space Detection System/detector.py
View file Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
import argparse
import cv2
import numpy as np
import pickle
from pathlib import Path
from shapely.geometry import Polygon as shapely_poly
from mrcnn.model import MaskRCNN
Expand All @@ -10,6 +9,7 @@
import os
import sys
import time
import fickling


class Config(mrcnn.config.Config):
Expand All @@ -29,7 +29,7 @@ def load_parking_regions(regions_path):
regions_file = Path(regions_path)
if regions_file.exists():
with open(regions_file, 'rb') as f:
parked_car_boxes = pickle.load(f)
parked_car_boxes = fickling.load(f)
return parked_car_boxes
else:
print("Error: Could not find the regions file.")
Expand Down
6 changes: 3 additions & 3 deletions Salary Predictor/script.py
View file Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# import the libraries
import pandas as pd
import pickle
import fickling

# Function to let user choose from various options

Expand Down Expand Up @@ -69,11 +69,11 @@ def know_language(yes_no):

# Load the model
with open('./Salary Predictor/models/random_forest2_model.sav', 'rb') as f:
random_forest_model = pickle.load(f)
random_forest_model = fickling.load(f)

# load the columns file
with open('./Salary Predictor/models/model_columns1.pkl', 'rb') as f:
model_columns = pickle.load(f)
model_columns = fickling.load(f)

# Query into the model to fet results
query_ = pd.get_dummies(pd.DataFrame(df, index=[0]), prefix=[
Expand Down
3 changes: 2 additions & 1 deletion Spacex-Calender/notifly.py
View file Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@
from bs4 import BeautifulSoup
import requests
from datetime import datetime
import fickling

# Enter your own Google Calendar API json credentials file below (if you renamed it)
api_credentials_json = 'credentials.json'
Expand Down Expand Up @@ -53,7 +54,7 @@ def google_calendar_setup():
# time.
if os.path.exists('token.pickle'):
with open('token.pickle', 'rb') as token:
creds = pickle.load(token)
creds = fickling.load(token)
# If there are no (valid) credentials available, let the user log in.
if not creds or not creds.valid:
if creds and creds.expired and creds.refresh_token:
Expand Down
4 changes: 2 additions & 2 deletions Student-placement-prediction/app.py
View file Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
from flask import Flask, render_template, request
import pickle
import numpy as np
import fickling

model = pickle.load(open('model.pkl', 'rb'))
model = fickling.load(open('model.pkl', 'rb'))
app = Flask(__name__)


Expand Down
2 changes: 1 addition & 1 deletion TradingView/setup.py
View file Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@
author_email="d+fixtool@0x1.org",
license="MIT",
keywords="fix testing",
Copy link
Author

@pixeebot pixeebot bot Dec 4, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This package provides analysis of pickled data to help identify potential security vulnerabilities.

License: LGPL-3.0Open SourceMore facts

install_requires=["simplefix>=1.0.8"],
install_requires=["simplefix>=1.0.8", "fickling>=0.1.3,~=0.1.0"],
package_dir={"": "python"},
packages=["fixtool"],
entry_points={
Expand Down

AltStyle によって変換されたページ (->オリジナル) /