forked from pandas-dev/pandas
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathINFO
35 lines (28 loc) · 1.41 KB
/
INFO
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
This is a fork of 1.4.3 and adds protections to loading pickles.
By default, this forked version denies pickles from certain insecure calls like eval, system, os.system, etc.
# example tests
restricted_loads(pickle.dumps([1, 2, range(15)]))
restricted_loads(b"cos\nsystem\n(S'echo hello world'\ntR.")
restricted_loads(b'cbuiltins\neval\n'
b'(S\'getattr(__import__("os"), "system")'
b'("echo hello world")\'\ntR.')
###
# call this file pickle_config.yml
# this is meant to configure pickle deserialization, which can be a security risk
# mode can be permit, deny, off
# permit means pickle is only allowed to load permitted libraries (safer option)
# deny means pickle is not allowed to load denied libraries (less safe option)
# off means no security and should only be used on safe pickles (least safe option)
mode: permit
# here you would list packages and classes that can be used
# this is how Python recommend you restrict pickling globals
# see https://docs.python.org/3/library/pickle.html#restricting-globals
permit:
builtins: ['range', 'complex', 'set', 'frozenset', 'slice']
# here you would list packages and classes than cannot be used
# all others will be allowed if running on deny mode
# this is not as safe as the permit method
# see https://pythonmana.com/2022/143/202205231222219535.html
deny:
builtins: ['eval', 'exec', 'execfile', 'compile', 'open', 'input', '__import__', 'exit']
os: ['system']