pickle
module BAN-B301 98 pzmm_pickle_path.rename(Path(pickle_path) / (sanitized_prefix + PICKLE))
99 else:
100 with open(ml_pickle_path, "rb") as pickle_file:
101 return {sanitized_prefix + PICKLE: pickle.load(pickle_file)}102 else:
103 # For all other model types
104 if not is_h2o_model:
104 model = pickle.loads(in_file)
105 else:
106 # Assume a file object containing the pickled object
107 model = pickle.load(in_file)108
109 # Verify model is a valid type
110 parser = _check_type(model)
101
102 elif isinstance(in_file, bytes):
103 # Assume byte string is the actual pickled bytes
104 model = pickle.loads(in_file)105 else:
106 # Assume a file object containing the pickled object
107 model = pickle.load(in_file)
97 else:
98 # Read pickled files
99 with open(in_file, "rb") as f:
100 model = pickle.load(f)101
102 elif isinstance(in_file, bytes):
103 # Assume byte string is the actual pickled bytes
16 global model
17 except NameError:
18 with open(Path(settings.pickle_path) / "RandomForest.pickle", "rb") as pickle_model:
19 model = pickle.load(pickle_model)20
21
22
The pickle module is not secure against erroneous or maliciously constructed data. Never unpickle data received from an untrusted or unauthenticated source.
Python's pickle
module is used for serializing and de-serializing a Python object structure. Data serialization is the process of converting structured data to a format that allows sharing or storage of the data in a form that allows recovery of its original structure.
Insecure deserialization is when an application deserializes the data that it gets without any kind of validation, or even the authenticity of the data. It is easy to execute arbitrary code when unpickling data. Unpickling can be exploited to execute arbitrary commands on your machine.
If pickle
is not absolutely necessary for the use-case, consider using a safer serialization, like PyYaml.PyYAML is a YAML parser and emitter for Python. YAML is language-agnostic and human-readable serialization format. But pickle
has its advantages too. Pickle format is specific to Python and can represent a wide variety of data structures and objects where as YAML represents simple data types & structures in a language-portable manner.
Recommended practices when using pickle
module:
Refer to this blog post to know more about dangers of using pickle
module.
from flask import request
import picke
@app.route('/pickle')
def load():
data = request.GET.get("data")
conf = pickle.load(data) # Insecure. Avoid using pickle
from flask import request
import yaml
@app.route('/yaml')
def load():
data = request.GET.get("data")
conf = yaml.load(data) # Secure