Skip to content

Commit 58983e1

Browse files
authored
Pickle parsing logic flaw leads to malicious pickle file bypass (#46)
Fix GHSA-9gvj-pp9x-gcfr
1 parent 2974a25 commit 58983e1

File tree

4 files changed

+37
-2
lines changed

4 files changed

+37
-2
lines changed

setup.cfg

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
[metadata]
22
name = picklescan
3-
version = 0.0.26
3+
version = 0.0.27
44
author = Matthieu Maitre
55
author_email = [email protected]
66
description = Security scanner detecting Python Pickle files performing suspicious actions

src/picklescan/scanner.py

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -252,7 +252,7 @@ def _list_globals(data: IO[bytes], multiple_pickles=True) -> Set[Tuple[str, str]
252252
globals.add(tuple(op_value.split(" ", 1)))
253253
elif op_name == "STACK_GLOBAL":
254254
values = []
255-
for offset in range(1, n):
255+
for offset in range(1, n + 1):
256256
if ops[n - offset][0].name in [
257257
"MEMOIZE",
258258
"PUT",
@@ -267,6 +267,9 @@ def _list_globals(data: IO[bytes], multiple_pickles=True) -> Set[Tuple[str, str]
267267
"UNICODE",
268268
"BINUNICODE",
269269
"BINUNICODE8",
270+
"STRING",
271+
"BINSTRING",
272+
"SHORT_BINSTRING",
270273
]:
271274
_log.debug(
272275
"Presence of non-string opcode, categorizing as an unknown dangerous import"

tests/data2/malicious23.pkl

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
S'os'
2+
S'system'
3+
�S'ls'
4+
�R.

tests/test_scanner.py

Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -560,6 +560,22 @@ def initialize_pickle_files():
560560
initialize_pickle_file(f"{_root_path}/data2/malicious21.pkl", Malicious21(), 4)
561561
initialize_pickle_file(f"{_root_path}/data2/malicious22.pkl", Malicious22(), 4)
562562

563+
# https://github.com/mmaitre314/picklescan/security/advisories/GHSA-9gvj-pp9x-gcfr
564+
initialize_data_file(
565+
f"{_root_path}/data2/malicious23.pkl",
566+
b"".join(
567+
[
568+
pickle.STRING + b"'os'\n",
569+
pickle.STRING + b"'system'\n",
570+
pickle.STACK_GLOBAL,
571+
pickle.STRING + b"'ls'\n",
572+
pickle.TUPLE1,
573+
pickle.REDUCE,
574+
pickle.STOP,
575+
]
576+
),
577+
)
578+
563579

564580
initialize_pickle_files()
565581
initialize_numpy_files()
@@ -843,6 +859,18 @@ def test_scan_file_path():
843859
),
844860
)
845861

862+
compare_scan_results(
863+
scan_file_path(f"{_root_path}/data2/malicious23.pkl"),
864+
ScanResult(
865+
[
866+
Global("os", "system", SafetyLevel.Dangerous),
867+
],
868+
scanned_files=1,
869+
issues_count=1,
870+
infected_files=1,
871+
),
872+
)
873+
846874

847875
def test_scan_file_path_npz():
848876
compare_scan_results(

0 commit comments

Comments
 (0)