def find_class(self, module, name):
if not module in self.PICKLE_SAFE:
raise pickle.UnpicklingError('Attempting to unpickle unsafe module %s' % module)
__import__(module)
mod = sys.modules[module]
if not name in self.PICKLE_SAFE[module]:
raise pickle.UnpicklingError('Attempting to unpickle unsafe class %s' % name)
return getattr(mod, name)
def find_class(cls, module, name):
if module not in cls.PICKLE_SAFE:
raise pickle.UnpicklingError(
'Attempting to unpickle unsafe module %s' % module)
__import__(module)
mod = sys.modules[module]
if name not in cls.PICKLE_SAFE[module]:
raise pickle.UnpicklingError(
'Attempting to unpickle unsafe class %s' % name)
return getattr(mod, name) # skipcq: PTC-W0034
def find_class(self, module, name):
global PICKLE_SAFE, PICKLE_RECIEVE_FROM
if module not in PICKLE_SAFE[PICKLE_RECIEVE_FROM]:
raise cPickle.UnpicklingError('Attempting to unpickle unsafe module "%s" (class="%s")' % (module, name))
__import__(module)
mod = sys.modules[module]
if name not in PICKLE_SAFE[PICKLE_RECIEVE_FROM][module]:
raise cPickle.UnpicklingError('Attempting to unpickle unsafe class "%s" (module="%s")' % (name, module))
klass = getattr(mod, name)
return klass
def find_class(cls, module, name):
if module not in cls.PICKLE_SAFE:
raise cPickle.UnpicklingError('Attempting to unpickle unsafe module %s, class %s' % (module, name))
__import__(module)
mod = sys.modules[module]
classesSet = cls.PICKLE_SAFE[module]
if name not in classesSet or classesSet is None:
raise cPickle.UnpicklingError('Attempting to unpickle unsafe class %s' % name)
klass = getattr(mod, name)
return klass
def find_class(self, module, name):
bad_names = ('and', 'as', 'assert', 'break', 'class', 'continue',
'def', 'del', 'elif', 'else', 'except', 'exec',
'finally', 'for', 'from', 'global', 'if', 'import',
'in', 'is', 'lambda', 'not', 'or', 'pass', 'print',
'raise', 'return', 'try', 'system', 'while', 'with',
'True', 'False', 'None', 'eval', 'execfile', '__import__',
'__package__', '__subclasses__', '__bases__', '__globals__',
'__code__', '__closure__', '__func__', '__self__', '__module__',
'__dict__', '__class__', '__call__', '__get__',
'__getattribute__', '__subclasshook__', '__new__',
'__init__', 'func_globals', 'func_code', 'func_closure',
'im_class', 'im_func', 'im_self', 'gi_code', 'gi_frame',
'__asteval__', 'f_locals', '__mro__')
good_names = ('copy_reg._reconstructor', '__builtin__.object')
if re.match(r'^[a-zA-Z_][a-zA-Z0-9_]*$', name):
fullname = module + '.' + name
if (fullname in good_names)\
or ( ( module.startswith('sklearn.')
or module.startswith('xgboost.')
or module.startswith('skrebate.')
or module.startswith('numpy.')
or module == 'numpy'
)
and (name not in bad_names)
) :
# TODO: replace with a whitelist checker
if fullname not in SK_NAMES + SKR_NAMES + XGB_NAMES + NUMPY_NAMES + good_names:
print("Warning: global %s is not in pickler whitelist yet and will loss support soon. Contact tool author or leave a message at github.com" % fullname)
mod = sys.modules[module]
return getattr(mod, name)
raise pickle.UnpicklingError("global '%s' is forbidden" % fullname)
def find_class(self, module, name):
"""Only allow safe classes from builtins"""
if module == "builtins" and name in safe_builtins:
return getattr(builtins, name)
"""Forbid everything else"""
raise pickle.UnpicklingError("global '%s.%s' is forbidden" %
(module, name))
def load_binstring(self):
# Deprecated BINSTRING uses signed 32-bit length
len, = pickle.struct.unpack('<i', self.read(4))
if len < 0:
raise pickle.UnpicklingError("BINSTRING pickle has negative byte count")
data = self.read(len)
self.append(self._decode_string(data))
def find_global(moduleName, className):
mod = __import__(moduleName, globals(), locals(), [])
obj = getattr(mod, className)
if obj in taskletWhiteList:
return obj
raise cPickle.UnpicklingError('%s.%s not in whitelist' %
(moduleName, className))
def loads(cls, pickle_string):
try:
safeUnpickler = cPickle.Unpickler(StringIO.StringIO(pickle_string))
safeUnpickler.find_global = cls.find_class
return safeUnpickler.load()
except Exception, e:
raise cPickle.UnpicklingError('Unpickler Error: ' + e.message)
def persistent_load(self, id_string):
match = _filtered_string_pattern.match(id_string)
if match:
description = match.groupdict()['description']
return FilteredObject(description)
else:
raise pickle_module.UnpicklingError('Invalid persistent id')
def loads(self, string):
for opcode in pickletools.genops(string):
if opcode[0].name in self.OPCODE_BLACKLIST:
raise pickle.UnpicklingError('Potentially unsafe pickle')
orig_unpickler = pickle.Unpickler(StringIO(string))
orig_unpickler.find_global = self.find_class
return orig_unpickler.load()
def load_string(self):
data = self.readline()[:-1]
# Strip outermost quotes
if len(data) >= 2 and data[0] == data[-1] and data[0] in b'"\'':
data = data[1:-1]
else:
raise pickle.UnpicklingError("the STRING opcode argument must be quoted")
self.append(self._decode_string(pickle.codecs.escape_decode(data)[0]))
def load(cls, pickle_file):
try:
safeUnpickler = cPickle.Unpickler(pickle_file)
safeUnpickler.find_global = cls.find_class
return safeUnpickler.load()
except EOFError, er:
raise cPickle.UnpicklingError('Unpickler EOF Error')
def _load_model(self, filepath):
with open(filepath, 'r') as pickle_file:
unpickled = cPickle.load(pickle_file)
if type(unpickled) != type(self):
raise cPickle.UnpicklingError(
'Attempted to load %s model from pickle of %s object' %
(type(self).__name__, type(unpickled).__name__))
self.__dict__.update(unpickled.__dict__)
def persistent_load(pid, known_type_ids=_KNOWN_TYPE_IDS):
type_id, new_args = pid
try:
entity_type = known_type_ids[type_id]
return entity_type.__new__(entity_type, *new_args)
except KeyError:
raise pickle.UnpicklingError("Unsupported persistent object")
def find_global(moduleName, className, getwhitelist=None):
fromlist = []
if '.' in moduleName:
fromlist.append(moduleName[moduleName.index('.'):])
mod = __import__(moduleName, globals(), locals(), fromlist)
obj = getattr(mod, className)
if obj in (getwhitelist or get_whitelist)():
return obj
raise cPickle.UnpicklingError('%s.%s not in whitelist' %
(moduleName, className))
def find_class(cls, module, name):
if not module in cls.PICKLE_SAFE:
raise cPickle.UnpicklingError('Attempting to unpickle unsafe module %s' % module)
__import__(module)
mod = sys.modules[module]
#if not name in cls.PICKLE_SAFE[module]:
# raise cPickle.UnpicklingError('Attempting to unpickle unsafe class %s' % name)
klass = getattr(mod, name)
return klass
def find_class(cls,module,name):
# append prefix to bare modules
for bareMod in cls.bareMods:
if module.startswith(bareMod):
module = cls.bareMods[bareMod] + module
break
# check module
if module not in cls.allowedModClass:
raise pickle.UnpicklingError('Attempting to import disallowed module %s' % module)
# return predefined class
key = (module, name)
if key in cls.predefined_class:
return cls.predefined_class[key]
# import module
__import__(module)
mod = sys.modules[module]
# check class
if name not in cls.allowedModClass[module]:
raise pickle.UnpicklingError('Attempting to get disallowed class %s in %s' % (name,module))
klass = getattr(mod,name)
return klass
def __setstate__(self, state):
## What we want to do here is to instantiate a new object and then copy it into ourselves
#new_object = Object(state['theType'], state['offset'], state['vm'], name = state['name'])
new_object = Object(**state)
if not new_object:
raise pickle.UnpicklingError("Object {0} at 0x{1:08x} invalid".format(state['name'], state['offset']))
## (Scudette) Im not sure how much of a hack this is - we
## basically take over all the new object's members. This is
## needed because __setstate__ can not return a new object,
## but must update the current object instead. I'm sure ikelos
## will object!!! I am open to suggestions ...
self.__dict__ = new_object.__dict__
def _receive_receive_request(self):
"""Receives the answer to a receive request from the server."""
try:
info = pickle.loads(self.sock.recv_by_size())
if isinstance(info, basestring):
err = info.split("~")
raise ValueError("ERROR %s. Information: %s" %
(err[1], err[3]))
except socket.error:
raise socket.error(
"Could not receive information from the server.")
except pickle.UnpicklingError:
raise pickle.UnpicklingError("Server could not send information.")
return info
def load_state(filename):
"""
Load a previously parsed Burp Suite log.
Due to security concerns regarding the Python Pickle module, this method
will only only load pickled objects that were saved using
gds.burp.save_state().
@param filename: The filename of the gds.burp state file.
@return: A parsed Burp Suite log.
@rtype: list
"""
logger.debug("Loading state from %s", filename)
try:
gzf = gzip.open(filename, 'rb')
state = gzf.read()
gzf.close()
except IOError:
logger.exception("Could not gunzip %s", filename)
return
# A sha1 digest is 20 bytes.
dump, mac = state[:-20], state[-20:]
# Validate the HMAC at the end of the pickled string to provide
# limited validation the object was not tampered with. The threat
# we're trying to address by validating the HMAC is the scenario where
# the user specified an incorrect state file or it has been modified by
# another program, so that it doesn't blow up in their face when they do.
#
# This doesn't prevent someone from reversing how we generated the MAC
# and creating their own malicious object that is later unpickled.
#
# Overkill for this? yes.. but I like it.
if is_equal(hmac.new(KEY, dump, hashlib.sha1).digest(), mac):
parsed = cPickle.loads(dump)
logger.debug("Loaded state from %s", filename)
return parsed
else:
logger.error("Incorrect checksum while loading state from %s", filename)
raise cPickle.UnpicklingError("Incorrect checksum while loading state")
def _server_execution_success(self):
"""Receives the server's response and
returns whether the server successfully executed a non-receive request based on response."""
try:
response = pickle.loads(self.sock.recv_by_size())
except socket.error:
raise socket.error("Could not receive answer from the server.")
except pickle.UnpicklingError:
raise pickle.UnpicklingError("Server could not send information")
if response == SQLServer.success:
return True
if response == SQLServer.failure:
return False
if response.startswith("ERROR"):
err = response.split("~")
raise socket.error("ERROR %s. Information: %s" % (err[1], err[3]))
else:
raise socket.error(
"Could not receive information from the server.")
def persistent_load(self, obj_id):
if obj_id == 'filtered:YaqlEngine':
return yaql_expression.YAQL
else:
raise pickle.UnpicklingError('Invalid persistent id')
def find_class(self, module, name):
if f"{module}.{name}" in ALLOWED_PICKLE_CLASSES:
return super().find_class(module, name)
raise _pickle.UnpicklingError()
def find_class(self, module, name):
# Do not allow importing of ANY module. This is really redundant as
# we block those OPCODEs that results in invocation of this method.
raise pickle.UnpicklingError('Potentially unsafe pickle')
# the user specified an incorrect state file or it has been modified by
# another program, so that it doesn't blow up in their face when they do.
#
# This doesn't prevent someone from reversing how we generated the MAC
# and creating their own malicious object that is later unpickled.
#
# Overkill for this? yes.. but I like it.
if is_equal(hmac.new(KEY, dump, hashlib.sha1).digest(), mac):
parsed = cPickle.loads(dump)
LOGGER.debug("Loaded state from " + filename)
return parsed
else:
LOGGER.error("Incorrect checksum while loading state from " + filename)
raise cPickle.UnpicklingError("Incorrect checksum while loading state")
def is_equal(original, supplied):
"""
A byte for byte string comparison function. Usually used when comparing
two HMAC's, it returns True or False only after the entire string was
analyzed (meaning, we don't return False on the first non-match).
If use this for validating passwords, you're doing it wrong.
@param original: The original string to be compared against.
@param supplied: A string supplied by the user.
@return: True if value of original is equal to value of supplied.
@rtype: bool
"""
__import__(module)
mod = sys.modules[module]
#if not name in cls.PICKLE_SAFE[module]:
# raise cPickle.UnpicklingError('Attempting to unpickle unsafe class %s' % name)
klass = getattr(mod, name)
return klass
@classmethod
def loads(cls, pickle_string):
try:
safeUnpickler = cPickle.Unpickler(StringIO.StringIO(pickle_string))
safeUnpickler.find_global = cls.find_class
return safeUnpickler.load()
except Exception, e:
raise cPickle.UnpicklingError('Unpickler Error: ' + e.message)
@classmethod
def load(cls, pickle_file):
try:
safeUnpickler = cPickle.Unpickler(pickle_file)
safeUnpickler.find_global = cls.find_class
return safeUnpickler.load()
except EOFError, er:
raise cPickle.UnpicklingError('Unpickler EOF Error')
except Exception, e:
raise cPickle.UnpicklingError('Unpickler Error')
