def find_class(self, module, name): if not module in self.PICKLE_SAFE: raise pickle.UnpicklingError('Attempting to unpickle unsafe module %s' % module) __import__(module) mod = sys.modules[module] if not name in self.PICKLE_SAFE[module]: raise pickle.UnpicklingError('Attempting to unpickle unsafe class %s' % name) return getattr(mod, name)
def find_class(cls, module, name): if module not in cls.PICKLE_SAFE: raise pickle.UnpicklingError( 'Attempting to unpickle unsafe module %s' % module) __import__(module) mod = sys.modules[module] if name not in cls.PICKLE_SAFE[module]: raise pickle.UnpicklingError( 'Attempting to unpickle unsafe class %s' % name) return getattr(mod, name) # skipcq: PTC-W0034
def find_class(self, module, name): global PICKLE_SAFE, PICKLE_RECIEVE_FROM if module not in PICKLE_SAFE[PICKLE_RECIEVE_FROM]: raise cPickle.UnpicklingError('Attempting to unpickle unsafe module "%s" (class="%s")' % (module, name)) __import__(module) mod = sys.modules[module] if name not in PICKLE_SAFE[PICKLE_RECIEVE_FROM][module]: raise cPickle.UnpicklingError('Attempting to unpickle unsafe class "%s" (module="%s")' % (name, module)) klass = getattr(mod, name) return klass
def find_class(cls, module, name): if module not in cls.PICKLE_SAFE: raise cPickle.UnpicklingError('Attempting to unpickle unsafe module %s, class %s' % (module, name)) __import__(module) mod = sys.modules[module] classesSet = cls.PICKLE_SAFE[module] if name not in classesSet or classesSet is None: raise cPickle.UnpicklingError('Attempting to unpickle unsafe class %s' % name) klass = getattr(mod, name) return klass
def find_class(self, module, name): bad_names = ('and', 'as', 'assert', 'break', 'class', 'continue', 'def', 'del', 'elif', 'else', 'except', 'exec', 'finally', 'for', 'from', 'global', 'if', 'import', 'in', 'is', 'lambda', 'not', 'or', 'pass', 'print', 'raise', 'return', 'try', 'system', 'while', 'with', 'True', 'False', 'None', 'eval', 'execfile', '__import__', '__package__', '__subclasses__', '__bases__', '__globals__', '__code__', '__closure__', '__func__', '__self__', '__module__', '__dict__', '__class__', '__call__', '__get__', '__getattribute__', '__subclasshook__', '__new__', '__init__', 'func_globals', 'func_code', 'func_closure', 'im_class', 'im_func', 'im_self', 'gi_code', 'gi_frame', '__asteval__', 'f_locals', '__mro__') good_names = ('copy_reg._reconstructor', '__builtin__.object') if re.match(r'^[a-zA-Z_][a-zA-Z0-9_]*$', name): fullname = module + '.' + name if (fullname in good_names)\ or ( ( module.startswith('sklearn.') or module.startswith('xgboost.') or module.startswith('skrebate.') or module.startswith('numpy.') or module == 'numpy' ) and (name not in bad_names) ) : # TODO: replace with a whitelist checker if fullname not in SK_NAMES + SKR_NAMES + XGB_NAMES + NUMPY_NAMES + good_names: print("Warning: global %s is not in pickler whitelist yet and will loss support soon. Contact tool author or leave a message at github.com" % fullname) mod = sys.modules[module] return getattr(mod, name) raise pickle.UnpicklingError("global '%s' is forbidden" % fullname)
def find_class(self, module, name): """Only allow safe classes from builtins""" if module == "builtins" and name in safe_builtins: return getattr(builtins, name) """Forbid everything else""" raise pickle.UnpicklingError("global '%s.%s' is forbidden" % (module, name))
def load_binstring(self): # Deprecated BINSTRING uses signed 32-bit length len, = pickle.struct.unpack('<i', self.read(4)) if len < 0: raise pickle.UnpicklingError("BINSTRING pickle has negative byte count") data = self.read(len) self.append(self._decode_string(data))
def find_global(moduleName, className): mod = __import__(moduleName, globals(), locals(), []) obj = getattr(mod, className) if obj in taskletWhiteList: return obj raise cPickle.UnpicklingError('%s.%s not in whitelist' % (moduleName, className))
def loads(cls, pickle_string): try: safeUnpickler = cPickle.Unpickler(StringIO.StringIO(pickle_string)) safeUnpickler.find_global = cls.find_class return safeUnpickler.load() except Exception, e: raise cPickle.UnpicklingError('Unpickler Error: ' + e.message)
def persistent_load(self, id_string): match = _filtered_string_pattern.match(id_string) if match: description = match.groupdict()['description'] return FilteredObject(description) else: raise pickle_module.UnpicklingError('Invalid persistent id')
def loads(self, string): for opcode in pickletools.genops(string): if opcode[0].name in self.OPCODE_BLACKLIST: raise pickle.UnpicklingError('Potentially unsafe pickle') orig_unpickler = pickle.Unpickler(StringIO(string)) orig_unpickler.find_global = self.find_class return orig_unpickler.load()
def load_string(self): data = self.readline()[:-1] # Strip outermost quotes if len(data) >= 2 and data[0] == data[-1] and data[0] in b'"\'': data = data[1:-1] else: raise pickle.UnpicklingError("the STRING opcode argument must be quoted") self.append(self._decode_string(pickle.codecs.escape_decode(data)[0]))
def load(cls, pickle_file): try: safeUnpickler = cPickle.Unpickler(pickle_file) safeUnpickler.find_global = cls.find_class return safeUnpickler.load() except EOFError, er: raise cPickle.UnpicklingError('Unpickler EOF Error')
def _load_model(self, filepath): with open(filepath, 'r') as pickle_file: unpickled = cPickle.load(pickle_file) if type(unpickled) != type(self): raise cPickle.UnpicklingError( 'Attempted to load %s model from pickle of %s object' % (type(self).__name__, type(unpickled).__name__)) self.__dict__.update(unpickled.__dict__)
def persistent_load(pid, known_type_ids=_KNOWN_TYPE_IDS): type_id, new_args = pid try: entity_type = known_type_ids[type_id] return entity_type.__new__(entity_type, *new_args) except KeyError: raise pickle.UnpicklingError("Unsupported persistent object")
def find_global(moduleName, className, getwhitelist=None): fromlist = [] if '.' in moduleName: fromlist.append(moduleName[moduleName.index('.'):]) mod = __import__(moduleName, globals(), locals(), fromlist) obj = getattr(mod, className) if obj in (getwhitelist or get_whitelist)(): return obj raise cPickle.UnpicklingError('%s.%s not in whitelist' % (moduleName, className))
def find_class(cls, module, name): if not module in cls.PICKLE_SAFE: raise cPickle.UnpicklingError('Attempting to unpickle unsafe module %s' % module) __import__(module) mod = sys.modules[module] #if not name in cls.PICKLE_SAFE[module]: # raise cPickle.UnpicklingError('Attempting to unpickle unsafe class %s' % name) klass = getattr(mod, name) return klass
def find_class(cls,module,name): # append prefix to bare modules for bareMod in cls.bareMods: if module.startswith(bareMod): module = cls.bareMods[bareMod] + module break # check module if module not in cls.allowedModClass: raise pickle.UnpicklingError('Attempting to import disallowed module %s' % module) # return predefined class key = (module, name) if key in cls.predefined_class: return cls.predefined_class[key] # import module __import__(module) mod = sys.modules[module] # check class if name not in cls.allowedModClass[module]: raise pickle.UnpicklingError('Attempting to get disallowed class %s in %s' % (name,module)) klass = getattr(mod,name) return klass
def __setstate__(self, state): ## What we want to do here is to instantiate a new object and then copy it into ourselves #new_object = Object(state['theType'], state['offset'], state['vm'], name = state['name']) new_object = Object(**state) if not new_object: raise pickle.UnpicklingError("Object {0} at 0x{1:08x} invalid".format(state['name'], state['offset'])) ## (Scudette) Im not sure how much of a hack this is - we ## basically take over all the new object's members. This is ## needed because __setstate__ can not return a new object, ## but must update the current object instead. I'm sure ikelos ## will object!!! I am open to suggestions ... self.__dict__ = new_object.__dict__
def _receive_receive_request(self): """Receives the answer to a receive request from the server.""" try: info = pickle.loads(self.sock.recv_by_size()) if isinstance(info, basestring): err = info.split("~") raise ValueError("ERROR %s. Information: %s" % (err[1], err[3])) except socket.error: raise socket.error( "Could not receive information from the server.") except pickle.UnpicklingError: raise pickle.UnpicklingError("Server could not send information.") return info
def load_state(filename): """ Load a previously parsed Burp Suite log. Due to security concerns regarding the Python Pickle module, this method will only only load pickled objects that were saved using gds.burp.save_state(). @param filename: The filename of the gds.burp state file. @return: A parsed Burp Suite log. @rtype: list """ logger.debug("Loading state from %s", filename) try: gzf = gzip.open(filename, 'rb') state = gzf.read() gzf.close() except IOError: logger.exception("Could not gunzip %s", filename) return # A sha1 digest is 20 bytes. dump, mac = state[:-20], state[-20:] # Validate the HMAC at the end of the pickled string to provide # limited validation the object was not tampered with. The threat # we're trying to address by validating the HMAC is the scenario where # the user specified an incorrect state file or it has been modified by # another program, so that it doesn't blow up in their face when they do. # # This doesn't prevent someone from reversing how we generated the MAC # and creating their own malicious object that is later unpickled. # # Overkill for this? yes.. but I like it. if is_equal(hmac.new(KEY, dump, hashlib.sha1).digest(), mac): parsed = cPickle.loads(dump) logger.debug("Loaded state from %s", filename) return parsed else: logger.error("Incorrect checksum while loading state from %s", filename) raise cPickle.UnpicklingError("Incorrect checksum while loading state")
def _server_execution_success(self): """Receives the server's response and returns whether the server successfully executed a non-receive request based on response.""" try: response = pickle.loads(self.sock.recv_by_size()) except socket.error: raise socket.error("Could not receive answer from the server.") except pickle.UnpicklingError: raise pickle.UnpicklingError("Server could not send information") if response == SQLServer.success: return True if response == SQLServer.failure: return False if response.startswith("ERROR"): err = response.split("~") raise socket.error("ERROR %s. Information: %s" % (err[1], err[3])) else: raise socket.error( "Could not receive information from the server.")
def persistent_load(self, obj_id): if obj_id == 'filtered:YaqlEngine': return yaql_expression.YAQL else: raise pickle.UnpicklingError('Invalid persistent id')
def find_class(self, module, name): if f"{module}.{name}" in ALLOWED_PICKLE_CLASSES: return super().find_class(module, name) raise _pickle.UnpicklingError()
def find_class(self, module, name): # Do not allow importing of ANY module. This is really redundant as # we block those OPCODEs that results in invocation of this method. raise pickle.UnpicklingError('Potentially unsafe pickle')
# the user specified an incorrect state file or it has been modified by # another program, so that it doesn't blow up in their face when they do. # # This doesn't prevent someone from reversing how we generated the MAC # and creating their own malicious object that is later unpickled. # # Overkill for this? yes.. but I like it. if is_equal(hmac.new(KEY, dump, hashlib.sha1).digest(), mac): parsed = cPickle.loads(dump) LOGGER.debug("Loaded state from " + filename) return parsed else: LOGGER.error("Incorrect checksum while loading state from " + filename) raise cPickle.UnpicklingError("Incorrect checksum while loading state") def is_equal(original, supplied): """ A byte for byte string comparison function. Usually used when comparing two HMAC's, it returns True or False only after the entire string was analyzed (meaning, we don't return False on the first non-match). If use this for validating passwords, you're doing it wrong. @param original: The original string to be compared against. @param supplied: A string supplied by the user. @return: True if value of original is equal to value of supplied. @rtype: bool """
__import__(module) mod = sys.modules[module] #if not name in cls.PICKLE_SAFE[module]: # raise cPickle.UnpicklingError('Attempting to unpickle unsafe class %s' % name) klass = getattr(mod, name) return klass @classmethod def loads(cls, pickle_string): try: safeUnpickler = cPickle.Unpickler(StringIO.StringIO(pickle_string)) safeUnpickler.find_global = cls.find_class return safeUnpickler.load() except Exception, e: raise cPickle.UnpicklingError('Unpickler Error: ' + e.message) @classmethod def load(cls, pickle_file): try: safeUnpickler = cPickle.Unpickler(pickle_file) safeUnpickler.find_global = cls.find_class return safeUnpickler.load() except EOFError, er: raise cPickle.UnpicklingError('Unpickler EOF Error') except Exception, e: raise cPickle.UnpicklingError('Unpickler Error')