sqlitedict
sqlitedict copied to clipboard
piskvorky
How can I report if there's a potential vulnerability
I found out a vulnerability in this library, how can I report it? Already reported cve.
Thanks. Closing until there's a clearly demonstrated proof-of-concept or attack vector. Ideally with a mitigation PR where relevant.
@piskvorky https://william957-web.github.io/sqlitedict-vuln-report.zip Additional details
@mpenkov
Probably not, for example, you won't say that code injection vulnerbility is the problem with eval.
In fact, there're serveral prevention due to pickle deserialization(like check object titles, sandboxes...), and ML often used libraries like clearML, pytorch also patched this kind of vulnerabilities.
@mpenkov @piskvorky patched version (Reference:https://docs.python.org/3/library/pickle.html):
import builtins
import io
import pickle
safe_builtins = {
'range',
'complex',
'set',
'frozenset',
'slice',
}
class RestrictedUnpickler(pickle.Unpickler):
def find_class(self, module, name):
# Only allow safe classes from builtins.
if module == "builtins" and name in safe_builtins:
return getattr(builtins, name)
# Forbid everything else.
raise pickle.UnpicklingError("global '%s.%s' is forbidden" %
(module, name))
def restricted_loads(s):
"""Helper function analogous to pickle.loads()."""
return RestrictedUnpickler(io.BytesIO(s)).load()
and change the decode and decode_key function's loads into restricted_loads.
The only drawback of this prevention is that user can't store other none builtin data types(like numpy or else(but I think the functions can be replaced just by sqlitedict!))...
After I read those pdfs, I think add a warning to warn user don't load untrusted db file is actually enough.
What do you think @William957-web ?