OpenFermion icon indicating copy to clipboard operation
OpenFermion copied to clipboard
verified publisher icon quantumlib

operator_utils.py contains unsafe deserialization code

Open mhucka opened this issue 4 months ago • 1 comments

Describe the issue

Security code scanning alert 567 flagged a case of deserializing a user-provided value without checking boundaries or doing other safety checks. It happens on line 283, where a load() function is called after reading a file:

            raise TypeError('Operator of invalid type.')
    else:
        with open(file_path, 'rb') as f:
            data = marshal.load(f)

We should fix this to be safer.

What version of this software are you using?

0.23.0.dev0

How can the issue be reproduced?

No response

mhucka avatar Aug 28 '25 03:08 mhucka

Will be fixed by #1141.

mhucka avatar Sep 25 '25 23:09 mhucka