GPTCache icon indicating copy to clipboard operation
GPTCache copied to clipboard
verified publisher icon zilliztech

[Bug]: The MapDataManager function uses pickle to serialize the data_map.txt file which may lead to security risks.

Open lihao7212148 opened this issue 1 year ago • 2 comments

Current Behavior

When MapDataManager is initialized, pickle is called to read the data_map.txt file. If an attacker tampered with the data_map.txt file, this may lead to security risks and the python open source community has stated that pickle is an unsafe function. image

gptcache use pickle code as blow: image

Expected Behavior

expected do not ues pickle or Verify whether the file content has been tampered

Steps To Reproduce

No response

Environment

No response

Anything else?

No response

lihao7212148 avatar Oct 12 '24 02:10 lihao7212148

That's a good question, could you try to fix that?

SimFG avatar Oct 12 '24 02:10 SimFG

That's a good question, could you try to fix that?

I tried adding the hmac field in the header of the data_map.txt file to prevent tampering, but this method cannot completely eliminate the risk. An attacker may still forge the same hmac data to bypass verification

lihao7212148 avatar Oct 12 '24 02:10 lihao7212148