Skip to content

C
cpython
Commit daa82d01 authored by Daniel Pope's avatar Daniel Pope Committed by Raymond Hettinger
Browse files
Options

bpo-37977: Warn more strongly and clearly about pickle security (GH-15595)

parent 013e52fd
Hide whitespace changes
Inline Side-by-side
Showing with 19 additions and 4 deletions
Doc/library/pickle.rst
View file @ daa82d01
...@@ -30,9 +30,17 @@ avoid confusion, the terms used here are "pickling" and "unpickling". ...@@ -30,9 +30,17 @@ avoid confusion, the terms used here are "pickling" and "unpickling".
.. warning:: .. warning::
The :mod:`pickle` module is not secure against erroneous or maliciously The ``pickle`` module **is not secure**. Only unpickle data you trust.
constructed data. Never unpickle data received from an untrusted or
unauthenticated source. It is possible to construct malicious pickle data which will **execute
arbitrary code during unpickling**. Never unpickle data that could have come
from an untrusted source, or that could have been tampered with.
Consider signing data with :mod:`hmac` if you need to ensure that it has not
been tampered with.
Safer serialization formats such as :mod:`json` may be more appropriate if
you are processing untrusted data. See :ref:`comparison-with-json`.
Relationship to other Python modules Relationship to other Python modules
...@@ -75,6 +83,9 @@ The :mod:`pickle` module differs from :mod:`marshal` in several significant ways ...@@ -75,6 +83,9 @@ The :mod:`pickle` module differs from :mod:`marshal` in several significant ways
pickling and unpickling code deals with Python 2 to Python 3 type differences pickling and unpickling code deals with Python 2 to Python 3 type differences
if your data is crossing that unique breaking change language boundary. if your data is crossing that unique breaking change language boundary.
.. _comparison-with-json:
Comparison with ``json`` Comparison with ``json``
^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^
...@@ -94,7 +105,10 @@ There are fundamental differences between the pickle protocols and ...@@ -94,7 +105,10 @@ There are fundamental differences between the pickle protocols and
types, and no custom classes; pickle can represent an extremely large types, and no custom classes; pickle can represent an extremely large
number of Python types (many of them automatically, by clever usage number of Python types (many of them automatically, by clever usage
of Python's introspection facilities; complex cases can be tackled by of Python's introspection facilities; complex cases can be tackled by
implementing :ref:`specific object APIs <pickle-inst>`). implementing :ref:`specific object APIs <pickle-inst>`);
* Unlike pickle, deserializing untrusted JSON does not in itself create an
arbitrary code execution vulnerability.
.. seealso:: .. seealso::
The :mod:`json` module: a standard library module allowing JSON The :mod:`json` module: a standard library module allowing JSON
......
Misc/NEWS.d/next/Documentation/2019-08-29-14-38-01.bpo-37977.pML-UI.rst 0 → 100644
View file @ daa82d01
Warn more strongly and clearly about pickle insecurity
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7