Theelx
commented
3 years ago Sorry, why would you want to make a malicious file with this? If that's not the intent, can you name the function and argument help something else?
Closed jakiki6 closed 3 years ago
Theelx
commented
3 years ago Sorry, why would you want to make a malicious file with this? If that's not the intent, can you name the function and argument help something else?
Theelx
commented
3 years ago @AlfredoSequeida Do you think this violates the GitHub TOS in that it allows for creating malicious files, or do you think this is okay to merge?
jakiki6
commented
3 years ago It's just a proof of concept. I wouldn't merge it.
Theelx
commented
3 years ago Then why make it a pull request here?
jakiki6
commented
3 years ago I just wanted to show that it's vulnerable and you should be careful
AlfredoSequeida
commented
3 years ago Yeah I have seen this come up before and I can kind of understand the concern. If I get some time I'll try to look into what we can do about that. If anyone has any suggestions regarding this issue I'm open to hearing them.
Theelx
commented
3 years ago
It's not that smart to use pickle for saving data. I included a new command which shows that you can include your own code in an encoded file.
Have fun with it!