search

etsy / skyline

It'll detect your anomalies! Part of the Kale stack.
http://codeascraft.com/2013/06/11/introducing-kale/
Other
2.14k stars 336 forks source link

Pickling is insecure in Skyline listener #77

Closed johnseekins closed 10 years ago

johnseekins commented 10 years ago

Skyline doesn't block arbitrary code in it's pickle implementation. This can be considered a security risk. The graphite project has resolved this in their code: https://github.com/graphite-project/carbon/blob/master/lib/carbon/util.py#L112

Can this be addressed in skyline?

MyNameIsMeerkat commented 10 years ago

Fixed this, patched in the Graphite Carbon SafeUnpickler