search

shellphish / driller

Driller: augmenting AFL with symbolic execution!
BSD 2-Clause "Simplified" License
896 stars 162 forks source link

Content Disallowed Error with Celery #16

Open ekilmer opened 7 years ago

ekilmer commented 7 years ago

I am receiving the following error when running node.py from driller using redis and celery:

ContentDisallowed: Refusing to deserialize untrusted content of type pickle (application/x-python-serialize)

I can provide the commands I used to set up redis and celery if needed. I am running rabbitmqctl as root and redis-server as a user (compiled from source). Could the permissions be wrong? Though, it looks like others have got it up and running without issue

Here are the relevant configuration settings for driller:

REDIS_HOST = 'localhost'
REDIS_PORT = 6379
REDIS_DB = 1
BROKER_URL = 'pyamqp://myuser:mypasswd@localhost:5672/myvhost'
CELERY_ROUTES = {'driller.tasks.fuzz': {'queue': 'fuzzer'}, 'driller.tasks.drill': {'queue': 'driller'}}

Adding the following at the top of driller/tasks.py will fix this issue:

app.conf['CELERY_TASK_SERIALIZER'] = 'pickle'
app.conf['CELERY_RESULT_SERIALIZER'] = 'pickle'
app.conf['CELERY_ACCEPT_CONTENT'] = ['json', 'pickle']

Anyone have some insight? Thank you.

ekilmer commented 7 years ago

Ignore commit c27a622... Accidentally pushed that to a dev branch that is now deleted.