Add pty to unsafeimports

trailofbits / fickling

A Python pickling decompiler and static analyzer

GNU Lesser General Public License v3.0

392 stars 44 forks source link

Add pty to unsafeimports #108

Open ajohnston9 opened 3 months ago

ajohnston9 commented 3 months ago

The following code produces a pickle file that fickling fails to detect as malicious:

import pickle
import pickletools

payload = b'''(cpty\nspawn\nS"id"\no.'''
pickletools.dis(payload, annotate=1)

with open('pwn.pkl', 'wb') as f:
    f.write(payload)

This is because this technique uses pty and does not leave _var0 unused. This PR adds pty to unsafe_imports as a quick fix to ensure the primitive behind this technique is detected.

CLAassistant commented 3 months ago

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you all sign our Contributor License Agreement before we can accept your contribution.
1 out of 2 committers have signed the CLA.

:white_check_mark: ajohnston9
:x: Andrew Johnston

Andrew Johnston seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

ajohnston9 commented 2 months ago

I've added a relevant test and signed the CLA! Let me know if there's anything else I can do.