Support more pickle-based file formats and can san it

trailofbits / fickling

A Python pickling decompiler and static analyzer

GNU Lesser General Public License v3.0

413 stars 48 forks source link

Support more pickle-based file formats and can san it #97

Open zxhubo opened 8 months ago

zxhubo commented 8 months ago

Hi, there are a lot of malicious POC under the url address https://github.com/mmaitre314/picklescan/tree/main/tests/data, and then use https://github.com/mmaitre314/picklescan the tool scans these pickle files normally and outputs the results. However, when using the fickling tool to scan these pickle files, multiple errors are reported, such as malicious10.pkl, malicious1.zip and so on.

suhacker1 commented 7 months ago

Thanks for raising this issue! From my perusal, some of these files are supported by Fickling's StackedPickle and PyTorch module but not the CLI feature. I'll create an issue for this then. We'll also go through and see if there are any additional file formats there not present in Fickling whatsoever. We have an ongoing list in #49.